# Mr



## obxtony (Aug 17, 2008)

Hello again ...after a long absence!
I recently lost my wife and during the time I was carrying out my legal duties etc my Daughter and grandson were staying with me. I allowed my Grandson full use of my pc but since then it has not been working properly. Proggrames stop, when I type the typing stops, nwhen I try and connect either Yahoo messenger or MSN messenger the connection is intermittent. I bought and loaded the full version of AVG and ran a FULL scan. It came up with a LOT of viruses which it had removed, some it said it could NOT do so. These were all Trojan Horse_r.BFJ. I consequently bought and downloaded several other av's and scanned the pc. Many viruses were captured and removed and now when I do a full scan with AVG it sdays my pc is clean. However I still have the remaining problems that the pc is slow and again sometimes typing is intermittent. The messengers are both very bad still. When I first tried to download these Anti Viruses the pc would not let me so I had to download to a cd from a friends laptop. I also notice that my HP pc does not come with a windows 7 cd, so I have no way of doing a full system restore. ALSO!! I cannot restore my pc to a previous restore point. 
Any help would be (as usual) greatfully accepted.
I beg you to remember that I am 74 years old and not the brightest spark in the fire!!
I hope I get these downloads right.
Again, with anticipation, my deepest thanks
obxtony (tony Cahill).
here is the Hijack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:03:27, on 04/04/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.woofi.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/ble...20120403C51C45BCA912C390D5232A64&tbp=homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.woofi.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll (file missing)
O1 - Hosts: 94.63.147.22 www.google.com
O1 - Hosts: 94.63.147.23 www.bing.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O2 - BHO: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Paltalk Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: z12vwxn8ry232.dlla2pwj44x2ky32.dllgx4pxwbpl5r32.dll xngpel832.dllzmmgppy932.dllv98rwrukq3ik32.dll 
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~2\Bandoo\Bandoo.exe (file missing)
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 20743 bytes

Here is the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by tony at 9:54:22 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6103.3915 [GMT 1:00]
.
AV: Doctor Web Anti-Virus *Disabled/Updated* {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Doctor Web Anti-Virus *Disabled/Updated* {13A08056-4630-4D73-AD50-7760EEADD551}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\DrWeb\spideragent.exe
C:\Program Files (x86)\DrWeb\dwservice.exe
C:\Program Files (x86)\DrWeb\dwnetfilter.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120403C51C45BCA912C390D5232A64&tbp=homepage
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie9
uSearch Page = hxxp://uk.woofi.info
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
mSearch Page = hxxp://uk.woofi.info
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: N/A: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll
mURLSearchHooks: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - MediaBar
BHO: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
BHO: PriceGong: {1631550f-191d-4826-b069-d9439253d926} - PriceGongBHO Class
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Paltalk Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Paltalk Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - 
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [TaskTray] 
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: New Value #1 = 
IE: &Search
IE: Check by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: z12vwxn8ry232.dlla2pwj44x2ky32.dllgx4pxwbpl5r32.dll xngpel832.dllzmmgppy932.dllv98rwrukq3ik32.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar
BHO-X64: MediaBar - No File
BHO-X64: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
BHO-X64: {1631550F-191D-4826-B069-D9439253D926} - PriceGongBHO Class
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO-X64: Blekko search bar - No File
BHO-X64: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO-X64: ALOT Appbar Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO-X64: Vuze Remote - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Paltalk Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Paltalk Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Radio Bar 1 Toolbar: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRadi.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - 
TB-X64: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB-X64: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [TaskTray] 
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)] 
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
AppInit_DLLs-X64: z12vwxn8ry232.dlla2pwj44x2ky32.dllgx4pxwbpl5r32.dll xngpel832.dllzmmgppy932.dllv98rwrukq3ik32.dll
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
Hosts: 94.63.147.22 www.google.com
Hosts: 94.63.147.23 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 DwProt;DrWeb Protection;C:\Windows\system32\drivers\dwprot.sys --> C:\Windows\system32\drivers\dwprot.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SpiderG3;DrWeb file system scanner;C:\Windows\system32\drivers\spiderg3.sys --> C:\Windows\system32\drivers\spiderg3.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DrWebWfp;DrWebWfp;C:\Windows\system32\drivers\dw_wfp.sys --> C:\Windows\system32\drivers\dw_wfp.sys [?]
R1 nnfwdk;Nielsen WFP Driver;C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2012-3-18 25648]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-7 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-3-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-3-7 296048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/07 20:24:33];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-1-7 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-9-25 159232]
R2 DrWebAVService;Dr.Web Control Service;C:\Program Files (x86)\DrWeb\dwservice.exe --loglevel=inf --logfile="C:\ProgramData\Doctor Web\Logs\dwservice.log" --> C:\Program Files (x86)\DrWeb\dwservice.exe --loglevel=inf --logfile=C:\ProgramData\Doctor Web\Logs\dwservice.log [?]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2012-4-5 1914792]
R2 DrWebNetFilter;Dr.Web Net Filtering Service;C:\Program Files (x86)\DrWeb\dwnetfilter.exe [2012-4-5 3031352]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-7 13336]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-3-17 821592]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-9-1 523136]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-3-7 976696]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-3-17 33184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-1-8 16392]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-3-17 21872]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-3-17 21384]
S4 NielsenUpdate;Nielsen Update;C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2012-3-18 306496]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-05 19:52:47 -------- d-sh--w- C:\DrWeb Quarantine
2012-04-05 19:52:11 -------- d-----w- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
2012-04-05 19:52:01 -------- d-----w- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
2012-04-05 19:51:23 -------- d-----w- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
2012-04-05 19:19:52 -------- d-----w- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
2012-04-05 19:19:19 -------- d-----w- C:\Users\tony\Doctor Web
2012-04-05 19:16:02 71896 ----a-w- C:\Windows\System32\drivers\dw_wfp.sys
2012-04-05 19:15:47 223960 ----a-w- C:\Windows\System32\drivers\spiderg3.sys
2012-04-05 19:15:43 206552 ----a-w- C:\Windows\System32\drivers\dwprot.sys
2012-04-05 19:15:24 -------- d-----w- C:\Program Files\Common Files\Doctor Web
2012-04-05 19:15:09 -------- d-----w- C:\Program Files (x86)\DrWeb
2012-04-04 20:20:17 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-04-04 19:39:39 691 ----a-w- C:\Users\tony\AppData\Roaming\GetValue.vbs
2012-04-04 19:39:39 35 ----a-w- C:\Users\tony\AppData\Roaming\SetValue.bat
2012-04-04 19:37:22 5288 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-04-04 19:16:41 388096 ----a-r- C:\Users\tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 19:16:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-04 13:11:54 -------- d-----w- C:\ProgramData\Doctor Web
2012-04-04 13:00:09 -------- d-----w- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
2012-04-04 12:59:33 -------- d-----w- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
2012-04-03 19:43:19 -------- d-----w- C:\Users\tony\AppData\Local\FileTypeAssistant
2012-04-03 19:42:07 -------- d-----w- C:\Program Files (x86)\File Type Assistant
2012-04-03 17:37:40 -------- d-----w- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
2012-04-03 17:37:15 -------- d-----w- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
2012-04-03 17:31:11 -------- d-----w- C:\Windows\en
2012-04-03 17:27:06 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-04-03 17:22:05 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\49e3c6cc1cd11be05\bingbarsetup.exe
2012-04-03 17:21:40 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3ab9c82a1cd11be04\MeshBetaRemover.exe
2012-04-03 17:21:36 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DSETUP.dll
2012-04-03 17:21:36 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DXSETUP.exe
2012-04-03 17:21:36 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\dsetup32.dll
2012-04-03 17:20:25 -------- d-----w- C:\Users\tony\AppData\Roaming\PC Speed Maximizer
2012-04-03 16:51:00 -------- d-----w- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-04-03 16:50:38 -------- d-----w- C:\Program Files (x86)\blekkotb_soc
2012-04-03 16:49:57 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer
2012-04-03 16:49:47 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-04-03 16:49:21 -------- d-----w- C:\ProgramData\blekko toolbars
2012-04-03 13:07:27 -------- d-----w- C:\Users\tony\DoctorWeb
2012-04-03 12:18:46 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-04-03 12:18:43 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 14:36:00 -------- d-----w- C:\Users\tony\AppData\Roaming\AVG2012
2012-04-02 14:34:47 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-02 14:34:16 -------- d--h--w- C:\$AVG
2012-04-02 14:34:16 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-04-02 13:51:43 -------- d-----w- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
2012-04-02 13:19:23 -------- d-----w- C:\Program Files (x86)\Avast
2012-04-02 12:12:35 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1DCB5D8-88CF-4774-BB24-ABC59F0BCECC}\mpengine.dll
2012-04-02 11:35:53 -------- d-----w- C:\ProgramData\Alwil Software
2012-04-01 20:30:41 -------- d-----w- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
2012-04-01 19:20:57 -------- d-----w- C:\Program Files (x86)\Medea International Ltd
2012-04-01 19:10:05 -------- d-----w- C:\Program Files (x86)\Easy CD & DVD Cover Creator
2012-04-01 12:17:12 -------- d-----w- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
2012-04-01 08:22:24 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 07:45:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 20:40:48 -------- d-----w- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
2012-03-30 15:35:20 -------- d-----w- C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21}
2012-03-29 12:04:26 -------- d-----w- C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254}
2012-03-28 11:50:23 -------- d-----w- C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158}
2012-03-27 14:17:57 -------- d-----w- C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681}
2012-03-27 14:17:23 -------- d-----w- C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F}
2012-03-26 18:43:28 -------- d-----w- C:\Users\tony\AppData\Roaming\NCH Software
2012-03-26 18:24:45 -------- d-----w- C:\Users\tony\AppData\Local\TempDIR
2012-03-26 15:00:00 -------- d-----w- C:\Users\tony\AppData\Local\{AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0}
2012-03-26 14:59:26 -------- d-----w- C:\Users\tony\AppData\Local\{DB4E6178-9220-4CC1-A907-8C4A748864AC}
2012-03-25 12:24:43 -------- d-----w- C:\Users\tony\AppData\Local\{E70BEA43-EE38-4B90-A0D0-CC548B418F1E}
2012-03-25 12:24:32 -------- d-----w- C:\Users\tony\AppData\Local\{C174684F-B933-48DA-9705-55BAD924DFDC}
2012-03-24 11:25:14 -------- d-----w- C:\Users\tony\AppData\Local\{849B5759-7852-4C16-A587-DF56D1150EA5}
2012-03-24 11:24:40 -------- d-----w- C:\Users\tony\AppData\Local\{01FAD4A7-E417-4E09-9764-76CBE8829BDE}
2012-03-23 11:01:03 -------- d-----w- C:\Users\tony\AppData\Local\{A9929552-2911-405F-AA91-9BEA9F27082D}
2012-03-23 11:00:29 -------- d-----w- C:\Users\tony\AppData\Local\{4C5C1DF7-380F-4600-A527-60E56CD5BA2D}
2012-03-22 18:54:38 -------- d-----w- C:\Users\tony\AppData\Local\{94A1ECFB-DF46-47D2-B106-D853457126AE}
2012-03-22 18:54:04 -------- d-----w- C:\Users\tony\AppData\Local\{24D3FA49-06C1-44B6-B683-53686ADE2D5F}
2012-03-21 15:26:27 -------- d-----w- C:\Users\tony\AppData\Local\{DF9A6783-B1C2-445D-AD89-C2AB4C6478D0}
2012-03-21 15:25:54 -------- d-----w- C:\Users\tony\AppData\Local\{E32EE5AA-30BC-47D4-BC9E-A71A2B8E9136}
2012-03-21 12:45:26 -------- d-----w- C:\Users\tony\AppData\Local\{834ED68F-4F61-465C-B4AC-F1884944BBE2}
2012-03-20 21:27:58 -------- d-----w- C:\Users\tony\AppData\Local\{DC935FC3-0C2B-4127-BC0F-7D7E85337B0E}
2012-03-20 21:27:24 -------- d-----w- C:\Users\tony\AppData\Local\{4245FF05-0B0E-49B7-A8EB-1CF0F3B774F5}
2012-03-19 10:01:41 -------- d-----w- C:\Users\tony\AppData\Local\{AD552651-31B8-4E97-84C9-C49E8D7D9AC6}
2012-03-19 10:01:07 -------- d-----w- C:\Users\tony\AppData\Local\{07D25B5A-17C4-4616-AAE1-020AB012BC1B}
2012-03-18 14:17:06 -------- d-----w- C:\Users\tony\AppData\Local\{C5D1C926-6914-430D-9D25-E9EB099BCDAE}
2012-03-18 14:16:43 -------- d-----w- C:\Users\tony\AppData\Local\{17022418-EFB5-48E8-8915-60F28EEA680A}
2012-03-18 13:55:12 -------- d-----w- C:\Program Files (x86)\NetRatingsNetSight
2012-03-17 19:27:31 -------- d-----w- C:\Users\tony\AppData\Local\{C7291D45-499C-4F2A-9EA0-E2AE88AEA7B5}
2012-03-17 19:27:11 -------- d-----w- C:\Users\tony\AppData\Local\{EEE64569-14D4-47ED-A8A7-6741340A89F9}
2012-03-17 19:07:15 -------- d-----w- C:\Windows\SysWow64\TVUAx
2012-03-17 13:17:43 -------- d-----w- C:\ProgramData\2B3F
2012-03-17 09:42:38 -------- dc-h--w- C:\ProgramData\~0
2012-03-16 14:50:34 -------- d-----w- C:\Users\tony\AppData\Local\{4A92015F-8B2A-4231-A519-69C6F5680023}
2012-03-16 14:50:14 -------- d-----w- C:\Users\tony\AppData\Local\{63ACDDB5-591D-4101-922C-261D90664994}
2012-03-15 16:31:31 -------- d-----w- C:\Users\tony\AppData\Roaming\WildTangent
2012-03-15 15:51:17 -------- d-----w- C:\Users\tony\AppData\Local\{55F35A7D-3476-4475-AF8C-D88979F17CC6}
2012-03-15 15:50:56 -------- d-----w- C:\Users\tony\AppData\Local\{CD3F0C06-74D2-4139-8771-DC8D9B94E9D5}
2012-03-14 15:57:49 -------- d-----w- C:\Users\tony\AppData\Local\{3EE7F7A3-C7D2-4E21-900D-B1E9629FE9A1}
2012-03-14 15:57:29 -------- d-----w- C:\Users\tony\AppData\Local\{34225C47-E35C-4AE5-867C-46777366C0AC}
2012-03-13 16:36:54 -------- d-----w- C:\Users\tony\AppData\Local\{7DC91A46-5D37-48E8-A060-108191ACD86F}
2012-03-13 16:36:33 -------- d-----w- C:\Users\tony\AppData\Local\{50243C6D-E12B-4D34-BF69-9DE3A099A3B5}
2012-03-12 14:40:03 -------- d-----w- C:\Users\tony\AppData\Local\{C6105D5A-7429-410C-968F-7BCADE6F32C2}
2012-03-12 14:39:42 -------- d-----w- C:\Users\tony\AppData\Local\{94863E65-1D04-4CB6-9EE1-8FF9AEC2DB8F}
2012-03-11 16:48:05 -------- d-----w- C:\Users\tony\AppData\Local\{5336C159-AB8F-4C52-9643-B6D835F16802}
2012-03-11 16:47:43 -------- d-----w- C:\Users\tony\AppData\Local\{19A98F3E-359A-433F-90C3-D29D4BDCDF1D}
2012-03-10 16:37:17 -------- d-----w- C:\Users\tony\AppData\Local\{39A1E9AB-C72B-491E-8F0B-7B8E1B847C79}
2012-03-10 16:36:55 -------- d-----w- C:\Users\tony\AppData\Local\{92D45C58-A3F9-46C5-89EB-F09A52E7429D}
2012-03-10 15:13:40 -------- d-----w- C:\Users\tony\AppData\Local\{E2DDEE71-C799-4DB2-8024-432630E434E1}
2012-03-09 19:09:34 -------- d-----w- C:\Users\tony\AppData\Local\{39E7FC80-45A4-47FA-8E51-32D4DFF92053}
2012-03-09 19:09:14 -------- d-----w- C:\Users\tony\AppData\Local\{5375588E-106D-4DE8-B40C-5836B3A3156F}
2012-03-09 15:59:47 -------- d-----w- C:\Program Files (x86)\BANDOO
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-08 15:57:17 -------- d-----w- C:\Users\tony\AppData\Local\{2150B0C7-FB93-4142-B443-F2C81B3B60FF}
2012-03-08 15:56:57 -------- d-----w- C:\Users\tony\AppData\Local\{5EEFA0E6-B162-48E2-958D-4875C5B02E2C}
2012-03-08 15:51:50 -------- d-----w- C:\ProgramData\AMD
2012-03-08 15:51:49 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-08 15:51:47 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-07 14:56:18 -------- d-----w- C:\Users\tony\AppData\Local\{7103364B-6267-43B4-BDBD-3AEE6F35A994}
2012-03-07 14:55:56 -------- d-----w- C:\Users\tony\AppData\Local\{FD50A641-5E44-4FE3-92A3-05F7BECABA58}
.
==================== Find3M ====================
.
2012-04-01 08:22:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-25 19:13:06 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-25 19:13:06 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-25 19:12:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-20 21:32:48 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-07 20:12:58 101360 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 04:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 04:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-14 22:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 22:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 22:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 22:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 22:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 22:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 22:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 22:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-01-31 06:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 06:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-31 03:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-18 06:44:52 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2012-01-18 06:44:40 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2012-01-18 06:44:36 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2012-01-18 06:44:36 4865568 ----a-w- C:\Windows\System32\drivers\LVUVC64.sys
2012-01-18 06:44:28 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2012-01-18 06:44:28 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2012-01-18 06:44:26 307488 ----a-w- C:\Windows\SysWow64\LVCodec2.dll
2012-01-18 06:44:26 263456 ----a-w- C:\Windows\System32\lvco13311044.dll
2012-01-18 06:44:26 176416 ----a-w- C:\Windows\System32\LVCod64.dll
2012-01-18 06:23:12 38958 ----a-w- C:\Windows\System32\Repository.reg
.
============= FINISH: 9:54:46.67 ===============

Here is the Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 18/03/2010 20:32:35
System Uptime: 06/04/2012 09:03:32 (0 hours ago)
.
Motherboard: MSI | | IONA
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1385 GiB total, 949.388 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.724 GiB free.
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removabledds attach.txt
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP489: 03/03/2012 18:54:01 - Revo Uninstaller's restore point - Battlelog Web Plugins
RP490: 03/03/2012 18:58:02 - Revo Uninstaller's restore point - Origin
RP491: 05/03/2012 10:55:01 - Installed Rapport
RP492: 05/03/2012 15:44:43 - CheckIfInstallerIsBusy
RP493: 05/03/2012 15:46:20 - Windows Live Essentials
RP494: 05/03/2012 15:47:15 - Installed DirectX
RP495: 05/03/2012 15:47:36 - Installed DirectX
RP496: 05/03/2012 15:49:32 - WLSetup
RP497: 08/03/2012 15:35:18 - Installed Rapport
RP498: 10/03/2012 13:20:55 - Revo Uninstaller's restore point - Bing Bar
RP499: 17/03/2012 17:01:00 - Scheduled Checkpoint
RP500: 17/03/2012 18:56:35 - Revo Uninstaller's restore point - iMesh
RP501: 18/03/2012 11:47:01 - HPSF Restore Point
RP502: 23/03/2012 20:36:37 - Revo Uninstaller's restore point - World of Tanks
RP503: 26/03/2012 20:53:40 - IObit Uninstaller restore point
RP504: 26/03/2012 20:54:21 - IObit Uninstaller restore point
RP505: 26/03/2012 20:55:09 - Configured Power2Go
RP506: 29/03/2012 19:28:59 - Revo Uninstaller's restore point - eMule
RP507: 01/04/2012 20:20:39 - Installed exPressit SE
RP508: 02/04/2012 12:35:35 - avast! Free Antivirus Setup
RP509: 02/04/2012 12:54:27 - IObit Uninstaller restore point
RP510: 02/04/2012 12:55:40 - Removed AVG 2012
RP511: 02/04/2012 12:57:42 - Removed AVG 2012
RP513: 02/04/2012 13:12:13 - IObit Uninstaller restore point
RP512: 02/04/2012 13:12:13 - Windows Update
RP514: 02/04/2012 13:42:08 - IObit Uninstaller restore point
RP515: 02/04/2012 13:58:05 - avast! Free Antivirus Setup
RP516: 02/04/2012 14:25:02 - IObit Uninstaller restore point
RP517: 02/04/2012 14:29:09 - IObit Uninstaller restore point
RP518: 02/04/2012 14:57:52 - avast! Pro Antivirus Setup
RP519: 02/04/2012 15:14:02 - IObit Uninstaller restore point
RP520: 02/04/2012 15:14:56 - avast! Pro Antivirus Setup
RP521: 02/04/2012 15:32:43 - Installed AVG 2012
RP522: 02/04/2012 15:33:04 - Installed AVG 2012
RP523: 03/04/2012 08:54:10 - IObit Uninstaller restore point
RP524: 03/04/2012 09:18:13 - Restore Operation
RP525: 03/04/2012 13:25:02 - Revo Uninstaller's restore point - WinMX
RP526: 03/04/2012 13:29:05 - Revo Uninstaller's restore point - Yahoo! BrowserPlus 2.9.8
RP527: 03/04/2012 13:32:56 - Revo Uninstaller's restore point - Yahoo! Software Update
RP528: 03/04/2012 13:36:31 - Revo Uninstaller's restore point - Windows Live Essentials
RP529: 03/04/2012 13:39:18 - Windows Live Essentials
RP530: 03/04/2012 13:39:46 - WLSetup
RP531: 03/04/2012 14:20:47 - Restore Operation
RP532: 03/04/2012 17:17:25 - Revo Uninstaller's restore point - Burn4Free CD & DVD 5.1.0.0
RP533: 03/04/2012 17:20:21 - Revo Uninstaller's restore point - exPressit S.E. 3.0
RP534: 03/04/2012 17:25:41 - Revo Uninstaller's restore point - Yahoo! Search Protection
RP535: 03/04/2012 17:57:49 - IObit Uninstaller restore point
RP536: 03/04/2012 18:00:45 - IObit Uninstaller restore point
RP537: 03/04/2012 18:20:26 - Windows Live Essentials
RP538: 03/04/2012 18:21:24 - IObit Uninstaller restore point
RP539: 03/04/2012 18:21:25 - Installed DirectX
RP540: 03/04/2012 18:22:20 - Installed DirectX
RP541: 03/04/2012 18:25:14 - WLSetup
RP542: 03/04/2012 21:36:19 - IObit Uninstaller restore point
RP543: 03/04/2012 21:42:19 - IObit Uninstaller restore point
RP544: 04/04/2012 14:11:28 - Installed Dr.Web Security Space 7.0.
RP545: 04/04/2012 15:29:38 - Windows Backup
RP546: 04/04/2012 20:14:09 - Installed HiJackThis
RP547: 05/04/2012 20:14:50 - Installed Dr.Web Security Space 7.0.
.
==== Installed Programs ======================
.
7-Zip 9.20
A.V.A
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Reader 9.5.0
Alliance of Valiant Arms
ALOT Appbar
Amazon Kindle
Anti-phishing Domain Advisor
Apple Application Support
Application Profiles
ArmA 2 Uninstall
Ask Toolbar
AVG PC Tuneup
AVS DVD Copy version 4.1.1
AVS Image Converter 1.3.1.136
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Battlefield 3
Battlefield Play4Free
Battlefield: Bad Company 2
Battlelog Web Plugins
BearShare
Bing Bar
BitTornado 0.3.18
Blekko search bar
BT Broadband Desktop Help
BTHomeHub
Call of Duty(R) - World at War(TM)
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
CameraHelperMsi
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes Retail Beta
Compatibility Pack for the 2007 Office system
Conduit Engine 
Cross Fire En
Crysis® 2
CyberLink DVD Suite Deluxe
D3DX10
Darkest Hour: Europe '44-'45
DirectX for Managed Code Update (Summer 2004)
Disketch CD Label Software
Download Manager 2.3.10
Download Updater (AOL LLC)
Dr.Web Security Space 7.0
DVD Menu Pack for HP MediaSmart Video
Easy CD and DVD Cover Creator 4.13
erLT
ESN Sonar
Express Burn Disc Burning Software
exPressit SE
F.E.A.R. 2: Project Origin
Far Cry 2
File Type Assistant
Free Download Manager 3.0
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Graboid Video 1.73
Hardware Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
Homefront
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Photo Creations
HP Photosmart Plus B210 series Help
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
HydraVision
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
IObit Malware Fighter
Java Auto Updater
Java(TM) 6 Update 26
JoneSoft MD5Mate v1.1.0
Junk Mail filter update
LabelPrint
LightScribe System Software
LimeWire 5.5.10
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Desktop
Malwarebytes' Anti-Malware
Maps4PC
Mare Nostrum
MediaBar
Men of War (Remove Only)
Men of War: Assault Squad
Men of War: Red Tide
Mesh Runtime
Messenger Companion
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MXpie Patch for WinMX Network/WPNP 3.6.3.6
MyFreeCodec
Nielsen
NoteWorthy Composer 2 Viewer
NVIDIA PhysX
OF Dragon Rising
OpenAL
Origin
PaltalkScene
PC Cleaner v3.0
PC Speed Maximizer v3.1
PowerDirector
PunkBuster Services
QuickTime
Radio Bar 1 Toolbar
Rapport
REACTOR
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Red Orchestra 2: Heroes of Stalingrad
Red Orchestra: Ostfront 41-45
Revo Uninstaller 1.92
Samsung Kies
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Silent Hunter 4 Wolves of the Pacific
Silent Hunter III
Skype Click to Call
Skype 5.5
SkyPlayer for Windows Media Center
Smart Defrag 2
Soldier Front
Steam
System Requirements Lab
The Lord of the Rings FREE Trial 
Trojan Remover 6.8.3
TVUPlayer 2.5.2.2
Update 1.11.3.1 for "Men of War"
Update 1.17.5.1 for "Men of War"
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
Vuze
Vuze Remote Toolbar
War Inc Battlezone version 0.9.1
War Inc. Battlezone
Wincore MediaBar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Searchqu Toolbar
WinRAR archiver
Xvid 1.2.1 final uninstall
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
06/04/2012 09:10:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv06 prohlp02 prosync1 sfhlp01
06/04/2012 09:09:59, Error: Service Control Manager [7000] - The Bandoo Coordinator service failed to start due to the following error: The system cannot find the file specified.
06/04/2012 09:04:15, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
05/04/2012 20:15:42, Error: Service Control Manager [7030] - The Dr.Web Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
04/04/2012 21:55:07, Error: Application Popup [1060] - \??\C:\Users\tony\AppData\Local\Temp\trutil.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
04/04/2012 19:55:57, Error: bowser [8003] - The master browser has received a server announcement from the computer MAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{14A415D3-A49B-4310-B7F9-59487581C101}. The master browser is stopping or an election is being forced.
04/04/2012 14:10:13, Error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).
04/04/2012 14:09:28, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
04/04/2012 14:09:18, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
04/04/2012 10:25:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
04/04/2012 10:25:34, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/04/2012 09:06:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
02/04/2012 15:05:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
02/04/2012 15:05:11, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The system cannot find the file specified.
02/04/2012 15:05:11, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/04/2012 21:40:10, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
01/04/2012 21:40:10, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
01/04/2012 21:40:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

I trust I have given you all the information ?? If there is anything further I am, of course more than willing to attend.
Kind Regards 
Tony Cahill
obxtony.


----------



## obxtony (Aug 17, 2008)

I have noticed since starting this thread that I can no longer make backups nor use system restore!


----------



## eddie5659 (Mar 19, 2001)

Hiya

Sorry to hear of your loss 

I'll have a full look at all the logs today, but in the meantime can you do this for me:

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie_


----------



## flavallee (May 12, 2002)

Tony:

You've unfortunately learned the hard way the dangers of allowing unrestricted access to your computer by others. 

As soon as Eddie is finished with you, I'll be happy to assist you with a few other things.

That computer appears to be HP brand. 
Advise what model name and model number it is. 
Also advise what the product name(P/N) and/or model name(M/N) on the sticker is.

-----------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Hiya

Okay, gone thru the logs that you posted, and you have a lot of things in there that shouldn't be there, so we'll get them all removed. If at any point you need further explanation, please ask 

Now, I did post the above before going through it, but I see you already have the two programs installed:

*Malwarebytes' Anti-Malware
SUPERAntiSpyware*

So, if you can start them by going to Start | Programs, and open them. Then, update them both as I mentioned above, and then run the scans, and post the logs 

Also, am I right in assuming that you don't play war games such as Call of Duty etc? I can never say no-one is too old for those, as we have someone (I play similar type of game) in our group that is in his 50's 

If you don't, then we can also remove those games, but we can do that at the very end, once the malware has all been removed.

Then, I'll let flavallee take over 

eddie


----------



## eddie5659 (Mar 19, 2001)

I'll aslo be here most of the day, as I'm back at glorious work tomorrow


----------



## obxtony (Aug 17, 2008)

Hello again!
Firstly the 2 logs;
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 912040306
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
09/04/2012 14:17:54
mbam-log-2012-04-09 (14-17-54).txt
Scan type: Full scan (C:\|)
Objects scanned: 642164
Time elapsed: 1 hour(s), 39 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/09/2012 at 04:35 PM
Application Version : 5.0.1146
Core Rules Database Version : 8424
Trace Rules Database Version: 6236
Scan type : Complete Scan
Total Scan Time : 02:08:10
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator
Memory items scanned : 797
Memory threats detected : 0
Registry items scanned : 67447
Registry threats detected : 0
File items scanned : 476424
File threats detected : 81
Adware.Tracking Cookie
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ad.360yield ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /ad.yieldmanager ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /adbrite ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /adform ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /adinterax ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected]matic[2].txt [ /ads.pubmatic ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /adserver.adtechus ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /adtech ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /adviva ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /aimfar.solution.weborama ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /apmebf ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /apmebf ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /c.atdmt ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /c.gigcount ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /clickfuse ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /dmtracker ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /doubleclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ /doubleclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /eaeacom.112.2o7 ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /eas.apm.emediate ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /edge.jeetyetmedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /fastclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /h.atdmt ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /imrworldwide ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /in.getclicky ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /invitemedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /jeetyetmedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /kontera ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /liveperson ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /media6degrees ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /mediaplex ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /qksrv ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /revsci ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /serving-sys ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /smartadserver ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /specificclick ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /tracking.dc-storm ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /tribalfusion ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ /tribalfusion ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /virginmedia ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /www.googleadservices ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /www4.smartadserver ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /zedo ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /rambler.ru ]
C:\USERS\TONY\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ Cookie:[email protected]om/adServe ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][3].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\TONY\Cookies\[email protected][3].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\[email protected][3].txt [ Cookie:[email protected]/adServe ]
C:\USERS\TONY\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\APPDATA\LOCAL\TEMP\COOKIES\[email protected][1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\TONY\APPDATA\LOCAL\TEMP\COOKIES\[email protected][1].TXT [ /DOUBLECLICK ]
Adware.InstallCore
C:\DOWNLOADS\DESKTOP\ADLSOFT_UNCOMPRESSOR_1.EXE
Iwill dlete the infections onSuperanti now and enclose second log?? if necessary!
I do actualy play the games that are on my PC have been an online gamer for MAY years but still not very good at it 

The pc is indeed an HP Model is P636 uk
Serial Number is CZH00306VF
Prod is WE170AA-ABU.

I shall be more than happy to provide any other info (if I can find it !!)


----------



## obxtony (Aug 17, 2008)

oops I am so sorry I forgot to do another Hijak this log.
Here it is!!
23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~2\Bandoo\Bandoo.exe (file missing)
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Please be aware I have deleted (after paying for it!!) the Dr (?) antivirus, it kept popping up even though I had stopped it.
Rwgards and thanks again
Tony Cahill
--
End of file - 21080 bytes


----------



## flavallee (May 12, 2002)

Tony:

1.50.1.1100 is an old version of *Malwarebytes Anti-Malware*.

The current version is 1.60.1.1000.

You need to start it, then click "Update - Check For Updates" so it can update its definition files and update to the current version.

I'll leave it to Eddie to decide if you need to run a new scan and submit a new log.

--------------------------------------------------

I'm not having any luck at the HP/Compaq support site with the model number and the product number that you submitted, so you probably submitted them here incorrectly.

We really need to get that desktop correctly identified.

--------------------------------------------------


----------



## obxtony (Aug 17, 2008)

info from dx diag;
------------------
System Information
------------------
Time of this report: 4/9/2012, 19:13:29
Machine name: TONY-PC
Operating System: Windows 7 Home Premium 64-bit (6.1, Build 7600) (7600.win7_gdr.110408-1633)
Language: English (Regional Setting: English)
System Manufacturer: HP-Pavilion
System Model: WE170AA-ABU p6360uk
BIOS: 12/21/09 17:01:03 Ver: 5.07
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz (8 CPUs), ~2.8GHz
Memory: 6144MB RAM
Available OS Memory: 6104MB RAM
Page File: 2945MB used, 9258MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: 120 DPI (125 percent)
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7600.16385 32bit Unicode
------------
I can find nothing else on the machine Im afraid.
oh btw after doing the TFC there are 13 greyed out icons on my desktop, all with old dates on them!!


----------



## flavallee (May 12, 2002)

Tony:

Here is the support site for the *HP Pavilion p6360uk* desktop.

You might want to add and save this site in your browser favorites/bookmarks list so you can readily refer to it whenever needed.

Here is the section on how to do a system recovery, if it becomes necessary.

It doesn't appear that a recovery disc kit for that desktop is available for purchase, so hopefully the built-in system recovery partition in yours is still intact.

--------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

It wont allow me to make a bck up nor will it allow me to restore to an earlier date!!
REALY up the creak


----------



## obxtony (Aug 17, 2008)

added it!


----------



## obxtony (Aug 17, 2008)

also running another MWB full scan


----------



## eddie5659 (Mar 19, 2001)

Hopefully once we get the malware gone, we'll get the restore points working again. Sometimes the malware will block access to Microsoft programs 

If you update Malwarebytes Anti-Malware to the newer version as flavallee explained above and run a scan, that would be great. If anything is found, remove them, and post the log. If it still shows as nothing then you don't need to post it 

As for the games, that's okay, we'll leave those installed 

Let me know when you've run the scan, a Quick Scan should be okay. Then, we'll go to the next step 

eddie


----------



## obxtony (Aug 17, 2008)

mbam san results;
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.09.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-PC [administrator]
09/04/2012 20:13:44
mbam-log-2012-04-09 (20-13-44).txt
Scan type: Quick scan
Scan options enabled: Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | P2P
Objects scanned: 338159
Time elapsed: 30 minute(s), 
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)


----------



## eddie5659 (Mar 19, 2001)

Oh well, looks like none were removed, so onto the next step 

If you need anything explaining further, just ask 

Firstly, I'll ask this first. Normally I post a warning about it, but then you did say you haven't been using it for a while.

Do you use these?

*
BitTornado 0.3.18
BearShare
LimeWire 5.5.10*

If you're not, we can remove them. They're torrent programs, and one of the main way that malware is installed.

However, in the meantime, can you uninstall the following. It may be via AddRemove Programs in the Control Panel or Start | Programs. If none are found, just let me know, but uninstall the ones you see 
*
ask.com
Ask Toolbar
Radio_Bar_1
Vuze Remote Toolbar
MyWebsearch
Maps4PC Toolbar
MediaBar
PriceGong 
Conduit Engine
Searchqu Toolbar
ALOT Appbar
Paltalk Toolbar
Bandoo
IObit Malware Fighter*

Then, when that is done, can you do this for me:

Can you run the following tools, and copy/paste the logs that they produce here:

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









-------------------------

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to obxtony123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## obxtony (Aug 17, 2008)

im downloading all this because I have to take my meds now Im afraid 
I will do it all tomorrow and post back to you
I amsorry for the dithering but my cancer makesmedrowsy.
I shall return tomorrow
my thanks
Tony


----------



## eddie5659 (Mar 19, 2001)

That's totally fine Tony, health comes before computers 

I'll be here about 6ish GMT tomorow night, when I get home from work. They may take a while, in particular ComboFix 

Take care

eddie


----------



## obxtony (Aug 17, 2008)

Wll here goes nothing!!
First I do not use bit tornado nor BearShare.
Managed to find and delete the following;
ask.com
Ask Toolbar
Vuze Remote Toolbar
Maps for pc Toolbar
ALOT Appbar
Paltalk Toolbar
IObit Malware fighter

Could NOT find;
MyWebsearch
Media Bar
PriceGong
Conduit Engine
Bandoo

Ran TDSSkiller and here is the log;
15:24:20.0187 3364 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
15:24:21.0169 3364 ============================================================
15:24:21.0169 3364 Current date / time: 2012/04/10 15:24:21.0169
15:24:21.0169 3364 SystemInfo:
15:24:21.0169 3364 
15:24:21.0169 3364 OS Version: 6.1.7600 ServicePack: 0.0
15:24:21.0169 3364 Product type: Workstation
15:24:21.0169 3364 ComputerName: TONY-PC
15:24:21.0169 3364 UserName: tony
15:24:21.0169 3364 Windows directory: C:\Windows
15:24:21.0169 3364 System windows directory: C:\Windows
15:24:21.0169 3364 Running under WOW64
15:24:21.0169 3364 Processor architecture: Intel x64
15:24:21.0169 3364 Number of processors: 8
15:24:21.0169 3364 Page size: 0x1000
15:24:21.0169 3364 Boot type: Normal boot
15:24:21.0169 3364 ============================================================
15:24:21.0513 3364 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:24:21.0544 3364 \Device\Harddisk0\DR0:
15:24:21.0544 3364 MBR used
15:24:21.0544 3364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:24:21.0544 3364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD147000
15:24:21.0544 3364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD179800, BlocksNum 0x190D800
15:24:21.0840 3364 Initialize success
15:24:21.0840 3364 ============================================================
15:25:28.0538 3440 ============================================================
15:25:28.0538 3440 Scan started
15:25:28.0538 3440 Mode: Manual; SigCheck; TDLFS; 
15:25:28.0538 3440 ============================================================
15:25:29.0260 3440 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:25:29.0330 3440 !SASCORE - ok
15:25:29.0460 3440 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:25:29.0520 3440 1394ohci - ok
15:25:29.0680 3440 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:25:29.0700 3440 ACPI - ok
15:25:30.0630 3440 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:25:30.0770 3440 AcpiPmi - ok
15:25:31.0740 3440 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:25:31.0770 3440 AdobeFlashPlayerUpdateSvc - ok
15:25:32.0010 3440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:25:32.0040 3440 adp94xx - ok
15:25:32.0090 3440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:25:32.0120 3440 adpahci - ok
15:25:32.0160 3440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:25:32.0190 3440 adpu320 - ok
15:25:32.0310 3440 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:25:32.0560 3440 AeLookupSvc - ok
15:25:32.0846 3440 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:25:32.0909 3440 AFD - ok
15:25:32.0971 3440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:25:33.0002 3440 agp440 - ok
15:25:33.0034 3440 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:25:33.0065 3440 ALG - ok
15:25:33.0143 3440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:25:33.0158 3440 aliide - ok
15:25:33.0205 3440 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
15:25:33.0236 3440 AMD External Events Utility - ok
15:25:33.0314 3440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:25:33.0330 3440 amdide - ok
15:25:33.0408 3440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:25:33.0455 3440 AmdK8 - ok
15:25:34.0551 3440 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:25:34.0781 3440 amdkmdag - ok
15:25:34.0811 3440 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
15:25:34.0891 3440 amdkmdap - ok
15:25:34.0931 3440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:25:34.0961 3440 AmdPPM - ok
15:25:35.0001 3440 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
15:25:35.0021 3440 amdsata - ok
15:25:35.0091 3440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:25:35.0111 3440 amdsbs - ok
15:25:35.0151 3440 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
15:25:35.0171 3440 amdxata - ok
15:25:35.0221 3440 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:25:35.0261 3440 AppID - ok
15:25:35.0331 3440 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:25:35.0381 3440 AppIDSvc - ok
15:25:35.0411 3440 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:25:35.0441 3440 Appinfo - ok
15:25:35.0561 3440 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:25:35.0581 3440 Apple Mobile Device - ok
15:25:35.0631 3440 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:25:35.0651 3440 arc - ok
15:25:35.0721 3440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:25:35.0741 3440 arcsas - ok
15:25:35.0841 3440 aswFW (696b534c07065512317529318da79b80) C:\Windows\system32\drivers\aswFW.sys
15:25:35.0861 3440 aswFW - ok
15:25:35.0891 3440 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
15:25:35.0901 3440 aswNdis - ok
15:25:35.0981 3440 aswNdis2 (b977cb4b919e6d47009b608a4e733b43) C:\Windows\system32\drivers\aswNdis2.sys
15:25:36.0001 3440 aswNdis2 - ok
15:25:36.0061 3440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:25:36.0111 3440 AsyncMac - ok
15:25:36.0171 3440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:25:36.0191 3440 atapi - ok
15:25:36.0271 3440 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
15:25:36.0291 3440 AtiHdmiService - ok
15:25:37.0291 3440 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:25:37.0371 3440 atikmdag - ok
15:25:37.0661 3440 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:25:37.0722 3440 AudioEndpointBuilder - ok
15:25:37.0738 3440 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:25:37.0753 3440 AudioSrv - ok
15:25:37.0925 3440 AVER_H193 (478644a6124dd71adeb7bd6cb24b2f35) C:\Windows\system32\drivers\AVer888RC_64.sys
15:25:37.0987 3440 AVER_H193 - ok
15:25:38.0050 3440 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
15:25:38.0065 3440 Avgfwfd - ok
15:25:38.0751 3440 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
15:25:38.0791 3440 avgfws - ok
15:25:39.0521 3440 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
15:25:39.0581 3440 AVGIDSAgent - ok
15:25:39.0701 3440 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:25:39.0721 3440 AVGIDSDriver - ok
15:25:39.0751 3440 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
15:25:39.0761 3440 AVGIDSEH - ok
15:25:39.0781 3440 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:25:39.0801 3440 AVGIDSFilter - ok
15:25:39.0881 3440 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:25:39.0901 3440 Avgldx64 - ok
15:25:40.0001 3440 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:25:40.0001 3440 Avgmfx64 - ok
15:25:40.0081 3440 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:25:40.0101 3440 Avgrkx64 - ok
15:25:40.0151 3440 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
15:25:40.0181 3440 Avgtdia - ok
15:25:40.0351 3440 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:25:40.0371 3440 avgwd - ok
15:25:40.0421 3440 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:25:40.0481 3440 AxInstSV - ok
15:25:40.0541 3440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:25:40.0621 3440 b06bdrv - ok
15:25:40.0651 3440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:25:40.0681 3440 b57nd60a - ok
15:25:40.0751 3440 Bandoo Coordinator - ok
15:25:40.0851 3440 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:25:40.0881 3440 BBSvc - ok
15:25:40.0981 3440 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:25:41.0031 3440 BDESVC - ok
15:25:41.0081 3440 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:25:41.0151 3440 Beep - ok
15:25:41.0241 3440 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:25:41.0301 3440 BFE - ok
15:25:41.0351 3440 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:25:41.0401 3440 BITS - ok
15:25:41.0451 3440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:25:41.0491 3440 blbdrive - ok
15:25:41.0561 3440 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:25:41.0591 3440 Bonjour Service - ok
15:25:41.0641 3440 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:25:41.0681 3440 bowser - ok
15:25:41.0711 3440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:25:41.0731 3440 BrFiltLo - ok
15:25:41.0761 3440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:25:41.0791 3440 BrFiltUp - ok
15:25:41.0831 3440 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:25:41.0901 3440 Browser - ok
15:25:41.0931 3440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:25:41.0941 3440 Brserid - ok
15:25:41.0961 3440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:25:41.0991 3440 BrSerWdm - ok
15:25:42.0011 3440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:25:42.0041 3440 BrUsbMdm - ok
15:25:42.0061 3440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:25:42.0081 3440 BrUsbSer - ok
15:25:42.0101 3440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:25:42.0131 3440 BTHMODEM - ok
15:25:42.0161 3440 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:25:42.0231 3440 bthserv - ok
15:25:42.0271 3440 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:25:42.0311 3440 cdfs - ok
15:25:42.0601 3440 CDMA Device Service (d6696435eefd7bbdb4226c60a5b343dc) C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
15:25:42.0611 3440 CDMA Device Service ( UnsignedFile.Multi.Generic ) - warning
15:25:42.0611 3440 CDMA Device Service - detected UnsignedFile.Multi.Generic (1)
15:25:42.0691 3440 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:25:42.0731 3440 cdrom - ok
15:25:42.0761 3440 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:25:42.0841 3440 CertPropSvc - ok
15:25:42.0881 3440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:25:42.0931 3440 circlass - ok
15:25:42.0951 3440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:25:42.0971 3440 CLFS - ok
15:25:43.0051 3440 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:43.0061 3440 clr_optimization_v2.0.50727_32 - ok
15:25:43.0081 3440 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:25:43.0091 3440 clr_optimization_v2.0.50727_64 - ok
15:25:43.0181 3440 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:25:43.0201 3440 clr_optimization_v4.0.30319_32 - ok
15:25:43.0281 3440 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:25:43.0301 3440 clr_optimization_v4.0.30319_64 - ok
15:25:43.0361 3440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:25:43.0401 3440 CmBatt - ok
15:25:43.0441 3440 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:25:43.0461 3440 cmdide - ok
15:25:43.0501 3440 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:25:43.0541 3440 CNG - ok
15:25:43.0581 3440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:25:43.0601 3440 Compbatt - ok
15:25:43.0621 3440 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:25:43.0651 3440 CompositeBus - ok
15:25:43.0661 3440 COMSysApp - ok
15:25:43.0821 3440 cpuz132 - ok
15:25:43.0841 3440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:25:43.0861 3440 crcdisk - ok
15:25:43.0911 3440 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:25:43.0971 3440 CryptSvc - ok
15:25:44.0031 3440 CXCIR (7d8451566fe3d9332e79751e58ec2ee0) C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys
15:25:44.0101 3440 CXCIR - ok
15:25:44.0121 3440 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
15:25:44.0141 3440 dc3d - ok
15:25:44.0241 3440 DcomLaunch  (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:25:44.0321 3440 DcomLaunch - ok
15:25:44.0351 3440 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:25:44.0421 3440 defragsvc - ok
15:25:44.0451 3440 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:25:44.0511 3440 DfsC - ok
15:25:44.0561 3440 dgderdrv - ok
15:25:44.0621 3440 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:25:44.0691 3440 Dhcp - ok
15:25:44.0751 3440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:25:44.0811 3440 discache - ok
15:25:44.0861 3440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:25:44.0881 3440 Disk - ok
15:25:45.0001 3440 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:25:45.0011 3440 Dnscache - ok
15:25:45.0061 3440 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:25:45.0111 3440 dot3svc - ok
15:25:45.0151 3440 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:25:45.0211 3440 DPS - ok
15:25:45.0281 3440 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:25:45.0311 3440 drmkaud - ok
15:25:45.0651 3440 dump_wmimmc - ok
15:25:45.0931 3440 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:25:45.0981 3440 DXGKrnl - ok
15:25:46.0051 3440 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:25:46.0111 3440 EapHost - ok
15:25:46.0708 3440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:25:46.0786 3440 ebdrv - ok
15:25:46.0848 3440 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:25:46.0848 3440 EFS - ok
15:25:46.0942 3440 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
15:25:47.0035 3440 ehRecvr - ok
15:25:47.0067 3440 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:25:47.0082 3440 ehSched - ok
15:25:47.0176 3440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:25:47.0207 3440 elxstor - ok
15:25:47.0254 3440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:25:47.0269 3440 ErrDev - ok
15:25:47.0316 3440 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:25:47.0394 3440 EventSystem - ok
15:25:47.0457 3440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:25:47.0503 3440 exfat - ok
15:25:47.0535 3440 ezSharedSvc - ok
15:25:47.0550 3440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:25:47.0613 3440 fastfat - ok
15:25:47.0683 3440 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:25:47.0783 3440 Fax - ok
15:25:47.0813 3440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:25:47.0853 3440 fdc - ok
15:25:47.0903 3440 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:25:47.0963 3440 fdPHost - ok
15:25:48.0003 3440 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:25:48.0053 3440 FDResPub - ok
15:25:48.0113 3440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:25:48.0123 3440 FileInfo - ok
15:25:48.0143 3440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:25:48.0163 3440 Filetrace - ok
15:25:48.0193 3440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:25:48.0213 3440 flpydisk - ok
15:25:48.0243 3440 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:25:48.0253 3440 FltMgr - ok
15:25:48.0313 3440 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
15:25:48.0403 3440 FontCache - ok
15:25:48.0483 3440 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:25:48.0503 3440 FontCache3.0.0.0 - ok
15:25:48.0553 3440 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:25:48.0573 3440 FsDepends - ok
15:25:48.0633 3440 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
15:25:48.0643 3440 fssfltr - ok
15:25:48.0773 3440 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:25:48.0833 3440 fsssvc - ok
15:25:48.0883 3440 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:25:48.0903 3440 Fs_Rec - ok
15:25:48.0963 3440 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:25:48.0983 3440 fvevol - ok
15:25:49.0023 3440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:25:49.0033 3440 gagp30kx - ok
15:25:49.0333 3440 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:25:49.0363 3440 GameConsoleService - ok
15:25:49.0443 3440 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:25:49.0463 3440 GEARAspiWDM - ok
15:25:49.0523 3440 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
15:25:49.0543 3440 GoToAssist - ok
15:25:49.0989 3440 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:25:50.0067 3440 gpsvc - ok
15:25:50.0161 3440 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:25:50.0176 3440 gupdate - ok
15:25:50.0223 3440 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:25:50.0239 3440 gupdatem - ok
15:25:50.0379 3440 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:25:50.0395 3440 gusvc - ok
15:25:50.0504 3440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:25:50.0535 3440 hcw85cir - ok
15:25:50.0582 3440 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:25:50.0613 3440 HDAudBus - ok
15:25:50.0633 3440 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:25:50.0643 3440 HECIx64 - ok
15:25:50.0673 3440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:25:50.0713 3440 HidBatt - ok
15:25:50.0743 3440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:25:50.0763 3440 HidBth - ok
15:25:50.0793 3440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:25:50.0813 3440 HidIr - ok
15:25:50.0873 3440 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:25:50.0923 3440 hidserv - ok
15:25:50.0953 3440 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:25:50.0973 3440 HidUsb - ok
15:25:51.0013 3440 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:25:51.0073 3440 hkmsvc - ok
15:25:51.0133 3440 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:25:51.0153 3440 HomeGroupListener - ok
15:25:51.0203 3440 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:25:51.0213 3440 HomeGroupProvider - ok
15:25:51.0363 3440 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:25:51.0383 3440 HP Support Assistant Service - ok
15:25:51.0463 3440 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:25:51.0483 3440 HPDrvMntSvc.exe - ok
15:25:51.0533 3440 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:25:51.0563 3440 hpqwmiex - ok
15:25:51.0663 3440 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:25:51.0683 3440 HpSAMD - ok
15:25:51.0733 3440 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:25:51.0793 3440 HTTP - ok
15:25:51.0823 3440 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:25:51.0843 3440 hwpolicy - ok
15:25:51.0903 3440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:25:51.0933 3440 i8042prt - ok
15:25:52.0003 3440 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
15:25:52.0023 3440 iaStor - ok
15:25:52.0093 3440 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:25:52.0103 3440 IAStorDataMgrSvc - ok
15:25:52.0153 3440 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
15:25:52.0183 3440 iaStorV - ok
15:25:52.0313 3440 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:25:52.0323 3440 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:25:52.0323 3440 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:25:52.0533 3440 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:25:52.0563 3440 idsvc - ok
15:25:52.0633 3440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:25:52.0653 3440 iirsp - ok
15:25:52.0693 3440 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:25:52.0802 3440 IKEEXT - ok
15:25:52.0943 3440 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
15:25:53.0036 3440 IntcAzAudAddService - ok
15:25:53.0130 3440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:25:53.0145 3440 intelide - ok
15:25:53.0208 3440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:25:53.0239 3440 intelppm - ok
15:25:53.0301 3440 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:25:53.0395 3440 IPBusEnum - ok
15:25:53.0457 3440 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:25:53.0504 3440 IpFilterDriver - ok
15:25:53.0551 3440 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:25:53.0598 3440 iphlpsvc - ok
15:25:53.0660 3440 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:25:53.0707 3440 IPMIDRV - ok
15:25:53.0769 3440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:25:53.0816 3440 IPNAT - ok
15:25:54.0159 3440 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
15:25:54.0191 3440 iPod Service - ok
15:25:54.0222 3440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:25:54.0237 3440 IRENUM - ok
15:25:54.0284 3440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:25:54.0300 3440 isapnp - ok
15:25:54.0315 3440 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:25:54.0315 3440 iScsiPrt - ok
15:25:54.0378 3440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:25:54.0393 3440 kbdclass - ok
15:25:54.0409 3440 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:25:54.0503 3440 kbdhid - ok
15:25:54.0565 3440 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:25:54.0581 3440 KeyIso - ok
15:25:54.0642 3440 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:25:54.0652 3440 KSecDD - ok
15:25:54.0752 3440 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:25:54.0782 3440 KSecPkg - ok
15:25:54.0802 3440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:25:54.0862 3440 ksthunk - ok
15:25:54.0972 3440 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:25:55.0052 3440 KtmRm - ok
15:25:55.0162 3440 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
15:25:55.0192 3440 LanmanServer - ok
15:25:55.0262 3440 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:25:55.0342 3440 LanmanWorkstation - ok
15:25:55.0782 3440 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:25:55.0792 3440 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:25:55.0792 3440 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:25:55.0862 3440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:25:55.0922 3440 lltdio - ok
15:25:56.0082 3440 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:25:56.0162 3440 lltdsvc - ok
15:25:56.0222 3440 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:25:56.0272 3440 lmhosts - ok
15:25:56.0332 3440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:25:56.0362 3440 LSI_FC - ok
15:25:56.0382 3440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:25:56.0392 3440 LSI_SAS - ok
15:25:56.0462 3440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:25:56.0472 3440 LSI_SAS2 - ok
15:25:56.0492 3440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:25:56.0512 3440 LSI_SCSI - ok
15:25:56.0532 3440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:25:56.0572 3440 luafv - ok
15:25:56.0662 3440 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:25:56.0682 3440 LVPr2M64 - ok
15:25:56.0742 3440 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
15:25:56.0772 3440 LVRS64 - ok
15:25:56.0922 3440 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:25:57.0072 3440 LVUVC64 - ok
15:25:57.0162 3440 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
15:25:57.0172 3440 McciCMService ( UnsignedFile.Multi.Generic ) - warning
15:25:57.0172 3440 McciCMService - detected UnsignedFile.Multi.Generic (1)
15:25:57.0262 3440 McciCMService64 (28ef4cccd101155290ff77582f95428b) C:\Program Files\Common Files\Motive\McciCMService.exe
15:25:57.0282 3440 McciCMService64 - ok
15:25:57.0352 3440 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:25:57.0362 3440 Mcx2Svc - ok
15:25:57.0412 3440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:25:57.0432 3440 megasas - ok
15:25:57.0472 3440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:25:57.0492 3440 MegaSR - ok
15:25:57.0562 3440 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:25:57.0632 3440 MMCSS - ok
15:25:57.0672 3440 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:25:57.0742 3440 Modem - ok
15:25:57.0842 3440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:25:57.0882 3440 monitor - ok
15:25:57.0932 3440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:25:57.0952 3440 mouclass - ok
15:25:57.0962 3440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:25:58.0002 3440 mouhid - ok
15:25:58.0022 3440 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:25:58.0042 3440 mountmgr - ok
15:25:58.0062 3440 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:25:58.0082 3440 mpio - ok
15:25:58.0082 3440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:25:58.0112 3440 mpsdrv - ok
15:25:58.0172 3440 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:25:58.0202 3440 MpsSvc - ok
15:25:58.0302 3440 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:25:58.0312 3440 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:25:58.0312 3440 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:25:58.0402 3440 MREMP50a64 - ok
15:25:58.0412 3440 MREMPR5 - ok
15:25:58.0422 3440 MRENDIS5 - ok
15:25:58.0452 3440 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:25:58.0462 3440 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:25:58.0462 3440 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:25:58.0462 3440 MRESP50a64 - ok
15:25:58.0482 3440 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:25:58.0502 3440 MRxDAV - ok
15:25:58.0542 3440 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:25:58.0562 3440 mrxsmb - ok
15:25:58.0582 3440 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:25:58.0612 3440 mrxsmb10 - ok
15:25:58.0622 3440 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:25:58.0642 3440 mrxsmb20 - ok
15:25:58.0692 3440 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:25:58.0712 3440 msahci - ok
15:25:58.0772 3440 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:25:58.0802 3440 msdsm - ok
15:25:58.0832 3440 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:25:58.0872 3440 MSDTC - ok
15:25:58.0892 3440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:25:58.0932 3440 Msfs - ok
15:25:58.0972 3440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:25:59.0032 3440 mshidkmdf - ok
15:25:59.0092 3440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:25:59.0112 3440 msisadrv - ok
15:25:59.0152 3440 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:25:59.0222 3440 MSiSCSI - ok
15:25:59.0232 3440 msiserver - ok
15:25:59.0282 3440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:25:59.0342 3440 MSKSSRV - ok
15:25:59.0422 3440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:25:59.0482 3440 MSPCLOCK - ok
15:25:59.0502 3440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:25:59.0542 3440 MSPQM - ok
15:25:59.0562 3440 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:25:59.0572 3440 MsRPC - ok
15:25:59.0632 3440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:25:59.0652 3440 mssmbios - ok
15:25:59.0662 3440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:25:59.0722 3440 MSTEE - ok
15:25:59.0832 3440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:25:59.0862 3440 MTConfig - ok
15:25:59.0892 3440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:25:59.0912 3440 Mup - ok
15:26:00.0072 3440 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:26:00.0122 3440 napagent - ok
15:26:00.0202 3440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:26:00.0232 3440 NativeWifiP - ok
15:26:00.0512 3440 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:26:00.0532 3440 NDIS - ok
15:26:00.0602 3440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:26:00.0662 3440 NdisCap - ok
15:26:00.0712 3440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:26:00.0762 3440 NdisTapi - ok
15:26:00.0822 3440 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:26:00.0882 3440 Ndisuio - ok
15:26:00.0932 3440 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:26:01.0012 3440 NdisWan - ok
15:26:01.0062 3440 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:26:01.0122 3440 NDProxy - ok
15:26:01.0142 3440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:26:01.0172 3440 NetBIOS - ok
15:26:01.0192 3440 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:26:01.0212 3440 NetBT - ok
15:26:01.0283 3440 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:26:01.0313 3440 Netlogon - ok
15:26:01.0403 3440 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:26:01.0483 3440 Netman - ok
15:26:01.0513 3440 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:26:01.0563 3440 netprofm - ok
15:26:01.0800 3440 netr28x (254af6df67eafa8c6e0aa0d316487673) C:\Windows\system32\DRIVERS\netr28x.sys
15:26:01.0847 3440 netr28x - ok
15:26:01.0909 3440 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:01.0940 3440 NetTcpPortSharing - ok
15:26:01.0972 3440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:26:01.0987 3440 nfrd960 - ok
15:26:02.0096 3440 NielsenUpdate (33fea967497e9f6b2457d1c4e8eb11a0) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
15:26:02.0112 3440 NielsenUpdate - ok
15:26:02.0190 3440 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:26:02.0284 3440 NlaSvc - ok
15:26:02.0377 3440 nnfwdk (3cff736f1f581069a954f7dedb2dfbfa) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys
15:26:02.0393 3440 nnfwdk - ok
15:26:02.0424 3440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:26:02.0471 3440 Npfs - ok
15:26:02.0518 3440 npggsvc - ok
15:26:02.0533 3440 NPPTNT2 - ok
15:26:02.0596 3440 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:26:02.0641 3440 nsi - ok
15:26:02.0651 3440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:26:02.0671 3440 nsiproxy - ok
15:26:02.0711 3440 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
15:26:02.0741 3440 Ntfs - ok
15:26:02.0751 3440 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:26:02.0791 3440 Null - ok
15:26:02.0831 3440 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
15:26:02.0841 3440 nvraid - ok
15:26:02.0861 3440 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
15:26:02.0871 3440 nvstor - ok
15:26:02.0931 3440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:26:02.0961 3440 nv_agp - ok
15:26:02.0971 3440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:26:02.0991 3440 ohci1394 - ok
15:26:03.0001 3440 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:26:03.0031 3440 p2pimsvc - ok
15:26:03.0051 3440 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:26:03.0071 3440 p2psvc - ok
15:26:03.0131 3440 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:26:03.0161 3440 Parport - ok
15:26:03.0181 3440 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:26:03.0211 3440 partmgr - ok
15:26:03.0801 3440 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:26:03.0851 3440 PcaSvc - ok
15:26:03.0941 3440 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
15:26:03.0971 3440 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
15:26:04.0031 3440 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:26:04.0061 3440 pci - ok
15:26:04.0091 3440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:26:04.0111 3440 pciide - ok
15:26:04.0151 3440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:26:04.0171 3440 pcmcia - ok
15:26:04.0221 3440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:26:04.0241 3440 pcw - ok
15:26:04.0431 3440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:26:04.0501 3440 PEAUTH - ok
15:26:04.0571 3440 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:26:04.0611 3440 PerfHost - ok
15:26:04.0671 3440 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:26:04.0741 3440 pla - ok
15:26:05.0272 3440 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:26:05.0302 3440 PlugPlay - ok
15:26:05.0482 3440 PnkBstrA - ok
15:26:05.0572 3440 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:26:05.0712 3440 PNRPAutoReg - ok
15:26:05.0822 3440 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:26:05.0852 3440 PNRPsvc - ok
15:26:06.0042 3440 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:26:06.0052 3440 Point64 - ok
15:26:06.0102 3440 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:26:06.0232 3440 PolicyAgent - ok
15:26:06.0292 3440 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:26:06.0342 3440 Power - ok
15:26:06.0402 3440 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:26:06.0452 3440 PptpMiniport - ok
15:26:06.0522 3440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:26:06.0582 3440 Processor - ok
15:26:06.0652 3440 prodrv06 - ok
15:26:06.0672 3440 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:26:06.0708 3440 ProfSvc - ok
15:26:06.0723 3440 prohlp02 - ok
15:26:06.0755 3440 prosync1 - ok
15:26:06.0786 3440 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:26:06.0817 3440 ProtectedStorage - ok
15:26:06.0864 3440 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:26:06.0911 3440 Psched - ok
15:26:06.0973 3440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:26:07.0020 3440 ql2300 - ok
15:26:07.0067 3440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:26:07.0067 3440 ql40xx - ok
15:26:07.0098 3440 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:26:07.0145 3440 QWAVE - ok
15:26:07.0160 3440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:26:07.0176 3440 QWAVEdrv - ok
15:26:07.0488 3440 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
15:26:07.0519 3440 RapportCerberus_34302 - ok
15:26:07.0737 3440 RapportEI64 (e35450c50b1e305347161b4c50bff2e7) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
15:26:07.0769 3440 RapportEI64 - ok
15:26:07.0909 3440 RapportKE64 (4468141e00ed22604f8b8a8436723c1a) C:\Windows\system32\Drivers\RapportKE64.sys
15:26:07.0925 3440 RapportKE64 - ok
15:26:08.0221 3440 RapportMgmtService (2df25e2df5b6624863e2218806178edc) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
15:26:08.0252 3440 RapportMgmtService - ok
15:26:08.0299 3440 RapportPG64 (23511f7f36b63bc1a2836c4ac174c0ee) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
15:26:08.0330 3440 RapportPG64 - ok
15:26:08.0533 3440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:26:08.0595 3440 RasAcd - ok
15:26:08.0651 3440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:26:08.0701 3440 RasAgileVpn - ok
15:26:08.0781 3440 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:26:08.0851 3440 RasAuto - ok
15:26:08.0881 3440 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:26:08.0931 3440 Rasl2tp - ok
15:26:09.0011 3440 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:26:09.0081 3440 RasMan - ok
15:26:09.0091 3440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:26:09.0121 3440 RasPppoe - ok
15:26:09.0141 3440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:26:09.0171 3440 RasSstp - ok
15:26:09.0191 3440 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:26:09.0231 3440 rdbss - ok
15:26:09.0291 3440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:26:09.0341 3440 rdpbus - ok
15:26:09.0371 3440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:26:09.0421 3440 RDPCDD - ok
15:26:09.0471 3440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:26:09.0501 3440 RDPENCDD - ok
15:26:09.0511 3440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:26:09.0541 3440 RDPREFMP - ok
15:26:09.0611 3440 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:26:09.0671 3440 RDPWD - ok
15:26:09.0711 3440 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:26:09.0721 3440 rdyboost - ok
15:26:09.0761 3440 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:26:09.0821 3440 RemoteAccess - ok
15:26:09.0861 3440 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:26:09.0881 3440 RemoteRegistry - ok
15:26:09.0941 3440 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:26:10.0001 3440 RpcEptMapper - ok
15:26:10.0041 3440 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:26:10.0101 3440 RpcLocator - ok
15:26:10.0131 3440 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:26:10.0181 3440 RpcSs - ok
15:26:10.0291 3440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:26:10.0361 3440 rspndr - ok
15:26:10.0441 3440 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:26:10.0481 3440 RTL8167 - ok
15:26:10.0501 3440 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:26:10.0511 3440 SamSs - ok
15:26:10.0631 3440 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:26:10.0641 3440 SASDIFSV - ok
15:26:10.0671 3440 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:26:10.0691 3440 SASKUTIL - ok
15:26:10.0761 3440 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:26:10.0781 3440 sbp2port - ok
15:26:11.0071 3440 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:26:11.0101 3440 SBSDWSCService - ok
15:26:11.0211 3440 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:26:11.0261 3440 SCardSvr - ok
15:26:11.0341 3440 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:26:11.0381 3440 scfilter - ok
15:26:11.0721 3440 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:26:11.0771 3440 Schedule - ok
15:26:11.0801 3440 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:26:11.0841 3440 SCPolicySvc - ok
15:26:11.0931 3440 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:26:11.0981 3440 SDRSVC - ok
15:26:12.0121 3440 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:26:12.0151 3440 SeaPort - ok
15:26:12.0211 3440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:26:12.0271 3440 secdrv - ok
15:26:12.0351 3440 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:26:12.0421 3440 seclogon - ok
15:26:12.0481 3440 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:26:12.0521 3440 SENS - ok
15:26:12.0571 3440 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:26:12.0611 3440 SensrSvc - ok
15:26:12.0681 3440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:26:12.0721 3440 Serenum - ok
15:26:12.0751 3440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:26:12.0781 3440 Serial - ok
15:26:12.0811 3440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:26:12.0831 3440 sermouse - ok
15:26:12.0851 3440 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:26:12.0881 3440 SessionEnv - ok
15:26:12.0901 3440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:26:12.0941 3440 sffdisk - ok
15:26:12.0971 3440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:26:12.0981 3440 sffp_mmc - ok
15:26:13.0011 3440 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:26:13.0031 3440 sffp_sd - ok
15:26:13.0071 3440 sfhlp01 - ok
15:26:13.0101 3440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:26:13.0131 3440 sfloppy - ok
15:26:13.0161 3440 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:26:13.0271 3440 SharedAccess - ok
15:26:13.0431 3440 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:26:13.0471 3440 ShellHWDetection - ok
15:26:13.0571 3440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:26:13.0591 3440 SiSRaid2 - ok
15:26:13.0611 3440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:26:13.0621 3440 SiSRaid4 - ok
15:26:13.0701 3440 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:26:13.0711 3440 SmartDefragDriver - ok
15:26:13.0761 3440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:26:13.0831 3440 Smb - ok
15:26:13.0901 3440 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:26:13.0941 3440 SNMPTRAP - ok
15:26:13.0961 3440 SpiderG3 - ok
15:26:13.0971 3440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:26:13.0981 3440 spldr - ok
15:26:14.0031 3440 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:26:14.0041 3440 Spooler - ok
15:26:14.0941 3440 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:26:15.0061 3440 sppsvc - ok
15:26:15.0071 3440 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:26:15.0121 3440 sppuinotify - ok
15:26:15.0291 3440 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:26:15.0351 3440 srv - ok
15:26:15.0421 3440 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:26:15.0481 3440 srv2 - ok
15:26:15.0521 3440 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:26:15.0541 3440 srvnet - ok
15:26:15.0601 3440 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
15:26:15.0631 3440 ssadbus - ok
15:26:15.0671 3440 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:26:15.0711 3440 ssadmdfl - ok
15:26:15.0751 3440 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:26:15.0801 3440 ssadmdm - ok
15:26:15.0851 3440 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:26:15.0901 3440 SSDPSRV - ok
15:26:15.0951 3440 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:26:15.0981 3440 SstpSvc - ok
15:26:16.0041 3440 Steam Client Service - ok
15:26:16.0061 3440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:26:16.0081 3440 stexstor - ok
15:26:16.0131 3440 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:26:16.0171 3440 StillCam - ok
15:26:16.0211 3440 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:26:16.0241 3440 stisvc - ok
15:26:16.0271 3440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:26:16.0281 3440 swenum - ok
15:26:16.0291 3440 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:26:16.0391 3440 swprv - ok
15:26:16.0451 3440 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:26:16.0521 3440 SysMain - ok
15:26:16.0531 3440 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:26:16.0561 3440 TabletInputService - ok
15:26:16.0611 3440 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
15:26:16.0611 3440 taphss - ok
15:26:16.0631 3440 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:26:16.0751 3440 TapiSrv - ok
15:26:16.0781 3440 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:26:16.0811 3440 TBS - ok
15:26:16.0951 3440 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
15:26:16.0991 3440 Tcpip - ok
15:26:17.0071 3440 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
15:26:17.0101 3440 TCPIP6 - ok
15:26:17.0161 3440 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:26:17.0181 3440 tcpipreg - ok
15:26:17.0211 3440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:26:17.0261 3440 TDPIPE - ok
15:26:17.0322 3440 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:26:17.0382 3440 TDTCP - ok
15:26:17.0432 3440 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:26:17.0502 3440 tdx - ok
15:26:17.0542 3440 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:26:17.0562 3440 TermDD - ok
15:26:17.0602 3440 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:26:17.0690 3440 TermService - ok
15:26:17.0784 3440 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
15:26:17.0799 3440 TFsExDisk - ok
15:26:17.0846 3440 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:26:17.0893 3440 Themes - ok
15:26:17.0955 3440 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:26:18.0018 3440 THREADORDER - ok
15:26:18.0049 3440 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:26:18.0111 3440 TrkWks - ok
15:26:18.0252 3440 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:26:18.0283 3440 TrustedInstaller - ok
15:26:18.0361 3440 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:26:18.0423 3440 tssecsrv - ok
15:26:18.0501 3440 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:26:18.0532 3440 tunnel - ok
15:26:18.0579 3440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:26:18.0579 3440 uagp35 - ok
15:26:18.0626 3440 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:26:18.0688 3440 udfs - ok
15:26:18.0720 3440 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:26:18.0735 3440 UI0Detect - ok
15:26:18.0766 3440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:26:18.0782 3440 uliagpkx - ok
15:26:18.0813 3440 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:26:18.0829 3440 umbus - ok
15:26:18.0860 3440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:26:18.0876 3440 UmPass - ok
15:26:18.0891 3440 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:26:19.0000 3440 upnphost - ok
15:26:19.0032 3440 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
15:26:19.0063 3440 usbaudio - ok
15:26:19.0094 3440 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:26:19.0125 3440 usbccgp - ok
15:26:19.0156 3440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:26:19.0172 3440 usbcir - ok
15:26:19.0203 3440 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
15:26:19.0234 3440 usbehci - ok
15:26:19.0281 3440 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
15:26:19.0312 3440 usbhub - ok
15:26:19.0344 3440 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:26:19.0359 3440 usbohci - ok
15:26:19.0375 3440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:26:19.0390 3440 usbprint - ok
15:26:19.0468 3440 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:26:19.0515 3440 usbscan - ok
15:26:19.0531 3440 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:26:19.0562 3440 USBSTOR - ok
15:26:19.0593 3440 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:26:19.0624 3440 usbuhci - ok
15:26:19.0671 3440 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
15:26:19.0687 3440 usbvideo - ok
15:26:19.0702 3440 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
15:26:19.0718 3440 usb_rndisx - ok
15:26:19.0749 3440 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:26:19.0780 3440 UxSms - ok
15:26:19.0874 3440 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:26:19.0905 3440 VaultSvc - ok
15:26:19.0968 3440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:26:19.0983 3440 vdrvroot - ok
15:26:20.0046 3440 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:26:20.0077 3440 vds - ok
15:26:20.0108 3440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:26:20.0139 3440 vga - ok
15:26:20.0202 3440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:26:20.0248 3440 VgaSave - ok
15:26:20.0326 3440 vhdmp  (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:26:20.0342 3440 vhdmp - ok
15:26:20.0404 3440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:26:20.0420 3440 viaide - ok
15:26:20.0451 3440 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:26:20.0467 3440 volmgr - ok
15:26:20.0529 3440 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:26:20.0560 3440 volmgrx - ok
15:26:20.0654 3440 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:26:20.0670 3440 volsnap - ok
15:26:20.0701 3440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:26:20.0732 3440 vsmraid - ok
15:26:20.0779 3440 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:26:20.0794 3440 VSS - ok
15:26:20.0857 3440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:26:20.0888 3440 vwifibus - ok
15:26:20.0919 3440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:26:20.0950 3440 vwififlt - ok
15:26:20.0982 3440 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:26:20.0997 3440 vwifimp - ok
15:26:21.0013 3440 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:26:21.0044 3440 W32Time - ok
15:26:21.0106 3440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:26:21.0122 3440 WacomPen - ok
15:26:21.0153 3440 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:26:21.0216 3440 WANARP - ok
15:26:21.0216 3440 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:26:21.0247 3440 Wanarpv6 - ok
15:26:21.0340 3440 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:26:21.0387 3440 WatAdminSvc - ok
15:26:21.0450 3440 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:26:21.0496 3440 wbengine - ok
15:26:21.0543 3440 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:26:21.0574 3440 WbioSrvc - ok
15:26:21.0621 3440 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
15:26:21.0652 3440 wcncsvc - ok
15:26:21.0699 3440 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:26:21.0746 3440 WcsPlugInService - ok
15:26:21.0777 3440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:26:21.0808 3440 Wd - ok
15:26:22.0027 3440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:26:22.0058 3440 Wdf01000 - ok
15:26:22.0448 3440 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:26:22.0510 3440 WdiServiceHost - ok
15:26:22.0510 3440 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:26:22.0526 3440 WdiSystemHost - ok
15:26:22.0588 3440 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
15:26:22.0620 3440 WebClient - ok
15:26:22.0635 3440 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:26:22.0666 3440 Wecsvc - ok
15:26:22.0744 3440 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:26:22.0760 3440 wercplsupport - ok
15:26:22.0838 3440 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:26:22.0900 3440 WerSvc - ok
15:26:22.0994 3440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:26:23.0041 3440 WfpLwf - ok
15:26:23.0088 3440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:26:23.0088 3440 WIMMount - ok
15:26:23.0134 3440 WinDefend - ok
15:26:23.0150 3440 WinHttpAutoProxySvc - ok
15:26:23.0306 3440 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:26:23.0353 3440 Winmgmt - ok
15:26:23.0446 3440 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:26:23.0587 3440 WinRM - ok
15:26:23.0680 3440 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:26:23.0712 3440 WinUsb - ok
15:26:23.0961 3440 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:26:24.0024 3440 Wlansvc - ok
15:26:24.0164 3440 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:26:24.0180 3440 wlcrasvc - ok
15:26:24.0304 3440 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:26:24.0351 3440 wlidsvc - ok
15:26:24.0445 3440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:26:24.0460 3440 WmiAcpi - ok
15:26:24.0554 3440 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:26:24.0601 3440 wmiApSrv - ok
15:26:24.0632 3440 WMPNetworkSvc - ok
15:26:24.0679 3440 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:26:24.0694 3440 WPCSvc - ok
15:26:24.0710 3440 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:26:24.0741 3440 WPDBusEnum - ok
15:26:24.0772 3440 WPRO_40_1340 - ok
15:26:24.0772 3440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:26:24.0819 3440 ws2ifsl - ok
15:26:24.0835 3440 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:26:24.0866 3440 wscsvc - ok
15:26:24.0866 3440 WSearch - ok
15:26:25.0147 3440 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:26:25.0225 3440 wuauserv - ok
15:26:25.0272 3440 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:26:25.0318 3440 WudfPf - ok
15:26:25.0350 3440 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:26:25.0381 3440 WUDFRd - ok
15:26:25.0428 3440 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:26:25.0474 3440 wudfsvc - ok
15:26:25.0537 3440 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:26:25.0599 3440 WwanSvc - ok
15:26:25.0708 3440 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:26:25.0724 3440 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:26:25.0755 3440 MBR (0x1B8) (bb97c761113bfcbef8c9b1ffa3eae99e) \Device\Harddisk0\DR0
15:26:27.0409 3440 \Device\Harddisk0\DR0 - ok
15:26:27.0424 3440 Boot (0x1200) (2f698e767d2e3dee27e29311d6ae76da) \Device\Harddisk0\DR0\Partition0
15:26:27.0424 3440 \Device\Harddisk0\DR0\Partition0 - ok
15:26:27.0424 3440 Boot (0x1200) (6bb54a6d946defec3ff2c5c67ad78768) \Device\Harddisk0\DR0\Partition1
15:26:27.0424 3440 \Device\Harddisk0\DR0\Partition1 - ok
15:26:27.0487 3440 Boot (0x1200) (c3a575fdea1295aff28f950c795f5d31) \Device\Harddisk0\DR0\Partition2
15:26:27.0487 3440 \Device\Harddisk0\DR0\Partition2 - ok
15:26:27.0487 3440 ============================================================
15:26:27.0487 3440 Scan finished
15:26:27.0487 3440 ============================================================
15:26:27.0487 1952 Detected object count: 6
15:26:27.0487 1952 Actual detected object count: 6
15:27:23.0928 1952 CDMA Device Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:23.0928 1952 CDMA Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:23.0928 1952 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:23.0928 1952 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:23.0928 1952 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:23.0928 1952 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:23.0928 1952 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:23.0928 1952 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:23.0928 1952 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:23.0928 1952 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:23.0928 1952 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:23.0928 1952 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:00.0929 6944 ============================================================
15:29:00.0929 6944 Scan started
15:29:00.0929 6944 Mode: Manual; SigCheck; TDLFS; 
15:29:00.0929 6944 ============================================================
15:29:01.0412 6944 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:29:01.0428 6944 !SASCORE - ok
15:29:01.0537 6944 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:29:01.0568 6944 1394ohci - ok
15:29:01.0599 6944 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:29:01.0631 6944 ACPI - ok
15:29:01.0646 6944 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:29:01.0662 6944 AcpiPmi - ok
15:29:01.0755 6944 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:29:01.0787 6944 AdobeFlashPlayerUpdateSvc - ok
15:29:01.0833 6944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:29:01.0865 6944 adp94xx - ok
15:29:01.0880 6944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:29:01.0896 6944 adpahci - ok
15:29:01.0911 6944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:29:01.0927 6944 adpu320 - ok
15:29:01.0958 6944 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:29:01.0974 6944 AeLookupSvc - ok
15:29:02.0005 6944 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:29:02.0021 6944 AFD - ok
15:29:02.0052 6944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:29:02.0067 6944 agp440 - ok
15:29:02.0114 6944 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:29:02.0130 6944 ALG - ok
15:29:02.0161 6944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:29:02.0177 6944 aliide - ok
15:29:02.0208 6944 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
15:29:02.0239 6944 AMD External Events Utility - ok
15:29:02.0255 6944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:29:02.0255 6944 amdide - ok
15:29:02.0286 6944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:29:02.0317 6944 AmdK8 - ok
15:29:02.0520 6944 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:29:02.0613 6944 amdkmdag - ok
15:29:02.0676 6944 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
15:29:02.0691 6944 amdkmdap - ok
15:29:02.0707 6944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:29:02.0723 6944 AmdPPM - ok
15:29:02.0754 6944 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
15:29:02.0769 6944 amdsata - ok
15:29:02.0785 6944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:29:02.0801 6944 amdsbs - ok
15:29:02.0816 6944 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
15:29:02.0832 6944 amdxata - ok
15:29:02.0863 6944 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:29:02.0879 6944 AppID - ok
15:29:02.0894 6944 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:29:02.0941 6944 AppIDSvc - ok
15:29:02.0972 6944 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:29:02.0972 6944 Appinfo - ok
15:29:03.0081 6944 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:29:03.0097 6944 Apple Mobile Device - ok
15:29:03.0144 6944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:29:03.0159 6944 arc - ok
15:29:03.0175 6944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:29:03.0191 6944 arcsas - ok
15:29:03.0237 6944 aswFW (696b534c07065512317529318da79b80) C:\Windows\system32\drivers\aswFW.sys
15:29:03.0253 6944 aswFW - ok
15:29:03.0269 6944 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
15:29:03.0284 6944 aswNdis - ok
15:29:03.0315 6944 aswNdis2 (b977cb4b919e6d47009b608a4e733b43) C:\Windows\system32\drivers\aswNdis2.sys
15:29:03.0315 6944 aswNdis2 - ok
15:29:03.0347 6944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:29:03.0393 6944 AsyncMac - ok
15:29:03.0425 6944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:29:03.0440 6944 atapi - ok
15:29:03.0487 6944 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
15:29:03.0503 6944 AtiHdmiService - ok
15:29:03.0721 6944 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:29:03.0815 6944 atikmdag - ok
15:29:03.0877 6944 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:29:03.0924 6944 AudioEndpointBuilder - ok
15:29:03.0971 6944 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:29:03.0986 6944 AudioSrv - ok
15:29:04.0049 6944 AVER_H193 (478644a6124dd71adeb7bd6cb24b2f35) C:\Windows\system32\drivers\AVer888RC_64.sys
15:29:04.0080 6944 AVER_H193 - ok
15:29:04.0127 6944 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
15:29:04.0142 6944 Avgfwfd - ok
15:29:04.0267 6944 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
15:29:04.0298 6944 avgfws - ok
15:29:04.0454 6944 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
15:29:04.0517 6944 AVGIDSAgent - ok
15:29:04.0579 6944 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:29:04.0595 6944 AVGIDSDriver - ok
15:29:04.0626 6944 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
15:29:04.0641 6944 AVGIDSEH - ok
15:29:04.0657 6944 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:29:04.0657 6944 AVGIDSFilter - ok
15:29:04.0704 6944 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:29:04.0719 6944 Avgldx64 - ok
15:29:04.0751 6944 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:29:04.0751 6944 Avgmfx64 - ok
15:29:04.0797 6944 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:29:04.0813 6944 Avgrkx64 - ok
15:29:04.0844 6944 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
15:29:04.0860 6944 Avgtdia - ok
15:29:04.0907 6944 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:29:04.0922 6944 avgwd - ok
15:29:04.0953 6944 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:29:05.0000 6944 AxInstSV - ok
15:29:05.0031 6944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:29:05.0063 6944 b06bdrv - ok
15:29:05.0094 6944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:29:05.0125 6944 b57nd60a - ok
15:29:05.0156 6944 Bandoo Coordinator - ok
15:29:05.0234 6944 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:29:05.0250 6944 BBSvc - ok
15:29:05.0281 6944 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:29:05.0297 6944 BDESVC - ok
15:29:05.0312 6944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:29:05.0343 6944 Beep - ok
15:29:05.0375 6944 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:29:05.0406 6944 BFE - ok
15:29:05.0453 6944 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:29:05.0499 6944 BITS - ok
15:29:05.0531 6944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:29:05.0546 6944 blbdrive - ok
15:29:05.0593 6944 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:29:05.0609 6944 Bonjour Service - ok
15:29:05.0640 6944 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:29:05.0671 6944 bowser - ok
15:29:05.0687 6944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:29:05.0718 6944 BrFiltLo - ok
15:29:05.0718 6944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:29:05.0733 6944 BrFiltUp - ok
15:29:05.0749 6944 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:29:05.0780 6944 Browser - ok
15:29:05.0811 6944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:29:05.0843 6944 Brserid - ok
15:29:05.0858 6944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:29:05.0874 6944 BrSerWdm - ok
15:29:05.0905 6944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:29:05.0936 6944 BrUsbMdm - ok
15:29:05.0952 6944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:29:05.0967 6944 BrUsbSer - ok
15:29:05.0983 6944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:29:05.0999 6944 BTHMODEM - ok
15:29:06.0030 6944 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:29:06.0061 6944 bthserv - ok
15:29:06.0077 6944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:29:06.0123 6944 cdfs - ok
15:29:06.0248 6944 CDMA Device Service (d6696435eefd7bbdb4226c60a5b343dc) C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
15:29:06.0264 6944 CDMA Device Service ( UnsignedFile.Multi.Generic ) - warning
15:29:06.0264 6944 CDMA Device Service - detected UnsignedFile.Multi.Generic (1)
15:29:06.0295 6944 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:29:06.0326 6944 cdrom - ok
15:29:06.0342 6944 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:29:06.0389 6944 CertPropSvc - ok
15:29:06.0404 6944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:29:06.0420 6944 circlass - ok
15:29:06.0435 6944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:29:06.0451 6944 CLFS - ok
15:29:06.0513 6944 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:06.0529 6944 clr_optimization_v2.0.50727_32 - ok
15:29:06.0576 6944 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:29:06.0591 6944 clr_optimization_v2.0.50727_64 - ok
15:29:06.0654 6944 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:29:06.0669 6944 clr_optimization_v4.0.30319_32 - ok
15:29:06.0685 6944 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:29:06.0701 6944 clr_optimization_v4.0.30319_64 - ok
15:29:06.0732 6944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:29:06.0763 6944 CmBatt - ok
15:29:06.0779 6944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:29:06.0794 6944 cmdide - ok
15:29:06.0825 6944 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:29:06.0857 6944 CNG - ok
15:29:06.0872 6944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:29:06.0888 6944 Compbatt - ok
15:29:06.0903 6944 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:29:06.0919 6944 CompositeBus - ok
15:29:06.0935 6944 COMSysApp - ok
15:29:07.0013 6944 cpuz132 - ok
15:29:07.0028 6944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:29:07.0044 6944 crcdisk - ok
15:29:07.0091 6944 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:29:07.0137 6944 CryptSvc - ok
15:29:07.0169 6944 CXCIR (7d8451566fe3d9332e79751e58ec2ee0) C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys
15:29:07.0184 6944 CXCIR - ok
15:29:07.0200 6944 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
15:29:07.0215 6944 dc3d - ok
15:29:07.0247 6944 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:29:07.0293 6944 DcomLaunch - ok
15:29:07.0309 6944 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:29:07.0340 6944 defragsvc - ok
15:29:07.0371 6944 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:29:07.0403 6944 DfsC - ok
15:29:07.0403 6944 dgderdrv - ok
15:29:07.0434 6944 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:29:07.0465 6944 Dhcp - ok
15:29:07.0481 6944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:29:07.0527 6944 discache - ok
15:29:07.0559 6944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:29:07.0559 6944 Disk - ok
15:29:07.0605 6944 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:29:07.0621 6944 Dnscache - ok
15:29:07.0637 6944 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:29:07.0668 6944 dot3svc - ok
15:29:07.0683 6944 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:29:07.0715 6944 DPS - ok
15:29:07.0730 6944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:29:07.0761 6944 drmkaud - ok
15:29:07.0886 6944 dump_wmimmc - ok
15:29:07.0933 6944 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:29:07.0980 6944 DXGKrnl - ok
15:29:07.0995 6944 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:29:08.0027 6944 EapHost - ok
15:29:08.0120 6944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:29:08.0167 6944 ebdrv - ok
15:29:08.0183 6944 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:29:08.0198 6944 EFS - ok
15:29:08.0276 6944 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
15:29:08.0307 6944 ehRecvr - ok
15:29:08.0339 6944 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:29:08.0339 6944 ehSched - ok
15:29:08.0385 6944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:29:08.0401 6944 elxstor - ok
15:29:08.0417 6944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:29:08.0432 6944 ErrDev - ok
15:29:08.0479 6944 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:29:08.0510 6944 EventSystem - ok
15:29:08.0541 6944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:29:08.0604 6944 exfat - ok
15:29:08.0604 6944 ezSharedSvc - ok
15:29:08.0635 6944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:29:08.0666 6944 fastfat - ok
15:29:08.0697 6944 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:29:08.0729 6944 Fax - ok
15:29:08.0760 6944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:29:08.0791 6944 fdc - ok
15:29:08.0807 6944 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:29:08.0838 6944 fdPHost - ok
15:29:08.0853 6944 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:29:08.0885 6944 FDResPub - ok
15:29:08.0900 6944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:29:08.0916 6944 FileInfo - ok
15:29:08.0931 6944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:29:08.0963 6944 Filetrace - ok
15:29:08.0994 6944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:29:09.0025 6944 flpydisk - ok
15:29:09.0041 6944 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:29:09.0056 6944 FltMgr - ok
15:29:09.0119 6944 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
15:29:09.0150 6944 FontCache - ok
15:29:09.0197 6944 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:29:09.0212 6944 FontCache3.0.0.0 - ok
15:29:09.0228 6944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:29:09.0243 6944 FsDepends - ok
15:29:09.0275 6944 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
15:29:09.0290 6944 fssfltr - ok
15:29:09.0368 6944 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:29:09.0399 6944 fsssvc - ok
15:29:09.0431 6944 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:29:09.0431 6944 Fs_Rec - ok
15:29:09.0477 6944 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:29:09.0509 6944 fvevol - ok
15:29:09.0540 6944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:29:09.0555 6944 gagp30kx - ok
15:29:09.0602 6944 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:29:09.0633 6944 GameConsoleService - ok
15:29:09.0665 6944 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:29:09.0680 6944 GEARAspiWDM - ok
15:29:09.0743 6944 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
15:29:09.0758 6944 GoToAssist - ok
15:29:09.0805 6944 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:29:09.0836 6944 gpsvc - ok
15:29:09.0945 6944 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:29:09.0961 6944 gupdate - ok
15:29:09.0977 6944 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:29:09.0992 6944 gupdatem - ok
15:29:10.0039 6944 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:29:10.0055 6944 gusvc - ok
15:29:10.0086 6944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:29:10.0101 6944 hcw85cir - ok
15:29:10.0133 6944 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:10.0164 6944 HDAudBus - ok
15:29:10.0179 6944 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:29:10.0195 6944 HECIx64 - ok
15:29:10.0211 6944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:29:10.0226 6944 HidBatt - ok
15:29:10.0242 6944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:29:10.0257 6944 HidBth - ok
15:29:10.0273 6944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:29:10.0289 6944 HidIr - ok
15:29:10.0304 6944 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:29:10.0320 6944 hidserv - ok
15:29:10.0367 6944 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:29:10.0367 6944 HidUsb - ok
15:29:10.0413 6944 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:29:10.0429 6944 hkmsvc - ok
15:29:10.0445 6944 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:29:10.0460 6944 HomeGroupListener - ok
15:29:10.0507 6944 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:29:10.0523 6944 HomeGroupProvider - ok
15:29:10.0601 6944 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:29:10.0601 6944 HP Support Assistant Service - ok
15:29:10.0647 6944 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:29:10.0663 6944 HPDrvMntSvc.exe - ok
15:29:10.0694 6944 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:29:10.0725 6944 hpqwmiex - ok
15:29:10.0757 6944 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:29:10.0772 6944 HpSAMD - ok
15:29:10.0803 6944 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:29:10.0835 6944 HTTP - ok
15:29:10.0850 6944 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:29:10.0866 6944 hwpolicy - ok
15:29:10.0881 6944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:10.0913 6944 i8042prt - ok
15:29:10.0928 6944 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
15:29:10.0944 6944 iaStor - ok
15:29:10.0991 6944 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:29:11.0006 6944 IAStorDataMgrSvc - ok
15:29:11.0022 6944 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
15:29:11.0037 6944 iaStorV - ok
15:29:11.0100 6944 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:29:11.0115 6944 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:29:11.0115 6944 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:29:11.0193 6944 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:29:11.0225 6944 idsvc - ok
15:29:11.0240 6944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:29:11.0256 6944 iirsp - ok
15:29:11.0287 6944 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:29:11.0334 6944 IKEEXT - ok
15:29:11.0381 6944 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
15:29:11.0427 6944 IntcAzAudAddService - ok
15:29:11.0459 6944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:29:11.0474 6944 intelide - ok
15:29:11.0505 6944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:29:11.0505 6944 intelppm - ok
15:29:11.0521 6944 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:29:11.0552 6944 IPBusEnum - ok
15:29:11.0568 6944 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:11.0599 6944 IpFilterDriver - ok
15:29:11.0630 6944 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:29:11.0661 6944 iphlpsvc - ok
15:29:11.0677 6944 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:29:11.0693 6944 IPMIDRV - ok
15:29:11.0708 6944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:29:11.0739 6944 IPNAT - ok
15:29:11.0802 6944 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
15:29:11.0833 6944 iPod Service - ok
15:29:11.0849 6944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:29:11.0864 6944 IRENUM - ok
15:29:11.0895 6944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:29:11.0911 6944 isapnp - ok
15:29:11.0927 6944 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:29:11.0927 6944 iScsiPrt - ok
15:29:11.0973 6944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:12.0005 6944 kbdclass - ok
15:29:12.0020 6944 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:29:12.0036 6944 kbdhid - ok
15:29:12.0067 6944 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:29:12.0083 6944 KeyIso - ok
15:29:12.0098 6944 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:29:12.0114 6944 KSecDD - ok
15:29:12.0145 6944 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:29:12.0145 6944 KSecPkg - ok
15:29:12.0161 6944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:29:12.0192 6944 ksthunk - ok
15:29:12.0223 6944 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:29:12.0254 6944 KtmRm - ok
15:29:12.0285 6944 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
15:29:12.0301 6944 LanmanServer - ok
15:29:12.0317 6944 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:29:12.0348 6944 LanmanWorkstation - ok
15:29:12.0410 6944 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:29:12.0426 6944 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:29:12.0426 6944 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:29:12.0441 6944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:29:12.0473 6944 lltdio - ok
15:29:12.0488 6944 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:29:12.0519 6944 lltdsvc - ok
15:29:12.0535 6944 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:29:12.0566 6944 lmhosts - ok
15:29:12.0597 6944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:29:12.0597 6944 LSI_FC - ok
15:29:12.0629 6944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:29:12.0629 6944 LSI_SAS - ok
15:29:12.0660 6944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:29:12.0660 6944 LSI_SAS2 - ok
15:29:12.0675 6944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:29:12.0691 6944 LSI_SCSI - ok
15:29:12.0707 6944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:29:12.0722 6944 luafv - ok
15:29:12.0753 6944 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:29:12.0769 6944 LVPr2M64 - ok
15:29:12.0800 6944 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
15:29:12.0816 6944 LVRS64 - ok
15:29:12.0956 6944 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:29:13.0003 6944 LVUVC64 - ok
15:29:13.0050 6944 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
15:29:13.0065 6944 McciCMService ( UnsignedFile.Multi.Generic ) - warning
15:29:13.0065 6944 McciCMService - detected UnsignedFile.Multi.Generic (1)
15:29:13.0143 6944 McciCMService64 (28ef4cccd101155290ff77582f95428b) C:\Program Files\Common Files\Motive\McciCMService.exe
15:29:13.0159 6944 McciCMService64 - ok
15:29:13.0190 6944 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:29:13.0221 6944 Mcx2Svc - ok
15:29:13.0237 6944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:29:13.0268 6944 megasas - ok
15:29:13.0299 6944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:29:13.0315 6944 MegaSR - ok
15:29:13.0346 6944 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:29:13.0377 6944 MMCSS - ok
15:29:13.0393 6944 Modem  (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:29:13.0424 6944 Modem - ok
15:29:13.0471 6944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:29:13.0487 6944 monitor - ok
15:29:13.0502 6944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:29:13.0518 6944 mouclass - ok
15:29:13.0533 6944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:29:13.0533 6944 mouhid - ok
15:29:13.0565 6944 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:29:13.0565 6944 mountmgr - ok
15:29:13.0596 6944 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:29:13.0596 6944 mpio - ok
15:29:13.0611 6944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:29:13.0627 6944 mpsdrv - ok
15:29:13.0658 6944 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:29:13.0689 6944 MpsSvc - ok
15:29:13.0767 6944 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:29:13.0767 6944 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:29:13.0783 6944 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:29:13.0845 6944 MREMP50a64 - ok
15:29:13.0861 6944 MREMPR5 - ok
15:29:13.0861 6944 MRENDIS5 - ok
15:29:13.0892 6944 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:29:13.0892 6944 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:29:13.0892 6944 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:29:13.0892 6944 MRESP50a64 - ok
15:29:13.0923 6944 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:29:13.0939 6944 MRxDAV - ok
15:29:13.0986 6944 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:14.0001 6944 mrxsmb - ok
15:29:14.0017 6944 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:14.0033 6944 mrxsmb10 - ok
15:29:14.0048 6944 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:14.0064 6944 mrxsmb20 - ok
15:29:14.0095 6944 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:29:14.0095 6944 msahci - ok
15:29:14.0126 6944 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:29:14.0142 6944 msdsm - ok
15:29:14.0157 6944 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:29:14.0173 6944 MSDTC - ok
15:29:14.0189 6944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:29:14.0220 6944 Msfs - ok
15:29:14.0235 6944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:29:14.0251 6944 mshidkmdf - ok
15:29:14.0267 6944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:29:14.0282 6944 msisadrv - ok
15:29:14.0298 6944 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:29:14.0345 6944 MSiSCSI - ok
15:29:14.0360 6944 msiserver - ok
15:29:14.0376 6944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:29:14.0391 6944 MSKSSRV - ok
15:29:14.0423 6944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:14.0438 6944 MSPCLOCK - ok
15:29:14.0469 6944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:29:14.0485 6944 MSPQM - ok
15:29:14.0501 6944 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:29:14.0516 6944 MsRPC - ok
15:29:14.0532 6944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:14.0532 6944 mssmbios - ok
15:29:14.0547 6944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:29:14.0563 6944 MSTEE - ok
15:29:14.0579 6944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:29:14.0579 6944 MTConfig - ok
15:29:14.0594 6944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:29:14.0610 6944 Mup - ok
15:29:14.0641 6944 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:29:14.0672 6944 napagent - ok
15:29:14.0688 6944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:29:14.0703 6944 NativeWifiP - ok
15:29:14.0735 6944 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:29:14.0750 6944 NDIS - ok
15:29:14.0766 6944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:14.0797 6944 NdisCap - ok
15:29:14.0813 6944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:14.0828 6944 NdisTapi - ok
15:29:14.0859 6944 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:14.0875 6944 Ndisuio - ok
15:29:14.0906 6944 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:14.0922 6944 NdisWan - ok
15:29:14.0953 6944 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:29:14.0984 6944 NDProxy - ok
15:29:15.0000 6944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:29:15.0015 6944 NetBIOS - ok
15:29:15.0047 6944 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:29:15.0062 6944 NetBT - ok
15:29:15.0109 6944 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:29:15.0125 6944 Netlogon - ok
15:29:15.0140 6944 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:29:15.0171 6944 Netman - ok
15:29:15.0218 6944 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:29:15.0249 6944 netprofm - ok
15:29:15.0265 6944 netr28x (254af6df67eafa8c6e0aa0d316487673) C:\Windows\system32\DRIVERS\netr28x.sys
15:29:15.0281 6944 netr28x - ok
15:29:15.0359 6944 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:29:15.0374 6944 NetTcpPortSharing - ok
15:29:15.0405 6944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:29:15.0405 6944 nfrd960 - ok
15:29:15.0483 6944 NielsenUpdate (33fea967497e9f6b2457d1c4e8eb11a0) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
15:29:15.0499 6944 NielsenUpdate - ok
15:29:15.0530 6944 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:29:15.0577 6944 NlaSvc - ok
15:29:15.0624 6944 nnfwdk (3cff736f1f581069a954f7dedb2dfbfa) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys
15:29:15.0639 6944 nnfwdk - ok
15:29:15.0655 6944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:29:15.0702 6944 Npfs - ok
15:29:15.0717 6944 npggsvc - ok
15:29:15.0717 6944 NPPTNT2 - ok
15:29:15.0733 6944 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:29:15.0780 6944 nsi - ok
15:29:15.0780 6944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:29:15.0811 6944 nsiproxy - ok
15:29:15.0842 6944 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
15:29:15.0873 6944 Ntfs - ok
15:29:15.0889 6944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:29:15.0905 6944 Null - ok
15:29:15.0936 6944 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
15:29:15.0951 6944 nvraid - ok
15:29:15.0951 6944 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
15:29:15.0967 6944 nvstor - ok
15:29:15.0983 6944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:29:15.0998 6944 nv_agp - ok
15:29:15.0998 6944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:29:16.0014 6944 ohci1394 - ok
15:29:16.0045 6944 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:29:16.0061 6944 p2pimsvc - ok
15:29:16.0076 6944 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:29:16.0092 6944 p2psvc - ok
15:29:16.0123 6944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:29:16.0139 6944 Parport - ok
15:29:16.0154 6944 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:29:16.0154 6944 partmgr - ok
15:29:16.0170 6944 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:29:16.0185 6944 PcaSvc - ok
15:29:16.0263 6944 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
15:29:16.0279 6944 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
15:29:16.0310 6944 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:29:16.0341 6944 pci - ok
15:29:16.0357 6944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:29:16.0388 6944 pciide - ok
15:29:16.0404 6944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:29:16.0419 6944 pcmcia - ok
15:29:16.0435 6944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:29:16.0451 6944 pcw - ok
15:29:16.0482 6944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:29:16.0529 6944 PEAUTH - ok
15:29:16.0591 6944 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:29:16.0622 6944 PerfHost - ok
15:29:16.0653 6944 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:29:16.0700 6944 pla - ok
15:29:16.0732 6944 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:29:16.0763 6944 PlugPlay - ok
15:29:16.0763 6944 PnkBstrA - ok
15:29:16.0778 6944 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:29:16.0794 6944 PNRPAutoReg - ok
15:29:16.0810 6944 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:29:16.0825 6944 PNRPsvc - ok
15:29:16.0872 6944 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:29:16.0872 6944 Point64 - ok
15:29:16.0919 6944 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:29:16.0981 6944 PolicyAgent - ok
15:29:17.0012 6944 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:29:17.0059 6944 Power - ok
15:29:17.0106 6944 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:29:17.0137 6944 PptpMiniport - ok
15:29:17.0168 6944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:29:17.0200 6944 Processor - ok
15:29:17.0200 6944 prodrv06 - ok
15:29:17.0231 6944 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:29:17.0278 6944 ProfSvc - ok
15:29:17.0293 6944 prohlp02 - ok
15:29:17.0293 6944 prosync1 - ok
15:29:17.0309 6944 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:29:17.0324 6944 ProtectedStorage - ok
15:29:17.0340 6944 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:29:17.0356 6944 Psched - ok
15:29:17.0418 6944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:29:17.0449 6944 ql2300 - ok
15:29:17.0480 6944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:29:17.0512 6944 ql40xx - ok
15:29:17.0527 6944 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:29:17.0543 6944 QWAVE - ok
15:29:17.0558 6944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:29:17.0574 6944 QWAVEdrv - ok
15:29:17.0668 6944 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
15:29:17.0699 6944 RapportCerberus_34302 - ok
15:29:17.0777 6944 RapportEI64 (e35450c50b1e305347161b4c50bff2e7) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
15:29:17.0792 6944 RapportEI64 - ok
15:29:17.0824 6944 RapportKE64 (4468141e00ed22604f8b8a8436723c1a) C:\Windows\system32\Drivers\RapportKE64.sys
15:29:17.0839 6944 RapportKE64 - ok
15:29:17.0870 6944 RapportMgmtService (2df25e2df5b6624863e2218806178edc) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
15:29:17.0902 6944 RapportMgmtService - ok
15:29:17.0917 6944 RapportPG64 (23511f7f36b63bc1a2836c4ac174c0ee) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
15:29:17.0917 6944 RapportPG64 - ok
15:29:17.0933 6944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:29:17.0964 6944 RasAcd - ok
15:29:17.0980 6944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:17.0995 6944 RasAgileVpn - ok
15:29:18.0042 6944 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:29:18.0058 6944 RasAuto - ok
15:29:18.0089 6944 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:18.0104 6944 Rasl2tp - ok
15:29:18.0136 6944 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:29:18.0167 6944 RasMan - ok
15:29:18.0182 6944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:18.0214 6944 RasPppoe - ok
15:29:18.0229 6944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:29:18.0260 6944 RasSstp - ok
15:29:18.0276 6944 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:29:18.0323 6944 rdbss - ok
15:29:18.0354 6944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:18.0370 6944 rdpbus - ok
15:29:18.0385 6944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:18.0416 6944 RDPCDD - ok
15:29:18.0432 6944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:29:18.0448 6944 RDPENCDD - ok
15:29:18.0463 6944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:29:18.0494 6944 RDPREFMP - ok
15:29:18.0510 6944 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:29:18.0526 6944 RDPWD - ok
15:29:18.0557 6944 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:29:18.0557 6944 rdyboost - ok
15:29:18.0588 6944 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:29:18.0635 6944 RemoteAccess - ok
15:29:18.0666 6944 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:29:18.0697 6944 RemoteRegistry - ok
15:29:18.0713 6944 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:29:18.0744 6944 RpcEptMapper - ok
15:29:18.0760 6944 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:29:18.0775 6944 RpcLocator - ok
15:29:18.0791 6944 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:29:18.0822 6944 RpcSs - ok
15:29:18.0838 6944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:29:18.0869 6944 rspndr - ok
15:29:18.0900 6944 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:29:18.0916 6944 RTL8167 - ok
15:29:18.0947 6944 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:29:18.0947 6944 SamSs - ok
15:29:19.0025 6944 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:29:19.0040 6944 SASDIFSV - ok
15:29:19.0056 6944 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:29:19.0072 6944 SASKUTIL - ok
15:29:19.0103 6944 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:29:19.0118 6944 sbp2port - ok
15:29:19.0243 6944 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:29:19.0259 6944 SBSDWSCService - ok
15:29:19.0290 6944 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:29:19.0321 6944 SCardSvr - ok
15:29:19.0352 6944 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:29:19.0368 6944 scfilter - ok
15:29:19.0430 6944 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:29:19.0462 6944 Schedule - ok
15:29:19.0493 6944 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:29:19.0524 6944 SCPolicySvc - ok
15:29:19.0540 6944 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:29:19.0555 6944 SDRSVC - ok
15:29:19.0618 6944 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:29:19.0633 6944 SeaPort - ok
15:29:19.0649 6944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:29:19.0680 6944 secdrv - ok
15:29:19.0696 6944 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:29:19.0711 6944 seclogon - ok
15:29:19.0742 6944 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:29:19.0758 6944 SENS - ok
15:29:19.0774 6944 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:29:19.0789 6944 SensrSvc - ok
15:29:19.0820 6944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:29:19.0820 6944 Serenum - ok
15:29:19.0836 6944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:29:19.0852 6944 Serial - ok
15:29:19.0883 6944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:29:19.0898 6944 sermouse - ok
15:29:19.0914 6944 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:29:19.0945 6944 SessionEnv - ok
15:29:19.0961 6944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:29:19.0976 6944 sffdisk - ok
15:29:20.0008 6944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:29:20.0023 6944 sffp_mmc - ok
15:29:20.0039 6944 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:29:20.0054 6944 sffp_sd - ok
15:29:20.0054 6944 sfhlp01 - ok
15:29:20.0086 6944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:29:20.0101 6944 sfloppy - ok
15:29:20.0117 6944 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:29:20.0148 6944 SharedAccess - ok
15:29:20.0179 6944 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:29:20.0195 6944 ShellHWDetection - ok
15:29:20.0210 6944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:29:20.0210 6944 SiSRaid2 - ok
15:29:20.0226 6944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:29:20.0226 6944 SiSRaid4 - ok
15:29:20.0273 6944 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:29:20.0288 6944 SmartDefragDriver - ok
15:29:20.0320 6944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:29:20.0351 6944 Smb - ok
15:29:20.0366 6944 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:29:20.0382 6944 SNMPTRAP - ok
15:29:20.0398 6944 SpiderG3 - ok
15:29:20.0413 6944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:29:20.0413 6944 spldr - ok
15:29:20.0460 6944 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:29:20.0491 6944 Spooler - ok
15:29:20.0569 6944 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:29:20.0616 6944 sppsvc - ok
15:29:20.0632 6944 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:29:20.0647 6944 sppuinotify - ok
15:29:20.0694 6944 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:29:20.0725 6944 srv - ok
15:29:20.0756 6944 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:29:20.0772 6944 srv2 - ok
15:29:20.0819 6944 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:29:20.0834 6944 srvnet - ok
15:29:20.0866 6944 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
15:29:20.0897 6944 ssadbus - ok
15:29:20.0928 6944 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:29:20.0959 6944 ssadmdfl - ok
15:29:21.0006 6944 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:29:21.0022 6944 ssadmdm - ok
15:29:21.0053 6944 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:29:21.0084 6944 SSDPSRV - ok
15:29:21.0100 6944 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:29:21.0131 6944 SstpSvc - ok
15:29:21.0162 6944 Steam Client Service - ok
15:29:21.0193 6944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:29:21.0209 6944 stexstor - ok
15:29:21.0256 6944 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:29:21.0287 6944 StillCam - ok
15:29:21.0318 6944 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:29:21.0349 6944 stisvc - ok
15:29:21.0380 6944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:29:21.0396 6944 swenum - ok
15:29:21.0427 6944 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:29:21.0458 6944 swprv - ok
15:29:21.0505 6944 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:29:21.0552 6944 SysMain - ok
15:29:21.0568 6944 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:29:21.0583 6944 TabletInputService - ok
15:29:21.0614 6944 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
15:29:21.0630 6944 taphss - ok
15:29:21.0646 6944 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:29:21.0677 6944 TapiSrv - ok
15:29:21.0692 6944 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:29:21.0724 6944 TBS - ok
15:29:21.0786 6944 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
15:29:21.0817 6944 Tcpip - ok
15:29:21.0880 6944 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
15:29:21.0911 6944 TCPIP6 - ok
15:29:21.0942 6944 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:29:21.0973 6944 tcpipreg - ok
15:29:21.0989 6944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:29:22.0004 6944 TDPIPE - ok
15:29:22.0020 6944 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:29:22.0051 6944 TDTCP - ok
15:29:22.0067 6944 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:29:22.0082 6944 tdx - ok
15:29:22.0114 6944 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:29:22.0129 6944 TermDD - ok
15:29:22.0160 6944 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:29:22.0176 6944 TermService - ok
15:29:22.0223 6944 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
15:29:22.0238 6944 TFsExDisk - ok
15:29:22.0254 6944 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:29:22.0285 6944 Themes - ok
15:29:22.0301 6944 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:29:22.0332 6944 THREADORDER - ok
15:29:22.0348 6944 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:29:22.0379 6944 TrkWks - ok
15:29:22.0426 6944 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:29:22.0457 6944 TrustedInstaller - ok
15:29:22.0488 6944 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:22.0519 6944 tssecsrv - ok
15:29:22.0535 6944 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:29:22.0550 6944 tunnel - ok
15:29:22.0597 6944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:29:22.0597 6944 uagp35 - ok
15:29:22.0628 6944 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:29:22.0644 6944 udfs - ok
15:29:22.0675 6944 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:29:22.0691 6944 UI0Detect - ok
15:29:22.0706 6944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:29:22.0722 6944 uliagpkx - ok
15:29:22.0753 6944 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:29:22.0769 6944 umbus - ok
15:29:22.0784 6944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:29:22.0784 6944 UmPass - ok
15:29:22.0800 6944 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:29:22.0831 6944 upnphost - ok
15:29:22.0862 6944 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
15:29:22.0878 6944 usbaudio - ok
15:29:22.0909 6944 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:22.0940 6944 usbccgp - ok
15:29:22.0972 6944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:29:23.0003 6944 usbcir - ok
15:29:23.0018 6944 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
15:29:23.0018 6944 usbehci - ok
15:29:23.0065 6944 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
15:29:23.0096 6944 usbhub - ok
15:29:23.0128 6944 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:29:23.0143 6944 usbohci - ok
15:29:23.0159 6944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:29:23.0159 6944 usbprint - ok
15:29:23.0190 6944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:29:23.0206 6944 usbscan - ok
15:29:23.0237 6944 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:23.0268 6944 USBSTOR - ok
15:29:23.0284 6944 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:29:23.0299 6944 usbuhci - ok
15:29:23.0346 6944 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
15:29:23.0362 6944 usbvideo - ok
15:29:23.0393 6944 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
15:29:23.0408 6944 usb_rndisx - ok
15:29:23.0440 6944 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:29:23.0455 6944 UxSms - ok
15:29:23.0518 6944 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:29:23.0533 6944 VaultSvc - ok
15:29:23.0564 6944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:29:23.0564 6944 vdrvroot - ok
15:29:23.0596 6944 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:29:23.0642 6944 vds - ok
15:29:23.0658 6944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:23.0674 6944 vga - ok
15:29:23.0705 6944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:29:23.0720 6944 VgaSave - ok
15:29:23.0767 6944 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:29:23.0783 6944 vhdmp - ok
15:29:23.0814 6944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:29:23.0830 6944 viaide - ok
15:29:23.0845 6944 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:29:23.0861 6944 volmgr - ok
15:29:23.0876 6944 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:29:23.0892 6944 volmgrx - ok
15:29:23.0923 6944 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:29:23.0939 6944 volsnap - ok
15:29:23.0954 6944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:29:23.0970 6944 vsmraid - ok
15:29:24.0017 6944 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:29:24.0032 6944 VSS - ok
15:29:24.0048 6944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:29:24.0064 6944 vwifibus - ok
15:29:24.0079 6944 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:29:24.0095 6944 vwififlt - ok
15:29:24.0110 6944 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:29:24.0126 6944 vwifimp - ok
15:29:24.0157 6944 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:29:24.0173 6944 W32Time - ok
15:29:24.0204 6944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:29:24.0220 6944 WacomPen - ok
15:29:24.0235 6944 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:29:24.0266 6944 WANARP - ok
15:29:24.0266 6944 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:29:24.0298 6944 Wanarpv6 - ok
15:29:24.0360 6944 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:29:24.0391 6944 WatAdminSvc - ok
15:29:24.0422 6944 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:29:24.0454 6944 wbengine - ok
15:29:24.0469 6944 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:29:24.0485 6944 WbioSrvc - ok
15:29:24.0500 6944 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
15:29:24.0532 6944 wcncsvc - ok
15:29:24.0532 6944 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:29:24.0547 6944 WcsPlugInService - ok
15:29:24.0578 6944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:29:24.0578 6944 Wd - ok
15:29:24.0610 6944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:29:24.0641 6944 Wdf01000 - ok
15:29:24.0656 6944 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:29:24.0672 6944 WdiServiceHost - ok
15:29:24.0672 6944 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:29:24.0688 6944 WdiSystemHost - ok
15:29:24.0703 6944 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
15:29:24.0719 6944 WebClient - ok
15:29:24.0734 6944 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:29:24.0766 6944 Wecsvc - ok
15:29:24.0797 6944 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:29:24.0844 6944 wercplsupport - ok
15:29:24.0875 6944 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:29:24.0906 6944 WerSvc - ok
15:29:24.0922 6944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:24.0937 6944 WfpLwf - ok
15:29:24.0968 6944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:29:24.0968 6944 WIMMount - ok
15:29:25.0000 6944 WinDefend - ok
15:29:25.0000 6944 WinHttpAutoProxySvc - ok
15:29:25.0062 6944 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:29:25.0109 6944 Winmgmt - ok
15:29:25.0140 6944 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:29:25.0187 6944 WinRM - ok
15:29:25.0218 6944 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:29:25.0249 6944 WinUsb - ok
15:29:25.0296 6944 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:29:25.0312 6944 Wlansvc - ok
15:29:25.0390 6944 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:29:25.0405 6944 wlcrasvc - ok
15:29:25.0499 6944 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:29:25.0546 6944 wlidsvc - ok
15:29:25.0561 6944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:29:25.0577 6944 WmiAcpi - ok
15:29:25.0592 6944 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:29:25.0608 6944 wmiApSrv - ok
15:29:25.0624 6944 WMPNetworkSvc - ok
15:29:25.0655 6944 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:29:25.0686 6944 WPCSvc - ok
15:29:25.0702 6944 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:29:25.0733 6944 WPDBusEnum - ok
15:29:25.0733 6944 WPRO_40_1340 - ok
15:29:25.0748 6944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:29:25.0764 6944 ws2ifsl - ok
15:29:25.0780 6944 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:29:25.0795 6944 wscsvc - ok
15:29:25.0795 6944 WSearch - ok
15:29:25.0842 6944 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:29:25.0889 6944 wuauserv - ok
15:29:25.0904 6944 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:29:25.0936 6944 WudfPf - ok
15:29:25.0951 6944 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:25.0982 6944 WUDFRd - ok
15:29:25.0982 6944 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:29:26.0014 6944 wudfsvc - ok
15:29:26.0029 6944 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:29:26.0045 6944 WwanSvc - ok
15:29:26.0107 6944 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:29:26.0123 6944 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:29:26.0154 6944 MBR (0x1B8) (bb97c761113bfcbef8c9b1ffa3eae99e) \Device\Harddisk0\DR0
15:29:26.0419 6944 \Device\Harddisk0\DR0 - ok
15:29:26.0419 6944 Boot (0x1200) (2f698e767d2e3dee27e29311d6ae76da) \Device\Harddisk0\DR0\Partition0
15:29:26.0419 6944 \Device\Harddisk0\DR0\Partition0 - ok
15:29:26.0450 6944 Boot (0x1200) (6bb54a6d946defec3ff2c5c67ad78768) \Device\Harddisk0\DR0\Partition1
15:29:26.0450 6944 \Device\Harddisk0\DR0\Partition1 - ok
15:29:26.0497 6944 Boot (0x1200) (c3a575fdea1295aff28f950c795f5d31) \Device\Harddisk0\DR0\Partition2
15:29:26.0497 6944 \Device\Harddisk0\DR0\Partition2 - ok
15:29:26.0497 6944 ============================================================
15:29:26.0497 6944 Scan finished
15:29:26.0497 6944 ============================================================
15:29:26.0497 1480 Detected object count: 6
15:29:26.0497 1480 Actual detected object count: 6
15:29:47.0120 1480 CDMA Device Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:47.0120 1480 CDMA Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:47.0120 1480 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:47.0120 1480 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:47.0120 1480 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:47.0120 1480 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:47.0120 1480 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:47.0120 1480 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:47.0120 1480 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:47.0120 1480 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:47.0120 1480 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:47.0120 1480 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:38:11.0489 3232 Deinitialize success

DL'd aswMBAR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 15:54:10
-----------------------------
15:54:10.555 OS Version: Windows x64 6.1.7600 
15:54:10.555 Number of processors: 8 586 0x1E05
15:54:10.555 ComputerName: TONY-PC UserName: tony
15:54:13.394 Initialize success
15:54:49.485 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:54:49.485 Disk 0 Vendor: WDC_WD15 01.0 Size: 1430799MB BusType: 8
15:54:49.500 Disk 0 MBR read successfully
15:54:49.500 Disk 0 MBR scan
15:54:49.516 Disk 0 unknown MBR code
15:54:49.516 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:54:49.532 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1417870 MB offset 206848
15:54:49.563 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12827 MB offset 2904004608
15:54:49.610 Disk 0 scanning C:\Windows\system32\drivers
15:54:55.444 Service scanning
15:55:11.387 Modules scanning
15:55:11.403 Disk 0 trace - called modules:
15:55:11.434 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:55:11.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006397060]
15:55:11.450 3 CLASSPNP.SYS[fffff88001ac143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ff0050]
15:55:11.465 Scan finished successfully
15:59:52.136 Disk 0 MBR has been saved successfully to "C:\Users\tony\Desktop\New folder\MBR.dat"
15:59:52.151 The log file has been saved successfully to "C:\Users\tony\Desktop\New folder\aswMBR.txt"
no list for disabling!

Combofix;
ComboFix 12-04-10.01 - tony 10/04/2012 16:34:53.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6103.3757 [GMT 1:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\main.ico
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\UNWISE.EXE
c:\program files (x86)\Windows Searchqu Toolbar\UnwiseLauncher.exe
c:\programdata\SPL7583.tmp
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\tony\AppData\Local\TempDIR
c:\users\tony\Documents\~WRL0003.tmp
c:\users\tony\Documents\~WRL0005.tmp
c:\windows\_dsA275.tmp
c:\windows\SysWow64\SET3D32.tmp
c:\windows\SysWow64\SET63C4.tmp
c:\windows\SysWow64\SET64CF.tmp
c:\windows\SysWow64\SET7DDE.tmp
c:\windows\SysWow64\SET849A.tmp
c:\windows\SysWow64\SETD7DA.tmp
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 15:44 . 2012-04-10 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 18:26 . 2012-04-07 20:04 -------- dc----w- c:\users\tony\AppData\Local\MigWiz
2012-04-07 08:34 . 2012-04-07 08:34 -------- d-----w- c:\program files (x86)\Safer Networking
2012-04-07 08:12 . 2012-04-07 08:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-07 08:12 . 2012-04-07 08:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-06 13:51 . 2012-04-07 06:21 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2012-04-06 13:42 . 2012-04-06 14:02 -------- d-----w- c:\users\tony\AppData\Roaming\calibre
2012-04-06 13:42 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\Calibre2
2012-04-05 19:19 . 2012-04-05 19:19 -------- d-----w- c:\users\tony\Doctor Web
2012-04-05 19:15 . 2012-04-05 19:15 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-04-05 09:51 . 2012-04-07 19:26 -------- d-----w- c:\program files (x86)\7-Zip
2012-04-04 20:20 . 2012-04-07 06:21 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-04-04 19:39 . 2012-04-04 19:39 691 ----a-w- c:\users\tony\AppData\Roaming\GetValue.vbs
2012-04-04 19:39 . 2012-04-04 19:39 35 ----a-w- c:\users\tony\AppData\Roaming\SetValue.bat
2012-04-04 19:37 . 2012-04-04 21:06 5288 ----a-w- c:\windows\SysWow64\tmp.reg
2012-04-04 19:36 . 2008-12-12 00:57 78336 ----a-w- c:\windows\SysWow64\Agent.OMZ.Fix.exe
2012-04-04 19:36 . 2008-11-29 17:58 82944 ----a-w- c:\windows\SysWow64\IEDFix.C.exe
2012-04-04 19:36 . 2008-10-01 14:51 87552 ----a-w- c:\windows\SysWow64\VACFix.exe
2012-04-04 19:36 . 2008-09-20 11:45 80384 ----a-w- c:\windows\SysWow64\o4Patch.exe
2012-04-04 19:36 . 2008-08-18 11:19 82432 ----a-w- c:\windows\SysWow64\404Fix.exe
2012-04-04 19:36 . 2009-06-02 10:17 75776 ----a-w- c:\windows\SysWow64\WS2Fix.exe
2012-04-04 19:36 . 2008-05-18 20:40 82944 ----a-w- c:\windows\SysWow64\IEDFix.exe
2012-04-04 19:36 . 2007-09-05 23:22 289144 ----a-w- c:\windows\SysWow64\VCCLSID.exe
2012-04-04 19:36 . 2006-04-27 16:49 288417 ----a-w- c:\windows\SysWow64\SrchSTS.exe
2012-04-04 19:36 . 2004-07-31 17:50 51200 ----a-w- c:\windows\SysWow64\dumphive.exe
2012-04-04 19:16 . 2012-04-04 19:16 388096 ----a-r- c:\users\tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 19:16 . 2012-04-04 19:16 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-04 13:11 . 2012-04-07 19:46 -------- d-----w- c:\programdata\Doctor Web
2012-04-03 19:43 . 2012-04-04 19:54 -------- d-----w- c:\users\tony\AppData\Local\FileTypeAssistant
2012-04-03 19:42 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\File Type Assistant
2012-04-03 17:31 . 2012-04-07 06:21 -------- d-----w- c:\windows\en
2012-04-03 17:27 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-03 17:27 . 2012-04-07 06:21 -------- d-----w- c:\program files (x86)\Windows Live
2012-04-03 17:22 . 2012-04-03 17:22 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49e3c6cc1cd11be05\bingbarsetup.exe
2012-04-03 17:21 . 2012-04-03 17:21 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3ab9c82a1cd11be04\MeshBetaRemover.exe
2012-04-03 17:21 . 2012-04-03 17:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DSETUP.dll
2012-04-03 17:21 . 2012-04-03 17:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DXSETUP.exe
2012-04-03 17:21 . 2012-04-03 17:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\dsetup32.dll
2012-04-03 16:51 . 2012-04-03 16:51 -------- d-----w- c:\users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-04-03 16:50 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\blekkotb_soc
2012-04-03 16:49 . 2012-04-07 06:21 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-04-03 16:49 . 2012-04-03 16:49 -------- d-----w- c:\programdata\blekko toolbars
2012-04-03 13:07 . 2012-04-03 13:07 -------- d-----w- c:\users\tony\DoctorWeb
2012-04-03 12:18 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-04-03 12:18 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 14:36 . 2012-04-07 06:21 -------- d-----w- c:\users\tony\AppData\Roaming\AVG2012
2012-04-02 14:34 . 2012-04-07 06:21 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-02 14:34 . 2012-04-10 14:30 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-02 14:34 . 2012-04-02 14:34 -------- d-----w- C:\$AVG
2012-04-02 13:19 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\Avast
2012-04-02 11:35 . 2012-04-02 12:58 -------- d-----w- c:\programdata\Alwil Software
2012-04-01 19:21 . 2012-04-07 06:21 -------- d-----w- c:\programdata\InstallShield
2012-04-01 19:20 . 2012-04-01 19:20 -------- d-----w- c:\program files (x86)\Medea International Ltd
2012-04-01 19:10 . 2012-04-03 13:33 -------- d-----w- c:\program files (x86)\Easy CD & DVD Cover Creator
2012-04-01 08:22 . 2012-04-01 08:22 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 07:45 . 2012-04-01 08:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 18:43 . 2012-03-26 18:43 -------- d-----w- c:\users\tony\AppData\Roaming\NCH Software
2012-03-18 13:55 . 2012-03-18 13:55 -------- d-----w- c:\program files (x86)\NetRatingsNetSight
2012-03-17 19:07 . 2012-03-17 19:07 -------- d-----w- c:\windows\SysWow64\TVUAx
2012-03-17 13:17 . 2012-03-17 13:17 -------- d-----w- c:\programdata\2B3F
2012-03-17 09:42 . 2012-03-18 11:13 -------- dc-h--w- c:\programdata\~0
2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\users\tony\AppData\Roaming\WildTangent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 08:43 . 2010-03-18 22:09 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-10 08:42 . 2010-05-23 17:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-10 08:42 . 2010-03-18 22:09 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-07 15:24 . 2012-01-11 20:39 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-07 15:24 . 2010-05-16 18:14 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-07 15:19 . 2010-05-09 17:03 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-01 08:22 . 2011-05-18 17:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 21:32 . 2010-05-09 17:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-20 02:51 . 2012-04-02 12:12 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1DCB5D8-88CF-4774-BB24-ABC59F0BCECC}\mpengine.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 20:12 . 2011-04-27 11:32 101360 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-05 15:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-03-18 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 04:25 . 2012-02-22 04:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 04:25 . 2012-02-22 04:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-21 16:16 . 2012-02-21 16:16 53248 ----a-r- c:\users\tony\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2010-08-04 00:54 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2010-08-04 00:28 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2010-08-04 00:21 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-03-03 03:06 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2010-08-04 00:14 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-31 03:46 . 2012-01-31 03:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-18 06:44 . 2010-07-27 07:14 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 06:44 . 2010-07-27 07:14 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 06:44 . 2010-07-27 07:14 4865568 ----a-w- c:\windows\system32\drivers\LVUVC64.sys
2012-01-18 06:44 . 2010-07-27 07:13 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 06:44 . 2012-01-18 06:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 06:44 . 2010-07-27 07:13 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 06:44 . 2012-01-18 06:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 06:44 . 2010-07-27 07:08 176416 ----a-w- c:\windows\system32\LVCod64.dll
2012-01-18 06:44 . 2010-07-27 07:07 307488 ----a-w- c:\windows\SysWow64\LVCodec2.dll
2012-01-18 06:23 . 2012-01-18 06:23 38958 ----a-w- c:\windows\system32\Repository.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]
2012-03-14 19:42 85288 ----a-w- c:\program files (x86)\blekkotb_soc\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}"= "c:\program files (x86)\blekkotb_soc\blekkotb_019X.dll" [2012-03-14 85288]
.
[HKEY_CLASSES_ROOT\clsid\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-12-01 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-04 296056]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-05-03 306496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2010-10-04 25648]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-07 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-07 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-07 296048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-01-25 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/07 20:24];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-17 17:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-12-13 523136]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-07 976696]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:22]
.
2010-07-11 c:\windows\Tasks\Chameleon Monitor-startup-tony.job
- c:\program files (x86)\Common Files\Chameleon Manager\monitor.exe [2010-06-09 10:02]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 19:39]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 19:39]
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120403C51C45BCA912C390D5232A64&tbp=homepage
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - (no file)
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-TaskTray - (no file)
Notify-GoToAssist - (no file)
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\BROWSE~1.DLL
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Wincore MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,6c,43,24,25,8a,80,e7,f0,47,31,4d,2a,29,09,b8,f3,54,80,47,31,9a,4c,
e9,5c,fe,a6,10,b8,ad,2c,41,6c,c3,b4,a9,3f,b9,3f,1c,bd,76,14,26,15,dd,40,aa,\
"??"=hex:eb,d2,a3,8f,e2,18,9a,95,4e,92,26,3d,b4,8d,f6,c8
.
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SecuROM\License information*]
"datasecu"=hex:98,b9,91,0b,e2,bd,b5,c5,e3,c5,26,03,0e,b6,f5,7d,94,13,82,97,23,
8f,e3,c0,12,a6,76,74,d1,9b,6c,ee,67,29,89,01,2d,6b,62,37,30,36,ab,f1,df,1d,\
"rkeysecu"=hex:5b,db,b1,5f,32,d6,7e,fa,9e,17,6e,58,3b,5a,95,4c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Completion time: 2012-04-10 17:21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 16:21
.
Pre-Run: 967,985,111,040 bytes free
Post-Run: 968,041,177,088 bytes free
.
- - End Of File - - A9E5B1907C64C49058B5AC134A50CEF8

I think Windows recovery Console must be installed.

After running combofix pc rebooted !

All for now
BET I didnt get this right !
Tony


----------



## obxtony (Aug 17, 2008)

Cant open my BT or Yahoo broser now !!


----------



## eddie5659 (Mar 19, 2001)

You got everything correct, but not sure why Yahoo or BT browser isn't working 

Can you still get on the internet? I'm assuming this is the same computer you replied on, so it may be that the malware was linked to the pages. Can you access any other pages okay?

Can you run this tool for me, as this is the one where we can fully get to start with the malware, though a lot has been removed already 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## obxtony (Aug 17, 2008)

I just posted the reply and came to check it but it did not load for some reason! so Ill try again!
OTL logfile created on: 10/04/2012 22:06:21 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 64.77% Memory free
11.92 Gb Paging File | 9.37 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 911.57 Gb Free Space | 65.83% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 21:46:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL.exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/03/26 15:44:40 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/03/26 15:44:40 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/20 22:32:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2011/12/04 18:38:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/12/01 23:37:30 | 000,385,024 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/10 17:10:23 | 000,115,137 | ---- | M] () -- C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 13:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/06/15 10:42:24 | 001,206,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6989a7f98486e07c8853a1cbac0b018b\System.Management.ni.dll
MOD - [2011/06/15 10:41:24 | 000,760,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\2b64b354c9d774b00e34a38ca2f2bbf5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/15 10:41:13 | 001,777,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cda290604367dfed56f629590d9b247f\System.Xaml.ni.dll
MOD - [2011/06/14 20:42:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\443b11b528455611c7549b56349a56eb\System.Runtime.Remoting.ni.dll
MOD - [2011/06/14 20:42:12 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll
MOD - [2011/06/14 20:42:07 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll
MOD - [2011/06/14 20:41:53 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93e867e55d7df3a8b4bd1aba3af6f18d\WindowsBase.ni.dll
MOD - [2011/06/14 20:41:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll
MOD - [2011/06/14 20:41:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll
MOD - [2011/06/14 20:41:46 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll
MOD - [2011/06/14 20:41:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/14 20:22:41 | 017,640,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3301988e8bf82eb201a369b200a62aff\PresentationFramework.ni.dll
MOD - [2011/06/14 20:22:31 | 011,059,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1e7c8398208782f3052122e52ab5f811\PresentationCore.ni.dll
MOD - [2011/06/14 20:22:28 | 013,083,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1af7f78f2e767951259c73e1a1a94627\System.Windows.Forms.ni.dll
MOD - [2011/06/14 20:22:21 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7256c72bca2e8230e59ce69b426f4e80\PresentationFramework.Aero.ni.dll
MOD - [2011/06/14 20:22:12 | 007,029,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4fdda3a7262d4e7a6a6efb4ae2d8629b\System.Core.ni.dll
MOD - [2011/06/14 20:22:09 | 005,577,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\17e40bc51087ecebc2a73dca2a192182\System.Xml.ni.dll
MOD - [2011/06/14 20:22:09 | 003,783,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\219da7501f7f0b9129a781bad64b4079\WindowsBase.ni.dll
MOD - [2011/06/14 20:22:08 | 001,651,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a315406b55b1be4a462e2a0b33c4ad13\System.Drawing.ni.dll
MOD - [2011/06/14 20:22:06 | 009,027,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\795237f85cf5c8ff5a0499604698be19\System.ni.dll
MOD - [2011/05/14 20:32:50 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\658bbc023e2f4f4e802be9483e988373\mscorlib.ni.dll
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/02/15 04:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/04/01 09:22:51 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 15:44:40 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/20 22:32:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/03 19:46:26 | 000,306,496 | ---- | M] (The Nielsen Company) [Disabled | Stopped] -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 22:07:06 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/26 15:45:32 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/02/15 04:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/02/15 04:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/02/15 03:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/03/26 15:45:32 | 000,296,048 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/03/26 15:45:32 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/10/04 19:06:28 | 000,025,648 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys -- (nnfwdk)
DRV - [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=224&systemid=1&sr=0&q={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=224&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKLM\..\SearchScopes\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}: "URL" = http://uk.woofi.info

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {131BA04D-6260-47F0-BA4F-4CA582791AB7}
IE - HKCU\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PLTV5&o=15197&src=crm&q={searchTerms}&locale=en_UK
IE - HKCU\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/TOO...120403C51C45BCA912C390D5232A64&q={searchTerms}
IE - HKCU\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=224&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKCU\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}: "URL" = http://uk.woofi.info
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/07 07:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_0c.com: C:\Program Files (x86)\Maps4PC_0c\bar\1.bin [2012/04/10 15:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2012/04/10 17:09:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [ypagerps7] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9:*64bit:* - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8BB1216-68BF-461B-AEAC-74DC30A29905}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\ipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative64)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 20:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Search Protection
[2012/04/10 20:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/10 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28}
[2012/04/10 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1}
[2012/04/10 18:19:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/10 18:08:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/04/10 18:08:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/10 16:33:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/10 16:33:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/10 16:33:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/10 16:05:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 16:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\obxtony
[2012/04/10 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\New folder
[2012/04/09 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4}
[2012/04/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37}
[2012/04/09 18:05:13 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\unusual icons
[2012/04/08 19:19:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C}
[2012/04/08 19:19:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7}
[2012/04/07 21:58:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115}
[2012/04/07 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2}
[2012/04/07 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\MigWiz
[2012/04/07 09:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/04/07 09:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/04/07 09:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/06 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF}
[2012/04/06 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F}
[2012/04/06 14:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Runtime
[2012/04/06 14:42:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\calibre
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/04/06 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\calibre
[2012/04/06 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\dds
[2012/04/06 09:29:52 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\HiJackThis
[2012/04/06 09:21:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\tony\Desktop\dds.pif
[2012/04/05 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
[2012/04/05 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
[2012/04/05 20:51:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
[2012/04/05 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\anti virus progs
[2012/04/05 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
[2012/04/05 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\tony\Doctor Web
[2012/04/05 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012/04/05 11:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/04/04 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/04 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/04 20:36:42 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2012/04/04 20:36:42 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2012/04/04 20:36:42 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2012/04/04 20:36:42 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2012/04/04 20:36:42 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2012/04/04 20:36:41 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2012/04/04 20:36:41 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2012/04/04 20:36:41 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2012/04/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/04 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2012/04/04 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
[2012/04/04 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
[2012/04/03 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\FileTypeAssistant
[2012/04/03 20:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/04/03 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
[2012/04/03 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
[2012/04/03 18:31:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/03 18:27:06 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/04/03 18:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/04/03 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/04/03 17:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb_soc
[2012/04/03 17:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/04/03 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/04/03 14:07:27 | 000,000,000 | ---D | C] -- C:\Users\tony\DoctorWeb
[2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/04/03 13:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/04/02 15:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/02 15:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/04/02 14:51:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
[2012/04/02 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avast
[2012/04/02 12:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/04/01 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
[2012/04/01 20:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/04/01 20:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1
[2012/04/01 20:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medea International Ltd
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy CD & DVD Cover Creator
[2012/04/01 13:17:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
[2012/04/01 09:22:24 | 008,738,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 08:45:22 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
[2012/03/30 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21}
[2012/03/29 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254}
[2012/03/28 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158}
[2012/03/27 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681}
[2012/03/27 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F}
[2012/03/26 19:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012/03/26 19:43:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\NCH Software
[2012/03/26 16:00:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0}
[2012/03/26 15:59:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{DB4E6178-9220-4CC1-A907-8C4A748864AC}
[2012/03/25 13:24:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{E70BEA43-EE38-4B90-A0D0-CC548B418F1E}
[2012/03/25 13:24:32 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C174684F-B933-48DA-9705-55BAD924DFDC}
[2012/03/24 12:25:14 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{849B5759-7852-4C16-A587-DF56D1150EA5}
[2012/03/24 12:24:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{01FAD4A7-E417-4E09-9764-76CBE8829BDE}
[2012/03/23 12:01:03 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A9929552-2911-405F-AA91-9BEA9F27082D}
[2012/03/23 12:00:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{4C5C1DF7-380F-4600-A527-60E56CD5BA2D}
[2012/03/22 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{94A1ECFB-DF46-47D2-B106-D853457126AE}
[2012/03/22 19:54:04 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{24D3FA49-06C1-44B6-B683-53686ADE2D5F}
[2012/03/21 16:26:27 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{DF9A6783-B1C2-445D-AD89-C2AB4C6478D0}
[2012/03/21 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{E32EE5AA-30BC-47D4-BC9E-A71A2B8E9136}
[2012/03/21 13:45:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{834ED68F-4F61-465C-B4AC-F1884944BBE2}
[2012/03/20 22:27:58 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{DC935FC3-0C2B-4127-BC0F-7D7E85337B0E}
[2012/03/20 22:27:24 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{4245FF05-0B0E-49B7-A8EB-1CF0F3B774F5}
[2012/03/19 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AD552651-31B8-4E97-84C9-C49E8D7D9AC6}
[2012/03/19 11:01:07 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{07D25B5A-17C4-4616-AAE1-020AB012BC1B}
[2012/03/18 15:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012/03/18 15:17:06 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C5D1C926-6914-430D-9D25-E9EB099BCDAE}
[2012/03/18 15:16:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{17022418-EFB5-48E8-8915-60F28EEA680A}
[2012/03/18 14:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetRatingsNetSight
[2012/03/17 20:27:31 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C7291D45-499C-4F2A-9EA0-E2AE88AEA7B5}
[2012/03/17 20:27:11 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EEE64569-14D4-47ED-A8A7-6741340A89F9}
[2012/03/17 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx
[2012/03/17 14:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\2B3F
[2012/03/17 10:42:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012/03/16 15:50:34 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{4A92015F-8B2A-4231-A519-69C6F5680023}
[2012/03/16 15:50:14 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{63ACDDB5-591D-4101-922C-261D90664994}
[2012/03/15 17:31:31 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\WildTangent
[2012/03/15 16:51:17 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{55F35A7D-3476-4475-AF8C-D88979F17CC6}
[2012/03/15 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{CD3F0C06-74D2-4139-8771-DC8D9B94E9D5}
[2012/03/14 16:57:49 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3EE7F7A3-C7D2-4E21-900D-B1E9629FE9A1}
[2012/03/14 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{34225C47-E35C-4AE5-867C-46777366C0AC}
[2012/03/13 17:36:54 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{7DC91A46-5D37-48E8-A060-108191ACD86F}
[2012/03/13 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{50243C6D-E12B-4D34-BF69-9DE3A099A3B5}
[2012/03/12 15:40:03 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C6105D5A-7429-410C-968F-7BCADE6F32C2}
[2012/03/12 15:39:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{94863E65-1D04-4CB6-9EE1-8FF9AEC2DB8F}
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 21:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 21:22:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/10 20:01:38 | 000,001,165 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/10 20:01:38 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/10 20:00:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 20:00:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 19:50:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 19:48:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/10 19:48:28 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/10 19:05:30 | 000,017,407 | ---- | M] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/10 17:09:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/10 15:30:53 | 000,277,018 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/10 09:40:53 | 094,379,315 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/09 19:12:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/09 18:19:51 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\War Inc Battlezone.lnk
[2012/04/08 09:31:47 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/08 09:31:47 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/08 09:31:47 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/07 16:24:06 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/07 16:24:06 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/07 16:19:59 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/07 09:12:31 | 000,001,288 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | M] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/06 09:18:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\tony\Desktop\dds.pif
[2012/04/04 22:06:24 | 000,005,288 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2012/04/04 20:39:39 | 000,000,691 | ---- | M] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | M] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:04:08 | 000,150,880 | ---- | M] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 19:31:21 | 000,623,705 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/04 18:56:35 | 000,000,036 | ---- | M] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 17:22:48 | 000,008,409 | ---- | M] () -- C:\Users\tony\ia_remove.sh
[2012/04/03 11:01:58 | 000,000,302 | ---- | M] () -- C:\Users\tony\AppData\Roaming\system.conf
[2012/04/02 15:59:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/02 14:58:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/02 13:14:05 | 000,001,256 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/02 09:11:45 | 000,348,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/01 09:22:51 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/01 09:22:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/01 09:22:24 | 008,738,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/26 19:43:28 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
[2012/03/26 15:45:32 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/03/20 22:32:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/18 15:00:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nnfwdk64_01009.Wdf
[2012/03/18 15:00:27 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/03/15 17:31:49 | 000,001,297 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 20:01:38 | 000,001,165 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/10 20:01:38 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/10 19:05:30 | 000,017,407 | ---- | C] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/10 16:33:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/10 16:33:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/10 16:33:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/10 16:33:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/10 16:33:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/10 15:30:53 | 000,277,018 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/10 09:40:53 | 094,379,315 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/09 19:12:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/09 18:19:51 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\War Inc Battlezone.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | C] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | C] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:37:22 | 000,005,288 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2012/04/04 20:36:41 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2012/04/04 20:36:41 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2012/04/04 20:36:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/04/04 20:04:08 | 000,150,880 | ---- | C] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 19:31:21 | 000,623,705 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/04 18:56:35 | 000,000,036 | ---- | C] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/03 18:29:01 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/03 18:28:47 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/03 18:28:26 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/03 18:28:10 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/03 17:50:49 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chat Messenger.lnk
[2012/04/03 17:22:48 | 000,008,409 | ---- | C] () -- C:\Users\tony\ia_remove.sh
[2012/04/03 10:01:00 | 000,000,302 | ---- | C] () -- C:\Users\tony\AppData\Roaming\system.conf
[2012/04/02 15:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/01 08:45:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/26 19:43:28 | 000,001,208 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2012/03/26 19:43:28 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
[2012/03/18 15:00:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nnfwdk64_01009.Wdf
[2012/03/18 15:00:27 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/03/15 17:31:49 | 000,001,297 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/11 21:39:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 18:59:11 | 000,001,854 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml
[2011/07/15 12:25:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/07/15 12:25:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2011/07/15 12:25:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/07/15 12:25:23 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/07/07 18:40:34 | 000,145,704 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/14 19:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/02 17:23:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/02 17:23:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/18 12:59:49 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/06 10:11:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/20 13:31:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/23 18:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/09 18:03:08 | 001,957,672 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/09 18:03:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/27 18:40:00 | 000,000,620 | ---- | C] () -- C:\Users\tony\AppData\Roaming\wklnhst.dat
[2010/04/15 14:34:13 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll

========== Files - Unicode (All) ==========
[2011/11/02 20:36:04 | 000,000,128 | ---- | M] ()(C:\Windows\??) -- C:\Windows\䃣
[2011/11/02 20:33:57 | 000,000,128 | ---- | C] ()(C:\Windows\??) -- C:\Windows\䃣

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >

OTL Extras logfile created on: 10/04/2012 22:06:21 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 64.77% Memory free
11.92 Gb Paging File | 9.37 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 911.57 Gb Free Space | 65.83% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- Reg Error: Value error.
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- Reg Error: Value error.
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{10E77956-A7A7-6E1E-01E9-7B762A76E1ED}" = ATI AVIVO64 Codecs
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C1C9924-3755-483C-87B1-8371B7454B1A}" = HP Photosmart Plus B210 series Product Improvement Study
"{7D451293-B3FC-4664-B1B4-552B28736D05}" = AVG 2012
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{F4330A8B-3610-4483-975E-69789B70A764}" = HP Photosmart Plus B210 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{10EBB586-D21E-60CA-0856-AA753EBE1F16}" = Application Profiles
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update 1.11.3.1 for "Men of War"
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.17.5.1" = Update 1.17.5.1 for "Men of War"
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6F3DFFAB-6DDA-42DA-A22C-F45C697B7812}" = calibre
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1" = War Inc Battlezone version 1.0.0
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB42C935-456E-4A6C-B357-FDEE7A59FE21}" = exPressit SE
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C3DF1C57-780A-DB9C-F30A-68EB45526761}" = Catalyst Control Center InstallProxy
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAB2393-4F5F-CBC3-80E0-167B8B7C5437}" = HydraVision
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Amazon Kindle" = Amazon Kindle
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"ArmA 2" = ArmA 2 Uninstall
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Image Converter_is1" = AVS Image Converter 1.3.1.136
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Battlelog Web Plugins" = Battlelog Web Plugins
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"BitTornado" = BitTornado 0.3.18
"blekkotb_soc" = Blekko search bar
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"Cross Fire_is1" = Cross Fire En
"Disketch" = Disketch CD Label Software
"Download Manager" = Download Manager 2.3.10
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"EasyBits Magic Desktop" = Magic Desktop
"ESN Sonar-0.70.4" = ESN Sonar
"ExpressBurn" = Express Burn Disc Burning Software
"Free Download Manager_is1" = Free Download Manager 3.0
"GoToAssist" = GoToAssist Corporate
"Graboid Video" = Graboid Video 1.73
"Hardware Helper_is1" = Hardware Helper
"HP Photo Creations" = HP Photo Creations
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"JoneSoft MD5Mate_is1" = JoneSoft MD5Mate v1.1.0
"LimeWire" = LimeWire 5.5.10
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"NetSight" = Nielsen
"NoteWorthy Composer 2 Viewer" = NoteWorthy Composer 2 Viewer
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rapport_msi" = Rapport
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"Smart Defrag 2_is1" = Smart Defrag 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 107900" = War Inc. Battlezone
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 1230" = Mare Nostrum
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 3130" = Men of War: Red Tide
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 55100" = Homefront
"Steam App 64000" = Men of War: Assault Squad
"Steam App 90600" = Company of Heroes Retail Beta
"Trojan Remover_is1" = Trojan Remover 6.8.3
"Trusted Software Assistant_is1" = File Type Assistant
"TVUPlayer" = TVUPlayer 2.5.2.2
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = HP Games
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Search Defender" = Yahoo! Search Protection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

hope this goes through this time
rgds Tony


----------



## eddie5659 (Mar 19, 2001)

Yep, it worked okay 

I'm going thru the log now, will reply in a bit as I see you're here


----------



## eddie5659 (Mar 19, 2001)

Phew, that took a while 

Okay, upon further researching on the log, can you see if you can uninstall these as well:

*Yontoo Layers Runtime 1.10.01
BearShare
MediaBar - may be called Bearshare Media Bar
BitTornado
Blekko search bar
LimeWire
Smart Defrag 2
Vuze*

Then, can you run this fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT1561552
IE - HKLM\..\SearchScopes\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}: "URL" = http://uk.woofi.info
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?cl...}&locale=en_UK
IE - HKCU\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/TOOL...q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&...q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT1561552
IE - HKCU\..\SearchScopes\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}: "URL" = http://uk.woofi.info
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_0c .com: C:\Program Files (x86)\Maps4PC_0c\bar\1.bin [2012/04/10 15:03:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O2 - BHO: (no name) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - No CLSID value found.
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2012/04/06 14:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Runtime
[2012/04/03 17:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb_soc
[2012/04/03 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
[2011/11/02 20:36:04 | 000,000,128 | ---- | M] ()(C:\Windows\??) -- C:\Windows\&#61436;&#16611;
[2011/11/02 20:33:57 | 000,000,128 | ---- | C] ()(C:\Windows\??) -- C:\Windows\&#61436;&#16611;
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

--------

Then, as there are some files/folders I'm curious about, can you run this as well:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
C:\ProgramData\2B3F /sub
C:\ProgramData\~0 /sub
:file
C:\Windows\SysWow64\tmp.reg
C:\Users\tony\AppData\Roaming\GetValue.vbs
C:\Users\tony\AppData\Roaming\SetValue.bat
C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
C:\Windows\SysNative\drivers\AVer888RC_64.sys
C:\Windows\SysNative\drivers\AVer888RCIR_64.sys
C:\ProgramData\2B3F
C:\ProgramData\~0
:filefind
*ypagerps7*
:folderfind
*ypagerps7
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

-------------------------

eddie


----------



## obxtony (Aug 17, 2008)

Hi again!!
Firstly I could only find 
Bit Tornado
Smartdefrag2
Bleko search bar

Sorry I looked everywhere I could think of for the others but no go Im afraid.

Here are the 2 reports: 
OTL;
All processes killed
Error: Unable to interpret <Run OTL > in the current context!
Error: Unable to interpret <Under the Custom Scans/Fixes box at the bottom, paste in the following > in the current context!
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Error: No service named SmartDefragDriver was found to stop!
Service\Driver key SmartDefragDriver not found.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB4691B7-6B74-490C-8D48-CC1BD7EECF10}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_0c .com: C:\Program Files (x86)\Maps4PC_0c\bar\1.bin not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}\ not found.
File C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}\ not found.
File C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime folder moved successfully.
Folder C:\Program Files (x86)\blekkotb_soc\ not found.
C:\ProgramData\blekko toolbars folder moved successfully.
C:\Windows\SysNative\SET6036.tmp deleted successfully.
C:\Windows\SysNative\SET84EA.tmp deleted successfully.
C:\Windows\SysNative\SETEB87.tmp deleted successfully.
C:\Windows\6833245EDD86479A882A8360D62C8194.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\6833245EDD86479A882A8360D62C8194.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\SysWow64\ConduitEngine.tmp deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
Unable to delete ADS C:\Users\tony\Downloads:Shareaza.GUID .
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
C:\Windows\䃣 moved successfully.
File C:\Windows\䃣 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\tony\Downloads\cmd.bat deleted successfully.
C:\Users\tony\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tony
->Temp folder emptied: 6734124 bytes
->Temporary Internet Files folder emptied: 247369741 bytes
->Java cache emptied: 416 bytes
->Apple Safari cache emptied: 8443904 bytes
->Flash cache emptied: 14512 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1052622 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 1915 bytes

Total Files Cleaned = 251.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: tony
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: tony
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04122012_154611
Files\Folders moved on Reboot...
C:\Users\tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9P1QCVZ\1048182-mr-2[1].htm moved successfully.
Registry entries deleted on Reboot...

System Look;

SystemLook 30.07.11 by jpshortstuff
Log created at 15:57 on 12/04/2012 by tony
Administrator - Elevation successful
========== dir ==========
C:\ProgramData\2B3F - Parameters: "/sub"
---Files---
{1A30F0F1-4273-4646-9C67-41B4DCD8884D}.swf --a---- 3526 bytes [13:17 17/03/2012] [09:45 17/03/2012]
No folders found.
C:\ProgramData\~0 - Parameters: "/sub"
---Files---
None found.
No folders found.
========== file ==========
C:\Windows\SysWow64\tmp.reg - File found and opened.
MD5: 2580684C922C5B8B507A2A4D8962A2DD
Created at 19:37 on 04/04/2012
Modified at 21:06 on 04/04/2012
Size: 5288 bytes
Attributes: --a----
No version information available.
C:\Users\tony\AppData\Roaming\GetValue.vbs - File found and opened.
MD5: EE346E0A4140CE77C96FF6FCB1CFF076
Created at 19:39 on 04/04/2012
Modified at 19:39 on 04/04/2012
Size: 691 bytes
Attributes: --a----
No version information available.
C:\Users\tony\AppData\Roaming\SetValue.bat - File found and opened.
MD5: E152C2E083BB18DF3770DE4040E3F391
Created at 19:39 on 04/04/2012
Modified at 19:39 on 04/04/2012
Size: 35 bytes
Attributes: --a----
No version information available.
C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll - File found and opened.
MD5: 949AF3E92B8ADF423A222F4A27A41A30
Created at 14:51 on 12/04/2012
Modified at 14:51 on 12/04/2012
Size: 115137 bytes
Attributes: --a----
FileDescription: 
FileVersion: 5, 3, 2, 6
ProductVersion: 5, 3, 2, 6
OriginalFilename: 
InternalName: 
ProductName: 
LegalCopyright: 
C:\Windows\SysNative\drivers\AVer888RC_64.sys - Unable to find/read file.
C:\Windows\SysNative\drivers\AVer888RCIR_64.sys - Unable to find/read file.
C:\ProgramData\2B3F - Unable to find/read file.
C:\ProgramData\~0 - Unable to find/read file.
========== filefind ==========
Searching for "*ypagerps7*"
No files found.
========== folderfind ==========
Searching for "*ypagerps7"
No folders found.
-= EOF =-

I hope this is ok and I didnt forget anything??
Regards again
Tony


----------



## obxtony (Aug 17, 2008)

Hi again,
I was doing a search of the C:| drive and found a LOT of references to VUZE.
I have deleted them and they are sitting in the Wastebasket in case I have done wrong?
I also found Bearshare in C:\users|tony\My Music, so dod the same with that Cant find Limewire nor Media bar anywhere but Ill keep looking !
Rgds again 
Tony


----------



## obxtony (Aug 17, 2008)

Sorry I forgtot to mention it, since doing all these searches my Factory Image Drice D has doubled in size and just a little room left!


----------



## eddie5659 (Mar 19, 2001)

Hi Tony

I'll look at this fully in a min, as I've just got in from work, but we'll be removing the remains of all the programs we uninstalled 

I know you said you play the games, but you have a lot installed. Do you play all of these:

*Silent Hunter 4 Wolves of the Pacific
Men of War 
Company of Heroes
OF Dragon Rising
Battlefield: Bad Company™ 2
Battlefield 3™
Battlefield Play4Free
The Lord of the Rings FREE Trial 
Soldier Front
Silent Hunter III
War Inc Battlezone version 1.0.0
Call of Duty(R) - World at War(TM)
Far Cry 2
ArmA 2 
*

I used to have Bad Company 2 and I know it uses a lot of space, and Battlefield 3 (which I play now) can take quite a lot of space.

I tend to just have one or two games installed, as I have the disks. Is there any you can uninstall?

eddie


----------



## obxtony (Aug 17, 2008)

Yep Ill uninstall a few now, cant uninstall the subsim ones Im afraid they have no discs.
Thanks again


----------



## obxtony (Aug 17, 2008)

removed:
Of Dragons Rising
Far Cry 2
Arma 2
Battlefield Play for free
#BFBC2
COD Mod Warfare 2
Company of Heroes Company of heroes Beta
Crysis 2
Fear 2
COD World at War
War Inc
Soldier front.

Ill peruse and see what else I can ditch
Rgds
Tony


----------



## eddie5659 (Mar 19, 2001)

I see you kept Battlefield 3 

What is your game name, as I play this a lot with my group called a clan, so may pop in when you're playing sometime :up:

My name is kronenbourg73

--

Back to the thread 

Okay, you have a couple of files I want to look at deeper. Some point towards malware, but some are just suspect and may actually be okay.

So, can you do this for me:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\ProgramData\2B3F\{1A30F0F1-4273-4646-9C67-41B4DCD8884D}.swf
> C:\Windows\SysWow64\tmp.reg
> C:\Users\tony\AppData\Roaming\GetValue.vbs
> ...


Let me know when they're uploaded 

-----

Then, can you run SystemLookUp again, but with the following code instead. It may be a long log, so if you want to attach it, that's fine 


```
:filefind
*Radio*
*Vuze*
*MyWebsearch*
*Maps4PC*
*MediaBar*
*PriceGong*
*Conduit*
*Searchqu*
*ALOT*
*Paltalk*
*Bandoo*
*IObit*
*BitTornado*
*BearShare*
*LimeWire*
*Yontoo*
*BearShare*
*BitTornado*
*Blekko*
*Tarma*
:folderfind
*ask.com
*Radio*
*Vuze*
*MyWebsearch*
*Maps4PC*
*MediaBar*
*PriceGong*
*Conduit*
*Searchqu*
*ALOT*
*Paltalk*
*Bandoo*
*IObit*
*BitTornado*
*BearShare*
*LimeWire*
*Yontoo*
*BearShare*
*BitTornado*
*Blekko*
*Smart Defrag*
*Tarma*
*Of Dragons Rising*
*Far Cry*
*Arma*
*Battlefield*
*BFBC2*
*COD*
*Company of Heroes*
*Crysis*
*Fear*
*Soldier*
:regfind
ask.com
Vuze
MyWebsearch
Maps4PC
MediaBar
PriceGong
Conduit
Searchqu
ALOT
Paltalk
Bandoo
IObit
BitTornado
BearShare
LimeWire
Yontoo
BearShare
BitTornado
Blekko
Smart Defrag
Tarma Installer
```
eddie


----------



## obxtony (Aug 17, 2008)

I cant find the 'New Topics' to upload the file to??


----------



## obxtony (Aug 17, 2008)

oops did it wrong I think!!


----------



## eddie5659 (Mar 19, 2001)

That's okay, this is how to upload:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *SystemLookUp.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## obxtony (Aug 17, 2008)

says its an ivalid file??
are we talking about the zip file?


----------



## obxtony (Aug 17, 2008)

Close this window Manage Attachments Upload Errors*requested-files[2012-04-15_20_40].cab*:
Invalid File 
Close this window Manage Attachments Upload Errors*requested-files[2012-04-15_20_40].cab*:
Invalid File 
says it an invalid file


----------



## obxtony (Aug 17, 2008)

Wheres that damn gun??
Oh btw
my name is obxtony in bf3


----------



## eddie5659 (Mar 19, 2001)

Sorry, just realsied what you meant.

Looks like it worked at SpywareKiller :up:

I was thinking you meant the SystemLook file, so that's why I posted how to do it here. My mistake 

I'll look at them soon 

Ignore the cab files to upload here


----------



## eddie5659 (Mar 19, 2001)

Found you, and adding you as a freind


----------



## obxtony (Aug 17, 2008)

any more edie??
I need my meds now
damn cancer gets worse when its cold n damp!!


----------



## eddie5659 (Mar 19, 2001)

Sorry, had to log off for a bit 

If you can do this, I think we're getting near complete 


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
*Radio*
*Vuze*
*MyWebsearch*
*Maps4PC*
*MediaBar*
*PriceGong*
*Conduit*
*Searchqu*
*ALOT*
*Paltalk*
*Bandoo*
*IObit*
*BitTornado*
*BearShare*
*LimeWire*
*Yontoo*
*BearShare*
*BitTornado*
*Blekko*
*Tarma*
:folderfind
*ask.com
*Radio*
*Vuze*
*MyWebsearch*
*Maps4PC*
*MediaBar*
*PriceGong*
*Conduit*
*Searchqu*
*ALOT*
*Paltalk*
*Bandoo*
*IObit*
*BitTornado*
*BearShare*
*LimeWire*
*Yontoo*
*BearShare*
*BitTornado*
*Blekko*
*Smart Defrag*
*Tarma*
*Of Dragons Rising*
*Far Cry*
*Arma*
*Battlefield*
*BFBC2*
*COD*
*Company of Heroes*
*Crysis*
*Fear*
*Soldier*
:regfind
ask.com
Vuze
MyWebsearch
Maps4PC
MediaBar
PriceGong
Conduit
Searchqu
ALOT
Paltalk
Bandoo
IObit
BitTornado
BearShare
LimeWire
Yontoo
BearShare
BitTornado
Blekko
Smart Defrag
Tarma Installer
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## obxtony (Aug 17, 2008)

Sorry Edie my friend ..I sent the log files last thing, unfortunately a message said it was to large to send!! So I sent it in 2 halves which do not seem to have arrived but I shall indeed try again!


----------



## obxtony (Aug 17, 2008)

Still to big to go through so I'll split the code in half if thats ok?
Hope it works!


----------



## obxtony (Aug 17, 2008)

damn system rebooted for some reason, had to log into all my accounts again, very strange!
Well the code file never went through so Ill try again in 2 halves !!


----------



## obxtony (Aug 17, 2008)

========== folderfind ==========
Searching for "*ask.com"
No folders found.
Searching for "*Radio*"
C:\Program Files (x86)\AVG Secure Search\radio d------ [10:32 26/01/2012]
C:\Program Files (x86)\AVG Secure Search\10.0.0.7\radio d------ [10:06 30/01/2012]
C:\Program Files (x86)\AVG Secure Search\9.0.0.23\radio d------ [10:32 26/01/2012]
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Customizations\Generic\Style\Standard\Media\Standard\Common\RadioButton d------ [20:24 07/01/2010]
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Customizations\Generic\Style\Standard\Media\Standard\Common\RadioButton d------ [20:22 20/03/2010]
C:\Program Files (x86)\Real\RealPlayer\DataCache\Radio d------ [17:38 04/12/2011]
C:\Program Files (x86)\Real\RealPlayer\DataCache\GetMedia\loc\en\radio d------ [17:38 04/12/2011]
C:\Program Files (x86)\Ubisoft\Silent Hunter 4 Wolves of the Pacific\Data\Sound\Radio d------ [19:30 06/10/2010]
C:\Program Files (x86)\Z8Games\CrossFire\rez\Snd2\english\Radio d------ [09:37 15/04/2010]
C:\Program Files (x86)\Z8Games\CrossFire\rez\Snd2\Ghost\Radio d------ [09:37 15/04/2010]
C:\Program Files (x86)\Z8Games\CrossFire\rez\Snd2\woman\Radio d------ [09:37 15/04/2010]
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1 d------ [19:06 11/06/2010]
C:\Users\tony\AppData\Roaming\Real\RealPlayer\Favorites\Radio d------ [17:38 04/12/2011]
Searching for "*Vuze*"
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote d------ [20:00 12/10/2010]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote d------ [19:07 21/10/2010]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote d------ [20:00 12/10/2010]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Documents\Vuze Downloads d------ [20:13 12/10/2010]
Searching for "*MyWebsearch*"
C:\Program Files (x86)\MyWebSearch d------ [11:34 15/04/2012]
C:\Users\tony\AppData\LocalLow\MyWebSearch d------ [21:01 19/03/2010]
Searching for "*Maps4PC*"
C:\Program Files (x86)\Maps4PC_0c d------ [19:57 30/07/2011]
C:\Program Files (x86)\Maps4PC_0cEI d------ [19:56 30/07/2011]
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Maps4PC_0c d------ [19:57 30/07/2011]
C:\Users\tony\AppData\LocalLow\Maps4PC_0c d------ [19:58 30/07/2011]
C:\Users\tony\AppData\LocalLow\Maps4PC_0cEI d------ [19:57 30/07/2011]
Searching for "*MediaBar*"
C:\Program Files (x86)\iMesh Applications\MediaBar d------ [21:05 12/11/2010]
C:\Users\tony\AppData\LocalLow\bearsharemediabartb d------ [22:39 15/11/2010]
C:\Users\tony\AppData\LocalLow\mediabarim d------ [09:45 17/03/2012]
Searching for "*PriceGong*"
C:\Users\tony\AppData\LocalLow\PriceGong d------ [18:07 09/07/2010]
Searching for "*Conduit*"
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Conduit d------ [19:06 11/06/2010]
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine d------ [20:00 12/10/2010]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Local\Conduit d------ [19:07 21/10/2010]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\ConduitEngine d------ [20:00 12/10/2010]
C:\Users\tony\AppData\Local\Conduit d------ [19:07 21/10/2010]
C:\Users\tony\AppData\Local\ConduitEngine d------ [19:07 21/10/2010]
C:\Users\tony\AppData\Local\ConduitEngine\Repository\conduit_ConduitEngine d------ [18:41 28/04/2011]
C:\Users\tony\AppData\LocalLow\Conduit d------ [19:06 11/06/2010]
Searching for "*Searchqu*"
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar d------ [15:44 10/04/2012]
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar d------ [21:16 12/11/2010]
C:\Users\tony\AppData\LocalLow\searchqutb d------ [21:16 12/11/2010]
Searching for "*ALOT*"
C:\Program Files (x86)\EasyBits For Kids\Users\All Users\Gamepad\Parkalot1 d------ [20:37 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\buildalot d------ [20:34 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\buildalot2 d------ [20:34 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\buildalot3 d------ [20:34 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\hexalot d------ [20:34 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80buildalot d------ [20:34 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80buildalot2 d------ [20:34 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80buildalot3 d------ [20:34 07/01/2010]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80hexalot d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\buildalot d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\buildalot2 d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\buildalot3 d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\hexalot d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80buildalot d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80buildalot2 d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80buildalot3 d------ [20:34 07/01/2010]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80hexalot d------ [20:34 07/01/2010]
C:\Users\tony\AppData\LocalLow\alotappbar d------ [14:41 28/09/2011]
Searching for "*Paltalk*"
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Paltalk Messenger d------ [19:15 18/05/2010]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PaltalkScene d------ [19:15 18/05/2010]
C:\System Volume Information\SystemRestore\FRStaging\Windows\PaltalkScene d------ [19:15 18/05/2010]
C:\Users\tony\AppData\Roaming\Paltalk d------ [19:15 18/05/2010]
Searching for "*Bandoo*"
C:\Program Files (x86)\BANDOO d------ [15:59 09/03/2012]
C:\ProgramData\Bandoo d------ [11:05 14/03/2011]
C:\Users\All Users\Bandoo d------ [11:05 14/03/2011]
C:\Users\tony\AppData\Roaming\Bandoo d------ [12:32 14/03/2011]
Searching for "*IObit*"
C:\Program Files (x86)\IObit d------ [19:41 13/07/2011]
C:\ProgramData\IObit d------ [19:43 13/07/2011]
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\IObit d------ [19:41 13/07/2011]
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter d------ [19:42 13/07/2011]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter d------ [19:14 17/03/2012]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit d------ [19:41 13/07/2011]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter d------ [19:42 13/07/2011]
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Uninstaller d------ [19:51 26/03/2012]
C:\Users\All Users\IObit d------ [19:43 13/07/2011]
C:\Users\tony\AppData\Roaming\IObit d------ [19:41 13/07/2011]
C:\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter d------ [19:42 13/07/2011]
C:\Users\tony\AppData\Roaming\IObit\IObit Uninstaller d------ [19:51 26/03/2012]
Searching for "*BitTornado*"
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado d------ [05:51 30/07/2010]
Searching for "*BearShare*"
C:\Users\tony\AppData\Local\BearShare d------ [22:39 15/11/2010]
C:\Users\tony\AppData\LocalLow\bearsharemediabartb d------ [22:39 15/11/2010]
Searching for "*LimeWire*"
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire d------ [06:00 17/07/2010]
C:\Users\tony\AppData\Roaming\LimeWire d------ [05:59 17/07/2010]
Searching for "*Yontoo*"
C:\Program Files (x86)\Yontoo d------ [11:43 14/04/2012]
C:\Users\tony\AppData\Local\Temp\YontooLayers d------ [11:38 15/04/2012]
C:\_OTL\MovedFiles\04122012_154611\C_Program Files (x86)\Yontoo Layers Runtime d------ [13:51 06/04/2012]
Searching for "*BearShare*"
C:\Users\tony\AppData\Local\BearShare d------ [22:39 15/11/2010]
C:\Users\tony\AppData\LocalLow\bearsharemediabartb d------ [22:39 15/11/2010]
-= EOF =-


----------



## obxtony (Aug 17, 2008)

DEFINATELY something wrong here when I Hit reply to send it, the system starts and goes to another page which says 'Sorry the system seems to be taking some time to upload this file' the bar moves about half way then crashes the whole page. Then I have to log back in again..so weird!!


----------



## obxtony (Aug 17, 2008)

the first half seems to have arrived alright though!


----------



## eddie5659 (Mar 19, 2001)

Just looking in my lunch hour.

Sometimes the server may be slow. Good to see the first part is thru. If you want to, see if uplaoding them is any better


----------



## obxtony (Aug 17, 2008)

ok that first part craSystemLook 30.07.11 by jpshortstuff
Log created at 11:46 on 16/04/2012 by tony
Administrator - Elevation successful
No Context: *BearShare*
No Context: *LimeWire*
No Context: *Yontoo*
No Context: *BearShare*
No Context: *BitTornado*
No Context: *Blekko*
No Context: *Smart Defrag*
No Context: *Tarma*
No Context: *Of Dragons Rising*
No Context: *Far Cry*
No Context: *Arma*
No Context: *Battlefield*
No Context: *BFBC2*
No Context: *COD*
No Context: *Company of Heroes*
No Context: *Crysis*
No Context: *Fear*
No Context: *Soldier*
========== regfind ==========
Searching for "ask.com"
[HKEY_CURRENT_USER\Software\AnVir]
"HomePageGuardPrevious"="http://uk.ask.com?o=15200&l=dis"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro]
"InstallDir"="C:\Program Files (x86)\Ask.com\"
[HKEY_CURRENT_USER\Software\Ask.com]
[HKEY_CURRENT_USER\Software\AVAST Software\WRC\SearchRules\ask.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
"AppPath"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\TaskScheduler.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\UpdateTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties]
"HelpLink"="http://about.ask.com/en/docs/about/index.shtml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties]
"Publisher"="Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
"AppPath"="C:\Program Files (x86)\Ask.com\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AnVir]
"HomePageGuardPrevious"="http://uk.ask.com?o=15200&l=dis"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\AskToolbar\Macro]
"InstallDir"="C:\Program Files (x86)\Ask.com\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Ask.com]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AVAST Software\WRC\SearchRules\ask.com]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
"AppPath"="C:\Program Files (x86)\Ask.com\"
Searching for "Vuze"
[HKEY_CURRENT_USER\Software\Azureus]
@="C:\Program Files (x86)\Vuze"
[HKEY_CURRENT_USER\Software\Azureus]
"exec"="C:\Program Files (x86)\Vuze\Azureus.exe"
[HKEY_CURRENT_USER\Software\Conduit\AppPaths\Vuze.exe]
[HKEY_CURRENT_USER\Software\Conduit\AppPaths\Vuze.exe]
"AppPath"="C:\Program Files (x86)\Vuze\Azureus.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Azureus.exe]
"Path"="C:\Program Files (x86)\Vuze\Azureus.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\vuze.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{410D4D9F-08D1-40BE-88C6-5283C4649E83}]
"AppPath"="C:\Program Files (x86)\Vuze_Remote"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{410D4D9F-08D1-40BE-88C6-5283C4649E83}]
"AppName"="Vuze_RemoteToolbarHelper.exe"
[HKEY_CURRENT_USER\Software\Classes\.vuze]
[HKEY_CURRENT_USER\Software\Classes\.vuze]
@="Vuze"
[HKEY_CURRENT_USER\Software\Classes\.vuze]
"Content Type"="application/x-vuze"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_CURRENT_USER\Software\Classes\Vuze]
[HKEY_CURRENT_USER\Software\Classes\Vuze]
@="Vuze File"
[HKEY_CURRENT_USER\Software\Classes\Vuze]
"Content Type"="application/x-vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze]
@="Vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus]
@="Vuze Download"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze]
@="Vuze File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Azureus]
@="C:\Program Files (x86)\Vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Azureus]
"exec"="C:\Program Files (x86)\Vuze\Azureus.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ej-technologies\install4j\installations]
"allinstdirs8461-7759-5462-8226"="C:\Program Files (x86)\Vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ej-technologies\install4j\installations]
"instdir8461-7759-5462-8226"="C:\Program Files (x86)\Vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Vuze_RemoteAutoUpdaterHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Vuze_RemoteAutoUpdaterHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
"DisplayName"="Vuze"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
"Publisher"="Vuze Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
"URLInfoAbout"="http://www.vuze.com"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Azureus]
@="C:\Program Files (x86)\Vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Azureus]
"exec"="C:\Program Files (x86)\Vuze\Azureus.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Conduit\AppPaths\Vuze.exe]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Conduit\AppPaths\Vuze.exe]
"AppPath"="C:\Program Files (x86)\Vuze\Azureus.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\Azureus.exe]
"Path"="C:\Program Files (x86)\Vuze\Azureus.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\DOMStorage\vuze.com]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{410D4D9F-08D1-40BE-88C6-5283C4649E83}]
"AppPath"="C:\Program Files (x86)\Vuze_Remote"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{410D4D9F-08D1-40BE-88C6-5283C4649E83}]
"AppName"="Vuze_RemoteToolbarHelper.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\.vuze]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\.vuze]
@="Vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\.vuze]
"Content Type"="application/x-vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\Vuze]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\Vuze]
@="Vuze File"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\Vuze]
"Content Type"="application/x-vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\.vuze]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\.vuze]
@="Vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\.vuze]
"Content Type"="application/x-vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\MIME\Database\Content Type\application/x-vuze]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\MIME\Database\Content Type\application/x-vuze]
"Extension"=".vuze"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\Vuze]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\Vuze]
@="Vuze File"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\Vuze]
"Content Type"="application/x-vuze"
Searching for "MyWebsearch"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?p=YWxdm002YYgb&s=t200401157&tv=2.3.81.1"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"sscURL"="http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=kwd&searchfor="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=dns&searchfor="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000376&p=ZKxdm194YYGB"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/myweb...61436&st=sb&n=77cea72d&searchfor={searchTerms}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"HistoryDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\History\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"SkinsDirLowIL"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...194YYGB&si=161436&st=kwd&n=77cea72d&searchfor="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...194YYGB&si=161436&st=dns&n=77cea72d&searchfor="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\MyWebSearch]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe"
[HKEY_CURRENT_USER\Software\MyWebSearch]
[HKEY_CURRENT_USER\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
@="IMyWebSearchSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
@="IMyWebSearchHTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
@="IMyWebSearchXMLElement"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
@="IMyWebSearchChatSession"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin]
@="MyWebSearch Chat Session Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin\CurVer]
@="MyWebSearch.ChatSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1]
@="MyWebSearch Chat Session Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.HTMLPanel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.HTMLPanel]
@="MyWebSearch HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.HTMLPanel\CurVer]
@="MyWebSearch.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1]
@="MyWebSearch HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.MultipleButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.MultipleButton\CurVer]
@="MyWebSearch.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.MultipleButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin\CurVer]
@="MyWebSearch.OutlookAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin]
@="MyWebSearch Pseudo Transparent Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin\CurVer]
@="MyWebSearch.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1]
@="MyWebSearch Pseudo Transparent Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.SkinLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.SkinLauncher\CurVer]
@="MyWebSearch.SkinLauncher.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.SkinLauncher.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.SkinLauncherSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.SkinLauncherSettings\CurVer]
@="MyWebSearch.SkinLauncherSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.SkinLauncherSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller]
@="MyWebSearch Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller\CurVer]
@="MyWebSearch.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1]
@="MyWebSearch Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.UrlAlertButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.UrlAlertButton\CurVer]
@="MyWebSearch.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin]
@="MyWebSearch Settings Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin\CurVer]
@="MyWebSearchToolBar.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1]
@="MyWebSearch Settings Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin]
@="MyWebSearch Toolbar Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin\CurVer]
@="MyWebSearchToolBar.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1]
@="MyWebSearch Toolbar Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
@="MyWebSearch Search Assistant BHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\ProgID]
@="MyWebSearch.SkinLauncherSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\VersionIndependentProgID]
@="MyWebSearch.SkinLauncherSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}]
@="MyWebSearch Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID]
@="MyWebSearchToolBar.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID]
@="MyWebSearchToolBar.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}]
@="MyWebSearch Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\ProgID]
@="MyWebSearch.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\VersionIndependentProgID]
@="MyWebSearch.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}]
@="MyWebSearch HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID]
@="MyWebSearch.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID]
@="MyWebSearch.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}]
@="MyWebSearch Toolbar Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID]
@="MyWebSearchToolBar.ToolbarPlugin.1"shed the window again..going to try a smaller bit of it !!


----------



## obxtony (Aug 17, 2008)

ok , next bit!![HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\VersionIndependentProgID]
@="MyWebSearch.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\ProgID]
@="MyWebSearch.SkinLauncher.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\VersionIndependentProgID]
@="MyWebSearch.SkinLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]
@="MyWebSearch.OutlookAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]
@="MyWebSearch.OutlookAddin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\ProgID]
@="MyWebSearch.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\VersionIndependentProgID]
@="MyWebSearch.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}]
@="MyWebSearch Chat Session Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID]
@="MyWebSearch.ChatSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID]
@="MyWebSearch.ChatSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
@="IMyWebSearchSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
@="IMyWebSearchHTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
@="IMyWebSearchXMLElement"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
@="IMyWebSearchChatSession"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FocusInteractive\Email-IM\0]
"AppName"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FocusInteractive\Outlook]
"MyWebSearch.OutlookAddin"="{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fun Web Products]
"JpegConversionLib"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fun Web Products\MSNMessenger]
"DLLDir"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
@="MyWebSearch Search Assistant BHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall]
"HelpLink"="http://helpint.mywebsearch.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall]
"UrlInfoAbout"="http://helpint.mywebsearch.com/intlinfo/eula/eula.jhtml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media\WMSDK\sources]
"f3PopularScreensavers"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
"Path"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
"vendor"="MyWebSearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin\MimeTypes\application/x-mws-mywebsearchplugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"Dir"="C:\Program Files (x86)\MyWebSearch\bar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"UninstallString"=""C:\Program Files (x86)\MyWebSearch\bar\1.bin\m3highin.exe" mwsbar.dll,O"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"PluginPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"SettingsDir"="C:\Program Files (x86)\MyWebSearch\bar\Settings\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\MWSOEPLG]
"Path"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\SkinTools]
"PlayerPath"=""C:\Program Files (x86)\MyWebSearch\bar\1.bin\m3SkPlay.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
@="MyWebSearch Search Assistant BHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\ProgID]
@="MyWebSearch.SkinLauncherSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\VersionIndependentProgID]
@="MyWebSearch.SkinLauncherSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}]
@="MyWebSearch Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID]
@="MyWebSearchToolBar.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID]
@="MyWebSearchToolBar.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}]
@="MyWebSearch Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\ProgID]
@="MyWebSearch.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\VersionIndependentProgID]
@="MyWebSearch.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}]
@="MyWebSearch HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID]
@="MyWebSearch.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID]
@="MyWebSearch.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}]
@="MyWebSearch Toolbar Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID]
@="MyWebSearchToolBar.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID]
@="MyWebSearchToolBar.ToolbarPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}]
@="MyWebSearch Skin Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}]
@="MyWebSearch Pseudo Transparent Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID]
@="MyWebSearch.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID]
@="MyWebSearch.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}]
@="MyWebSearch Popup Menu Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\ProgID]
@="MyWebSearch.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\VersionIndependentProgID]
@="MyWebSearch.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\ProgID]
@="MyWebSearch.SkinLauncher.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\VersionIndependentProgID]
@="MyWebSearch.SkinLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]
@="MyWebSearch.OutlookAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]
@="MyWebSearch.OutlookAddin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\ProgID]
@="MyWebSearch.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\VersionIndependentProgID]
@="MyWebSearch.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}]
@="MyWebSearch Chat Session Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID]
@="MyWebSearch.ChatSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID]
@="MyWebSearch.ChatSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
@="IMyWebSearchSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
@="IMyWebSearchHTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
@="IMyWebSearchXMLElement"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
@="IMyWebSearchChatSession"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MyWebSearchService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MyWebSearchService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MyWebSearchService]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?p=YWxdm002YYgb&s=t200401157&tv=2.3.81.1"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"sscURL"="http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=kwd&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=dns&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000376&p=ZKxdm194YYGB"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/myweb...61436&st=sb&n=77cea72d&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"HistoryDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\History\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"SkinsDirLowIL"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...194YYGB&si=161436&st=kwd&n=77cea72d&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...194YYGB&si=161436&st=dns&n=77cea72d&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
Searching for "Maps4PC"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\Shared\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"SkinsDirLowIL"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"SettingsDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"HistoryDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\History\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"sscURL"="http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=kwd&searchfor="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=dns&searchfor="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0cEI]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0cEI\Installer]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0cEI\Installr\Cache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DataControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DataControl\CurVer]
@="Maps4PC_0c.DataControl.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DataControl.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DynamicBarButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DynamicBarButton\CurVer]
@="Maps4PC_0c.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DynamicBarButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.FeedManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.FeedManager\CurVer]
@="Maps4PC_0c.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.FeedManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu]
@="Maps4PC_0c HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu\CurVer]
@="Maps4PC_0c.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu.1]
@="Maps4PC_0c HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel]
@="Maps4PC_0c HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel\CurVer]
@="Maps4PC_0c.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel.1]
@="Maps4PC_0c HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.MultipleButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.MultipleButton\CurVer]
@="Maps4PC_0c.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.MultipleButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.PseudoTransparentPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.PseudoTransparentPlugin\CurVer]
@="Maps4PC_0c.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.PseudoTransparentPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.Radio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.Radio\CurVer]
@="Maps4PC_0c.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.Radio.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.RadioSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.RadioSettings\CurVer]
@="Maps4PC_0c.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.RadioSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ScriptButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ScriptButton\CurVer]
@="Maps4PC_0c.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ScriptButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.SettingsPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.SettingsPlugin\CurVer]
@="Maps4PC_0c.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.SettingsPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller]
@="Maps4PC Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller\CurVer]
@="Maps4PC_0c.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller.1]
@="Maps4PC Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ToolbarPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ToolbarPlugin\CurVer]
@="Maps4PC_0c.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ToolbarPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.UrlAlertButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.UrlAlertButton\CurVer]
@="Maps4PC_0c.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.UrlAlertButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.XMLSessionPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.XMLSessionPlugin\CurVer]
@="Maps4PC_0c.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.XMLSessionPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdatact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}]
@="Maps4PC_0c HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\ProgID]
@="Maps4PC_0c.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\VersionIndependentProgID]
@="Maps4PC_0c.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmlbtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\ProgID]
@="Maps4PC_0c.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\VersionIndependentProgID]
@="Maps4PC_0c.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\ProgID]
@="Maps4PC_0c.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\VersionIndependentProgID]
@="Maps4PC_0c.FeedManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1bc25d18-6379-44f8-9a80-0c60f7d6df81}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2e2a3ce5-8596-4f3b-94f3-2302bcb76f48}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}]
@="Maps4PC Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\ProgID]
@="Maps4PC_0c.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\VersionIndependentProgID]
@="Maps4PC_0c.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39b64ffb-ee88-4294-aa5b-4284d3bf0647}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdatact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\ProgID]
@="Maps4PC_0c.DataControl.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\VersionIndependentProgID]
@="Maps4PC_0c.DataControl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\ProgID]
@="Maps4PC_0c.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\VersionIndependentProgID]
@="Maps4PC_0c.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{965556a7-cfed-4e12-b9b6-dfffef6a71cd}\ProgID]
@="Maps4PC_0c.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{965556a7-cfed-4e12-b9b6-dfffef6a71cd}\VersionIndependentProgID]
@="Maps4PC_0c.ToolbarPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}]
@="Maps4PC_0c HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\ProgID]
@="Maps4PC_0c.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\VersionIndependentProgID]
@="Maps4PC_0c.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdyn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\ProgID]
@="Maps4PC_0c.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\VersionIndependentProgID]
@="Maps4PC_0c.DynamicBarButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{b1a1c156-78ca-4437-9a52-7d64bdba1e76}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cscript.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{b1a1c156-78ca-4437-9a52-7d64bdba1e76}\ProgID]
@="Maps4PC_0c.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{b1a1c156-78ca-4437-9a52-7d64bdba1e76}\VersionIndependentProgID]
@="Maps4PC_0c.ScriptButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{b6a88628-857a-43ae-8aab-140c0a3fc011}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\ProgID]
@="Maps4PC_0c.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\VersionIndependentProgID]
@="Maps4PC_0c.Radio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\ProgID]
@="Maps4PC_0c.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\VersionIndependentProgID]
@="Maps4PC_0c.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\ProgID]
@="Maps4PC_0c.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\VersionIndependentProgID]
@="Maps4PC_0c.XMLSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cuabtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\ProgID]
@="Maps4PC_0c.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\VersionIndependentProgID]
@="Maps4PC_0c.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\ProgID]
@="Maps4PC_0c.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\VersionIndependentProgID]
@="Maps4PC_0c.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\HELPDIR]
@="C


----------



## obxtony (Aug 17, 2008)

well it didnt like that bit[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\VersionIndependentProgID]
@="MyWebSearch.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\ProgID]
@="MyWebSearch.SkinLauncher.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\VersionIndependentProgID]
@="MyWebSearch.SkinLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]
@="MyWebSearch.OutlookAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]
@="MyWebSearch.OutlookAddin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\ProgID]
@="MyWebSearch.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\VersionIndependentProgID]
@="MyWebSearch.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}]
@="MyWebSearch Chat Session Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID]
@="MyWebSearch.ChatSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID]
@="MyWebSearch.ChatSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
@="IMyWebSearchSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
@="IMyWebSearchHTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
@="IMyWebSearchXMLElement"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
@="IMyWebSearchChatSession"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FocusInteractive\Email-IM\0]
"AppName"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FocusInteractive\Outlook]
"MyWebSearch.OutlookAddin"="{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fun Web Products]
"JpegConversionLib"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fun Web Products\MSNMessenger]
"DLLDir"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}]
"AppPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
@="MyWebSearch Search Assistant BHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall]
"HelpLink"="http://helpint.mywebsearch.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall]
"UrlInfoAbout"="http://helpint.mywebsearch.com/intlinfo/eula/eula.jhtml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media\WMSDK\sources]
"f3PopularScreensavers"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
"Path"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
"vendor"="MyWebSearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin\MimeTypes\application/x-mws-mywebsearchplugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"Dir"="C:\Program Files (x86)\MyWebSearch\bar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"UninstallString"=""C:\Program Files (x86)\MyWebSearch\bar\1.bin\m3highin.exe" mwsbar.dll,O"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"PluginPath"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\bar]
"SettingsDir"="C:\Program Files (x86)\MyWebSearch\bar\Settings\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\MWSOEPLG]
"Path"="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MyWebSearch\SkinTools]
"PlayerPath"=""C:\Program Files (x86)\MyWebSearch\bar\1.bin\m3SkPlay.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
@="MyWebSearch Search Assistant BHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\ProgID]
@="MyWebSearch.SkinLauncherSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE}\VersionIndependentProgID]
@="MyWebSearch.SkinLauncherSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}]
@="MyWebSearch Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID]
@="MyWebSearchToolBar.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID]
@="MyWebSearchToolBar.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}]
@="MyWebSearch Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\ProgID]
@="MyWebSearch.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\VersionIndependentProgID]
@="MyWebSearch.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}]
@="MyWebSearch HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID]
@="MyWebSearch.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID]
@="MyWebSearch.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}]
@="MyWebSearch Toolbar Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID]
@="MyWebSearchToolBar.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID]
@="MyWebSearchToolBar.ToolbarPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}]
@="MyWebSearch Skin Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}]
@="MyWebSearch Pseudo Transparent Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID]
@="MyWebSearch.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID]
@="MyWebSearch.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}]
@="MyWebSearch Popup Menu Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\ProgID]
@="MyWebSearch.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\VersionIndependentProgID]
@="MyWebSearch.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\ProgID]
@="MyWebSearch.SkinLauncher.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A5C22FE-972C-4B1E-8521-E045F74E5F2E}\VersionIndependentProgID]
@="MyWebSearch.SkinLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID]
@="MyWebSearch.OutlookAddin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID]
@="MyWebSearch.OutlookAddin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\ProgID]
@="MyWebSearch.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\VersionIndependentProgID]
@="MyWebSearch.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}]
@="MyWebSearch Chat Session Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID]
@="MyWebSearch.ChatSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID]
@="MyWebSearch.ChatSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
@="IMyWebSearchSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
@="IMyWebSearchHTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
@="IMyWebSearchXMLElement"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
@="IMyWebSearchChatSession"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR]
@="C:\Program Files (x86)\MyWebSearch\bar\1.bin"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MyWebSearchService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MyWebSearchService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MyWebSearchService]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?p=YWxdm002YYgb&s=t200401157&tv=2.3.81.1"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"sscURL"="http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=kwd&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=dns&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000376&p=ZKxdm194YYGB"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/myweb...61436&st=sb&n=77cea72d&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"HistoryDir"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\History\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\bar]
"SkinsDirLowIL"="C:\Users\tony\AppData\LocalLow\MyWebSearch\bar\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...194YYGB&si=161436&st=kwd&n=77cea72d&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...194YYGB&si=161436&st=dns&n=77cea72d&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
Searching for "Maps4PC"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\Shared\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"SkinsDirLowIL"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"SettingsDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"HistoryDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\History\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\bar]
"sscURL"="http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=kwd&searchfor="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=dns&searchfor="
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0cEI]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Maps4PC_0cEI\Installer]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0cEI\Installr\Cache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DataControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DataControl\CurVer]
@="Maps4PC_0c.DataControl.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DataControl.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DynamicBarButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DynamicBarButton\CurVer]
@="Maps4PC_0c.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.DynamicBarButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.FeedManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.FeedManager\CurVer]
@="Maps4PC_0c.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.FeedManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu]
@="Maps4PC_0c HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu\CurVer]
@="Maps4PC_0c.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLMenu.1]
@="Maps4PC_0c HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel]
@="Maps4PC_0c HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel\CurVer]
@="Maps4PC_0c.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.HTMLPanel.1]
@="Maps4PC_0c HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.MultipleButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.MultipleButton\CurVer]
@="Maps4PC_0c.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.MultipleButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.PseudoTransparentPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.PseudoTransparentPlugin\CurVer]
@="Maps4PC_0c.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.PseudoTransparentPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.Radio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.Radio\CurVer]
@="Maps4PC_0c.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.Radio.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.RadioSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.RadioSettings\CurVer]
@="Maps4PC_0c.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.RadioSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ScriptButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ScriptButton\CurVer]
@="Maps4PC_0c.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ScriptButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.SettingsPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.SettingsPlugin\CurVer]
@="Maps4PC_0c.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.SettingsPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller]
@="Maps4PC Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller\CurVer]
@="Maps4PC_0c.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller.1]
[HKEY_LOCAL_MACHINE\S, think Ill shorten it!


----------



## obxtony (Aug 17, 2008)

something wrong with that bit for sure!!
hang on while I shorten it [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ThirdPartyInstaller.1]
@="Maps4PC Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ToolbarPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ToolbarPlugin\CurVer]
@="Maps4PC_0c.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.ToolbarPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.UrlAlertButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.UrlAlertButton\CurVer]
@="Maps4PC_0c.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.UrlAlertButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.XMLSessionPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.XMLSessionPlugin\CurVer]
@="Maps4PC_0c.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Maps4PC_0c.XMLSessionPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdatact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}]
@="Maps4PC_0c HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\ProgID]
@="Maps4PC_0c.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\VersionIndependentProgID]
@="Maps4PC_0c.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmlbtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\ProgID]
@="Maps4PC_0c.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\VersionIndependentProgID]
@="Maps4PC_0c.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\ProgID]
@="Maps4PC_0c.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\VersionIndependentProgID]
@="Maps4PC_0c.FeedManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1bc25d18-6379-44f8-9a80-0c60f7d6df81}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2e2a3ce5-8596-4f3b-94f3-2302bcb76f48}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}]
@="Maps4PC Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\ProgID]
@="Maps4PC_0c.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\VersionIndependentProgID]
@="Maps4PC_0c.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39b64ffb-ee88-4294-aa5b-4284d3bf0647}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdatact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\ProgID]
@="Maps4PC_0c.DataControl.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\VersionIndependentProgID]
@="Maps4PC_0c.DataControl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\ProgID]
@="Maps4PC_0c.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\VersionIndependentProgID]
@="Maps4PC_0c.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{965556a7-cfed-4e12-b9b6-dfffef6a71cd}\ProgID]
@="Maps4PC_0c.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{965556a7-cfed-4e12-b9b6-dfffef6a71cd}\VersionIndependentProgID]
@="Maps4PC_0c.ToolbarPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}]
@="Maps4PC_0c HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\ProgID]
@="Maps4PC_0c.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\VersionIndependentProgID]
@="Maps4PC_0c.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdyn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\ProgID]
@="Maps4PC_0c.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\VersionIndependentProgID]
@="Maps4PC_0c.DynamicBarButton"AGAIN!!


----------



## obxtony (Aug 17, 2008)

@="Maps4PC_0c.ScriptButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{b6a88628-857a-43ae-8aab-140c0a3fc011}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\ProgID]
@="Maps4PC_0c.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\VersionIndependentProgID]
@="Maps4PC_0c.Radio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\ProgID]
@="Maps4PC_0c.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\VersionIndependentProgID]
@="Maps4PC_0c.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\ProgID]
@="Maps4PC_0c.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\VersionIndependentProgID]
@="Maps4PC_0c.XMLSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cuabtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\ProgID]
@="Maps4PC_0c.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\VersionIndependentProgID]
@="Maps4PC_0c.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\ProgID]
@="Maps4PC_0c.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\VersionIndependentProgID]
@="Maps4PC_0c.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdatact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Maps4PC_0c Browser Plugin Loader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Maps4PC_0c Browser Plugin Loader]
"item"="Maps4PC_0c Browser Plugin Loader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\bar]
"psid"="maps4pc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\bar]
"un"="Maps4PC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\bar]
"Dir"="C:\Program Files (x86)\Maps4PC_0c\bar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\bar]
"UninstallString"=""C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chighin.exe" 0cbar.dll,O"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\bar]
"PluginPath"="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\bar]
"SettingsDir"="C:\Program Files (x86)\Maps4PC_0c\bar\Settings\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\bar]
"HistoryDir"="C:\Program Files (x86)\Maps4PC_0c\bar\History\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Maps4PC_0c\SkinTools]
"PlayerPath"=""C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSkPlay.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00cf86c3-2370-4e0a-bce5-c14c0c0111d1}]
"AppPath"="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1a45d133-419f-4bee-a8af-56bf3c40370b}]
"AppPath"="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{951da352-d38e-456a-84b6-2e0f0ba0a156}]
"AppPath"="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b6a88628-857a-43ae-8aab-140c0a3fc011}]
"AppPath"="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5e0f32a-6cb6-4cfb-8625-73fc2c225282}]
"AppPath"="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]_0c.com"="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}]
@="Maps4PC_0c HTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\ProgID]
@="Maps4PC_0c.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{000f6d47-ec80-4899-8ef5-9d06305595ff}\VersionIndependentProgID]
@="Maps4PC_0c.HTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmlbtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\ProgID]
@="Maps4PC_0c.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{145cc8ef-603a-43f1-b94d-bfd02f0f138e}\VersionIndependentProgID]
@="Maps4PC_0c.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\ProgID]
@="Maps4PC_0c.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1a937a69-bbef-4130-9214-03a48d3183d6}\VersionIndependentProgID]
@="Maps4PC_0c.FeedManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1bc25d18-6379-44f8-9a80-0c60f7d6df81}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2e2a3ce5-8596-4f3b-94f3-2302bcb76f48}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}]
@="Maps4PC Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\ProgID]
@="Maps4PC_0c.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2fcb3ce9-a3ba-42d5-9119-0ab1220c562f}\VersionIndependentProgID]
@="Maps4PC_0c.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{39b64ffb-ee88-4294-aa5b-4284d3bf0647}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdatact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\ProgID]
@="Maps4PC_0c.DataControl.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4e55b136-e384-4118-b160-aa688fd4ee0d}\VersionIndependentProgID]
@="Maps4PC_0c.DataControl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\ProgID]
@="Maps4PC_0c.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{544ca49e-b461-4509-85ca-52a76a57ee50}\VersionIndependentProgID]
@="Maps4PC_0c.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{965556a7-cfed-4e12-b9b6-dfffef6a71cd}\ProgID]
@="Maps4PC_0c.ToolbarPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{965556a7-cfed-4e12-b9b6-dfffef6a71cd}\VersionIndependentProgID]
@="Maps4PC_0c.ToolbarPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}]
@="Maps4PC_0c HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\ProgID]
@="Maps4PC_0c.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99B6C342-6391-4BD2-83E5-866B512C9418}\VersionIndependentProgID]
@="Maps4PC_0c.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdyn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\ProgID]
@="Maps4PC_0c.DynamicBarButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9a0aa190-319e-461b-9b91-ab05d0eb2f66}\VersionIndependentProgID]
@="Maps4PC_0c.DynamicBarButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{b1a1c156-78ca-4437-9a52-7d64bdba1e76}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cscript.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{b1a1c156-78ca-4437-9a52-7d64bdba1e76}\ProgID]
@="Maps4PC_0c.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{b1a1c156-78ca-4437-9a52-7d64bdba1e76}\VersionIndependentProgID]
@="Maps4PC_0c.ScriptButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{b6a88628-857a-43ae-8aab-140c0a3fc011}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\ProgID]
@="Maps4PC_0c.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{c934c0f7-4b78-4a87-866a-33fb8bfffdbc}\VersionIndependentProgID]
@="Maps4PC_0c.Radio"


----------



## obxtony (Aug 17, 2008)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\ProgID]
@="Maps4PC_0c.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{d7deeb89-7ce4-468b-aa2b-b34304a863e7}\VersionIndependentProgID]
@="Maps4PC_0c.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\ProgID]
@="Maps4PC_0c.XMLSessionPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{de061ff5-80bc-4465-a2ac-b95e05b23a24}\VersionIndependentProgID]
@="Maps4PC_0c.XMLSessionPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cuabtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\ProgID]
@="Maps4PC_0c.UrlAlertButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{e5a67e7e-ac6f-4c14-81d0-b6a92a51df78}\VersionIndependentProgID]
@="Maps4PC_0c.UrlAlertButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\InprocServer32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\ProgID]
@="Maps4PC_0c.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f310b5e4-46ef-4b09-8ad5-74f693ebfefc}\VersionIndependentProgID]
@="Maps4PC_0c.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{21163F37-34C8-4527-8F05-CD54212DC347}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cfeedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{23C16B04-6839-4FB1-8D7E-9D02A316525D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{26B7925E-97A3-4534-903B-6ABFB0705D48}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0ctpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{61D1A2E4-C25E-46AF-8034-3B882C3C824A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cskin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7C7C6AC1-A2E6-478D-ACCC-242A7E9118DF}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chttpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{7D49C1D0-F16F-477A-9043-ABA11EF2CF65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{848EF1A3-4F1A-4268-9935-6279B3362C62}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cmsg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8996BF60-AD0F-48ED-8141-2F1BD7D57C58}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9F1424F5-8355-4577-A149-CD82F5CAEC3C}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cdatact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A40ABF89-A1B7-4615-8FE7-E810433C8974}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\0\win32]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0chtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CC082212-E77A-454A-9C60-05AF5BEA184E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Maps4PC_0c\bar\1.bin"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\Shared\Cache\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"SkinsDirLowIL"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"SettingsDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"HistoryDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0c\bar\History\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\bar]
"sscURL"="http://search.mywebsearch.com/myweb...&n=77de89f8&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"ABS"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=kwd&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0c\SearchAssistant]
"DES"="http://search.mywebsearch.com/myweb...b&si=maps4pc&n=77de89f8&psa=&st=dns&searchfor="
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0cEI]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\Maps4PC_0cEI\Installer]
"CacheDir"="C:\Users\tony\AppData\LocalLow\Maps4PC_0cEI\Installr\Cache\"
Searching for "MediaBar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\imeshmediabartb]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\mediabarim]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\datamngrUI.exe]
"Path"="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe"
[HKEY_CURRENT_USER\Software\SearchquMediabarTb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E}\InprocServer32]
@="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EE49117-038C-4c4d-B05D-894B8C71D52E}\InprocServer32]
@="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\DnsBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47dd-9C35-9576E21EE66E}\InprocServer32]
@="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShareMediabarTb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShareMediabarTb]
"Folder"="C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iMeshMediabarTb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iMeshMediabarTb]
"Folder"="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
"AppPath"="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28A4CB49-F53D-4BBF-AD3A-97285EFE779B}]
"AppPath"="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E84D42CA-64EB-11DE-A65F-8C3656D89593}]
"AppPath"="C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaBar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaBar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare MediaBar]
"DisplayName"="MediaBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar]
"DisplayName"="Wincore MediaBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar]
"UninstallString"="C:\Program Files (x86)\iMesh Applications\MediaBar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar]
"DisplayIcon"="C:\Program Files (x86)\iMesh Applications\MediaBar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar]
"Path"="C:\Program Files (x86)\iMesh Applications\MediaBar"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\imeshmediabartb]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\mediabarim]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\datamngrUI.exe]
"Path"="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SearchquMediabarTb]
Searching for "PriceGong"
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}"="C:\Program Files (x86)\PriceGong\2.1.0\FF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PriceGongIE.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}]
@="PriceGongIE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PriceGongIE.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}]
@="PriceGongIE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PriceGongIE.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}]
@="PriceGongIE"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Mozilla\Firefox\Extensions]
"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}"="C:\Program Files (x86)\PriceGong\2.1.0\FF"
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_CURRENT_USER\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup
[HKEY_CURRENT_USER\Software\Wajam]
"supported_sites.yahoo.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.16'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'yahoo'; window['WAJAM_SERVER_VERSION'] = '1.00216'; window['WAJAM_USER_MAPPING_VERSION'] = '0';window['WAJAM_UNIQUE_ID'] = '9DFD21AFAE4A59DEA9DB72DCCC90EE80'; if (priam_utils_loaded === undefined) {
var priam_utils_loaded = true;
var priamAppName = window['APP_LABEL_NAME'];
var priamAppNameFullUC = window['APP_LABEL_NAME_FULL_UC'];
var priamAppNameUC = window[priamAppNameFullUC + '_APP_LABEL_NAME_UC'];
/*
* Write log to console (if there is one (Firebug / Chrome))
*/
function priamDebug(text) {
if (w
[HKEY_CURRENT_USER\Software\Wajam]
"supported_sites.bing.wajam_yahoo_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.16'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'bing'; window['WAJAM_SERVER_VERSION'] = '1.00216'; window['WAJAM_USER_MAPPING_VERSION'] = '0';window['WAJAM_UNIQUE_ID'] = '9DFD21AFAE4A59DEA9DB72DCCC90EE80'; if (priam_utils_loaded === undefined) {
var priam_utils_loaded = true;
var priamAppName = window['APP_LABEL_NAME'];
var priamAppNameFullUC = window['APP_LABEL_NAME_FULL_UC'];
var priamAppNameUC = window[priamAppNameFullUC + '_APP_LABEL_NAME_UC'];
/*
* Write log to console (if there is one (Firebug / Chrome))
*/
function priamDebug(text) {
i
[HKEY_CURRENT_USER\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.16'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00216'; window['WAJAM_USER_MAPPING_VERSION'] = '0';window['WAJAM_UNIQUE_ID'] = '9DFD21AFAE4A59DEA9DB72DCCC90EE80'; if (priam_utils_loaded === undefined) {
var priam_utils_loaded = true;
var priamAppName = window['APP_LABEL_NAME'];
var priamAppNameFullUC = window['APP_LABEL_NAME_FULL_UC'];
var priamAppNameUC = window[priamAppNameFullUC + '_APP_LABEL_NAME_UC'];
/*
* Write log to console (if there is one (Firebug / Chrome))
*/
function priamDebug(text) 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"CB06793473776834B9D19AA0E3A822AE"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"CB06793473776834B9D19AA0E3A822AE"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Conduit]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"supported_sites.yahoo.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.16'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'yahoo'; window['WAJAM_SERVER_VERSION'] = '1.00216'; window['WAJAM_USER_MAPPING_VERSION'] = '0';window['WAJAM_UNIQUE_ID'] = '9DFD21AFAE4A59DEA9DB72DCCC90EE80'; if (priam_utils_loaded === undefined) {
var priam_utils_loaded = true;
var priamAppName = window['APP_LABEL_NAME'];
var priamAppNameFullUC = window['APP_LABEL_NAME_FULL_UC'];
var priamAppNameUC = window[priamAppNameFullUC + '_APP_LABEL_NAME_UC'];
/*
* Write log to console (if there is one (Firebug / Chrome))

[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"supported_sites.bing.wajam_yahoo_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.16'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'bing'; window['WAJAM_SERVER_VERSION'] = '1.00216'; window['WAJAM_USER_MAPPING_VERSION'] = '0';window['WAJAM_UNIQUE_ID'] = '9DFD21AFAE4A59DEA9DB72DCCC90EE80'; if (priam_utils_loaded === undefined) {
var priam_utils_loaded = true;
var priamAppName = window['APP_LABEL_NAME'];
var priamAppNameFullUC = window['APP_LABEL_NAME_FULL_UC'];
var priamAppNameUC = window[priamAppNameFullUC + '_APP_LABEL_NAME_UC'];
/*
* Write log to console (if there is one (Firebug / Chrome
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.16'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00216'; window['WAJAM_USER_MAPPING_VERSION'] = '0';window['WAJAM_UNIQUE_ID'] = '9DFD21AFAE4A59DEA9DB72DCCC90EE80'; if (priam_utils_loaded === undefined) {
var priam_utils_loaded = true;
var priamAppName = window['APP_LABEL_NAME'];
var priamAppNameFullUC = window['APP_LABEL_NAME_FULL_UC'];
var priamAppNameUC = window[priamAppNameFullUC + '_APP_LABEL_NAME_UC'];
/*
* Write log to console (if there is one (Firebug / C
Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutb]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}]
"URL"="http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv"
[HKEY_CURRENT_USER\Software\SearchquMediabarTb]
[HKEY_CURRENT_USER\Software\SearchquMediabarTb]
"Folder"="C:\PROGRA~2\Windows Searchqu Toolbar\ToolBar"
[HKEY_CURRENT_USER\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}]
"AppPath"="C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\searchqutb]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}]
"URL"="http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SearchquMediabarTb]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SearchquMediabarTb]
"Folder"="C:\PROGRA~2\Windows Searchqu Toolbar\ToolBar"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
Searching for "ALOT"
[HKEY_CURRENT_USER\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
"DllName"="alotBHO.dll;alotBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
"DllName"="alot.dll;alot.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
"DllName"="alotBHO.dll;alotBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
"DllName"="alot.dll;alot.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}]
"AppName"="ALOTWidgets.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}]
"AppPath"="C:\Program Files (x86)\alotappbar\bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4cc9-B2B4-C546BCCF8706}]
"AppName"="ALOTSettings.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4cc9-B2B4-C546BCCF8706}]
"AppPath"="C:\Program Files (x86)\alotappbar\bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alot-appbar-installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alot-appbar-installer_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ALOT_Toolbar_MapsUK_Installer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ALOT_Toolbar_MapsUK_Installer_RASMANCS]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
Searching for "Paltalk"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\paltalk.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\paltalk.exe]
"Path"="C:\Program Files (x86)\Paltalk Messenger\paltalk.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7948cb7b_0]
@="{0.0.0.00000000}.{2622bda0-8e7b-4bec-bca2-a6da6bc235ba}|\Device\HarddiskVolume2\Program Files (x86)\Paltalk Messenger\paltalk.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c0958288_0]
@="{0.0.0.00000000}.{e2555abe-ffac-4709-a217-5a365ec07c76}|\Device\HarddiskVolume2\Program Files (x86)\Paltalk Messenger\paltalk.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Paltalk Messenger\paltalk.exe"="VISTARTM"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Paltalk Messenger\paltalk.exe"="PaltalkScene"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\install_Paltalk_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\install_Paltalk_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\paltalk_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\paltalk_RASMANCS]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\paltalk.exe]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\paltalk.exe]
"Path"="C:\Program Files (x86)\Paltalk Messenger\paltalk.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7948cb7b_0]
@="{0.0.0.00000000}.{2622bda0-8e7b-4bec-bca2-a6da6bc235ba}|\Device\HarddiskVolume2\Program Files (x86)\Paltalk Messenger\paltalk.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c0958288_0]
@="{0.0.0.00000000}.{e2555abe-ffac-4709-a217-5a365ec07c76}|\Device\HarddiskVolume2\Program Files (x86)\Paltalk Messenger\paltalk.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Paltalk Messenger\paltalk.exe"="VISTARTM"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Paltalk Messenger\paltalk.exe"="PaltalkScene"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Paltalk Messenger\paltalk.exe"="PaltalkScene"
Searching for "Bandoo"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\BandooUI.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\BandooUI.exe]
"Path"="C:\Program Files (x86)\Bandoo\BandooUI.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF157970-A1E0-4FE4-B029-B791519DB162}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}]
@="_IBandooCoordinatorEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
@="IBandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}]
@="IBandooCoordinator"


----------



## obxtony (Aug 17, 2008)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
@="_IBandooCoreEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppName"="Bandoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppName"="BandooUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppName"="Bandoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppName"="BandooUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooUI_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bandoo Coordinator]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bandoo Coordinator]
"ImagePath"=""C:\PROGRA~2\Bandoo\Bandoo.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bandoo Coordinator]
"DisplayName"="Bandoo Coordinator"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bandoo Coordinator]
"Description"="Coordinates Bandoo plugins work"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bandoo Coordinator]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bandoo Coordinator]
"ImagePath"=""C:\PROGRA~2\Bandoo\Bandoo.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bandoo Coordinator]
"DisplayName"="Bandoo Coordinator"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bandoo Coordinator]
"Description"="Coordinates Bandoo plugins work"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bandoo Coordinator]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bandoo Coordinator]
"ImagePath"=""C:\PROGRA~2\Bandoo\Bandoo.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bandoo Coordinator]
"DisplayName"="Bandoo Coordinator"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bandoo Coordinator]
"Description"="Coordinates Bandoo plugins work"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\BandooUI.exe]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\BandooUI.exe]
"Path"="C:\Program Files (x86)\Bandoo\BandooUI.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF157970-A1E0-4FE4-B029-B791519DB162}]
"AppPath"="C:\Program Files (x86)\Bandoo"
Searching for "IObit"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\ASC.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\IObitUninstal.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\IObitUninstal.exe]
"Path"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\PMonitor.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\Register.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\Register.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SDInit.exe]
"Path"="C:\Program Files (x86)\IObit\Smart Defrag 2\SDInit.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\TurboBoost.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\TurboBoost.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\unins001.exe]
"Path"="C:\Program Files (x86)\IObit\IObit Malware Fighter\unins001.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"="IObit Malware Fighter"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe"="Uninstall Programs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\ASC.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\IObitUninstal.exe]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\IObitUninstal.exe]
"Path"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\PMonitor.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\Register.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\Register.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\SDInit.exe]
"Path"="C:\Program Files (x86)\IObit\Smart Defrag 2\SDInit.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\TurboBoost.exe]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 4\TurboBoost.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\unins001.exe]
"Path"="C:\Program Files (x86)\IObit\IObit Malware Fighter\unins001.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"="IObit Malware Fighter"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe"="Uninstall Programs"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"="IObit Malware Fighter"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe"="Uninstall Programs"


----------



## obxtony (Aug 17, 2008)

Searching for "BitTornado"
No data found.
Searching for "BearShare"
[HKEY_CURRENT_USER\Software\BearShare]
[HKEY_CURRENT_USER\Software\BearShare\General]
"SkinImagesFolder"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\Images\"
[HKEY_CURRENT_USER\Software\BearShare\General]
"RemoteSkin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_CURRENT_USER\Software\BearShare\General]
"SettingsXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"Home"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"AppData"="C:\Users\tony\AppData\Local\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"StatisticsFileName"="C:\Users\tony\AppData\Local\BearShare\Statistics.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"CreativesFileName"="C:\Users\tony\AppData\Local\BearShare\Creatives.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"DownloadDir"="C:\Users\tony\Music\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\Player]
"LocalPath"="C:\Users\tony\AppData\Local\BearShare\Player.swf"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\tony\Documents\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"CreativesFiles"="C:\Users\tony\AppData\Local\BearShare\IMPictures\"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
"CDDBServer"="http://cddb.bearshare.com/cgi/cddb.cgi"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\IEHomepage]
"IEHomepage"="http://search.bearshare.com/"
[HKEY_CURRENT_USER\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}]
@="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShareV9.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare_V9_en_Setup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
@="BearShare media file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler\CurVer]
@="BearShare.LauncherEventHandler.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\LocalServer32]
@=""C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\ProgID]
@="BearShare.LauncherEventHandler.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\VersionIndependentProgID]
@="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}]
@="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"ProgID"="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"InvokeProgID"="BearShare.Device"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\PROGRA~3\BearShare\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBB3BB4C5D8CE694A9784B1217B7F3F8]
"00000000000000000000000000000000"="C:\Users\tony\AppData\Local\Temp\SetupDataMngr_BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"BearShare"="SOFTWARE\BearShare\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare]
"Path"="C:\Program Files (x86)\BearShare Applications"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities]
"ApplicationDescription"="BearShare Music"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".asf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wma"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".cda"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wav"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp3"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".midi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mid"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rmi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aiff"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aif"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aifc"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".au"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".snd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".avi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpeg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpe"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".m1v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpv2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp2v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpa"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".torrent"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ape"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".m4e"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ivf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".qt"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mod"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".vob"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".divx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ram"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rmvb"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"RemoteSkin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SettingsXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"Skin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\default.skn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SkinImagesFolder"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\Images\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SkinXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\default.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"FFPagePath"="C:\Program Files (x86)\BearShare Applications\BearShare\FFPage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"Home"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"DistScript"="C:\Program Files (x86)\BearShare Applications\BearShare\Copy_Folder.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShareMediabarTb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShareMediabarTb]
"Folder"="C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
"AppName"="BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
"AppPath"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_V9_en_Setup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_V9_en_Setup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"ProgID"="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"InvokeProgID"="BearShare.Device"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"DisplayName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"HelpLink"="http://help.bearshare.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"URLUpdateInfo"="http://www.bearshare.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}]
"DisplayName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}]
@="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"BearShare"="SOFTWARE\BearShare\Capabilities"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"SkinImagesFolder"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\Images\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"RemoteSkin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"SettingsXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"Home"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"AppData"="C:\Users\tony\AppData\Local\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"StatisticsFileName"="C:\Users\tony\AppData\Local\BearShare\Statistics.xml"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"CreativesFileName"="C:\Users\tony\AppData\Local\BearShare\Creatives.xml"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"DownloadDir"="C:\Users\tony\Music\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Player]
"LocalPath"="C:\Users\tony\AppData\Local\BearShare\Player.swf"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\tony\Documents\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences]
"CreativesFiles"="C:\Users\tony\AppData\Local\BearShare\IMPictures\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences\CDSupport]
"CDDBServer"="http://cddb.bearshare.com/cgi/cddb.cgi"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences\IEHomepage]
"IEHomepage"="http://search.bearshare.com/"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
Searching for "LimeWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
@="LimeWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
"DefaultIcon"=""C:\Program Files (x86)\LimeWire\LimeWire.exe",0"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
"Description"="LimeWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
"ShellExecute"=""C:\Program Files (x86)\LimeWire\LimeWire.exe" "%URL""
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\LimeWire.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\LimeWire.exe]
"Path"="C:\Program Files (x86)\LimeWire\LimeWire.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\24c7cd5c_0]
@="{0.0.0.00000000}.{2622bda0-8e7b-4bec-bca2-a6da6bc235ba}|\Device\HarddiskVolume2\Program Files (x86)\LimeWire\LimeWire.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\15.0\Preferences\MostRecentClips4]
@="Avi Hairy Honies Mature, Bella Busty ...|file://C:/Users/tony/Documents/LimeWire/Saved/Avi Hairy Honies Mature, Bella Busty Isa Masturbation.qt|0"
[HKEY_CURRENT_USER\Software\Classes\LimeWire]
[HKEY_CURRENT_USER\Software\Classes\LimeWire]
@="LimeWire Torrent"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies]
"Error: codec update is required."="1,C:\Users\tony\Documents\LimeWire\Saved\05 women channel 5 matrue hairy.mov"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LimeWire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LimeWire]
"InstallDir"="C:\Program Files (x86)\LimeWire"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\LimewireSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\LimewireSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire]
"DisplayName"="LimeWire 5.5.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire]
"URLInfoAbout"="http://www.limewire.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire]
"URLUpdateInfo"="http://www.limewire.com/update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire]
"HelpLink"="http://www.limewire.com/support"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Magnet\Handlers\LimeWire]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Magnet\Handlers\LimeWire]
@="LimeWire"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Magnet\Handlers\LimeWire]
"DefaultIcon"=""C:\Program Files (x86)\LimeWire\LimeWire.exe",0"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Magnet\Handlers\LimeWire]
"Description"="LimeWire"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Magnet\Handlers\LimeWire]
"ShellExecute"=""C:\Program Files (x86)\LimeWire\LimeWire.exe" "%URL""
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\LimeWire.exe]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\LimeWire.exe]
"Path"="C:\Program Files (x86)\LimeWire\LimeWire.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\24c7cd5c_0]
@="{0.0.0.00000000}.{2622bda0-8e7b-4bec-bca2-a6da6bc235ba}|\Device\HarddiskVolume2\Program Files (x86)\LimeWire\LimeWire.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\RealNetworks\RealPlayer\15.0\Preferences\MostRecentClips4]
@="Avi Hairy Honies Mature, Bella Busty ...|file://C:/Users/tony/Documents/LimeWire/Saved/Avi Hairy Honies Mature, Bella Busty Isa Masturbation.qt|0"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\LimeWire]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\LimeWire]
@="LimeWire Torrent"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies]
"Error: codec update is required."="1,C:\Users\tony\Documents\LimeWire\Saved\05 women channel 5 matrue hairy.mov"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\LimeWire]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\LimeWire]
@="LimeWire Torrent"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies]
"Error: codec update is required."="1,C:\Users\tony\Documents\LimeWire\Saved\05 women channel 5 matrue hairy.mov"


----------



## obxtony (Aug 17, 2008)

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]
@="YontooIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID]
@="YontooIEClient.Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\CurVer]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\CurVer]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"InstallLocation"="C:\Program Files (x86)\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"DisplayName"="Yontoo 1.10.02"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"Publisher"="Yontoo LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"URLInfoAbout"="http://www.yontoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"Contact"="[email protected]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"TizPath"="C:\Users\tony\AppData\Local\Temp\YontooSetup-Silent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
"path"="C:\Users\tony\AppData\Local\Temp\YontooLayers.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-08E4_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-08E4_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-1B50_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-1B50_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-1D04_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-1D04_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-20B8_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-20B8_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-231C_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-231C_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
@="Yontoo Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]
@="YontooIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID]
@="YontooIEClient.Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files (x86)\Yontoo"
Searching for "BearShare"
[HKEY_CURRENT_USER\Software\BearShare]
[HKEY_CURRENT_USER\Software\BearShare\General]
"SkinImagesFolder"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\Images\"
[HKEY_CURRENT_USER\Software\BearShare\General]
"RemoteSkin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_CURRENT_USER\Software\BearShare\General]
"SettingsXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"Home"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"AppData"="C:\Users\tony\AppData\Local\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"StatisticsFileName"="C:\Users\tony\AppData\Local\BearShare\Statistics.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"CreativesFileName"="C:\Users\tony\AppData\Local\BearShare\Creatives.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"DownloadDir"="C:\Users\tony\Music\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\Player]
"LocalPath"="C:\Users\tony\AppData\Local\BearShare\Player.swf"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\tony\Documents\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"CreativesFiles"="C:\Users\tony\AppData\Local\BearShare\IMPictures\"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
"CDDBServer"="http://cddb.bearshare.com/cgi/cddb.cgi"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\IEHomepage]
"IEHomepage"="http://search.bearshare.com/"
[HKEY_CURRENT_USER\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}]
@="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShareV9.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShare_V9_en_Setup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
@="BearShare media file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler\CurVer]
@="BearShare.LauncherEventHandler.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.LauncherEventHandler.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\LocalServer32]
@=""C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\ProgID]
@="BearShare.LauncherEventHandler.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}\VersionIndependentProgID]
@="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}]
@="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"ProgID"="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"InvokeProgID"="BearShare.Device"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\PROGRA~3\BearShare\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBB3BB4C5D8CE694A9784B1217B7F3F8]
"00000000000000000000000000000000"="C:\Users\tony\AppData\Local\Temp\SetupDataMngr_BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"BearShare"="SOFTWARE\BearShare\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare]
"Path"="C:\Program Files (x86)\BearShare Applications"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities]
"ApplicationDescription"="BearShare Music"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".asf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wma"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".cda"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wav"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp3"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".midi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mid"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rmi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aiff"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aif"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aifc"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".au"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".snd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".avi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpeg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpe"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".m1v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpv2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp2v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpa"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".torrent"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ape"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".m4e"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ivf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".qt"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mod"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".vob"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".divx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ram"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rmvb"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"RemoteSkin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SettingsXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"Skin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\default.skn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SkinImagesFolder"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\Images\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SkinXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\default.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"FFPagePath"="C:\Program Files (x86)\BearShare Applications\BearShare\FFPage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"Home"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"DistScript"="C:\Program Files (x86)\BearShare Applications\BearShare\Copy_Folder.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShareMediabarTb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShareMediabarTb]
"Folder"="C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
"AppName"="BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438214DB-BB3C-4813-89F3-B3757D52B28E}]
"AppPath"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_V9_en_Setup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BearShare_V9_en_Setup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"ProgID"="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"InvokeProgID"="BearShare.Device"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"DisplayName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"HelpLink"="http://help.bearshare.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"URLUpdateInfo"="http://www.bearshare.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}]
"DisplayName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}]
@="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"BearShare"="SOFTWARE\BearShare\Capabilities"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"SkinImagesFolder"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\Images\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"RemoteSkin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"SettingsXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"Home"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"AppData"="C:\Users\tony\AppData\Local\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"StatisticsFileName"="C:\Users\tony\AppData\Local\BearShare\Statistics.xml"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"CreativesFileName"="C:\Users\tony\AppData\Local\BearShare\Creatives.xml"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\General]
"DownloadDir"="C:\Users\tony\Music\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Player]
"LocalPath"="C:\Users\tony\AppData\Local\BearShare\Player.swf"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\tony\Documents\BearShare"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences]
"CreativesFiles"="C:\Users\tony\AppData\Local\BearShare\IMPictures\"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences\CDSupport]
"CDDBServer"="http://cddb.bearshare.com/cgi/cddb.cgi"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\BearShare\Preferences\IEHomepage]
"IEHomepage"="http://search.bearshare.com/"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
Searching for "BitTornado"
No data found.
Searching for "Blekko"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb_soc]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb_soc]
"AutoSearchURL"="http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=%s"
[HKEY_CURRENT_USER\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"sup
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy]
"AppPath"="C:\Program Files (x86)\blekkotb_soc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20120403-3DFA-4C5C-AEC4-B73671F9498E}]
"AppPath"="C:\Program Files (x86)\blekkotb_soc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20120403-CF65-4AF6-9AA9-BBC60066B66C}]
"AppPath"="C:\Program Files (x86)\blekkotb_soc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Blekko search bar uninstall_RASMANCS]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\blekkotb_soc]
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\AppDataLow\Software\blekkotb_soc]
"AutoSearchURL"="http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=%s"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Wajam]
"mappingListJsonString"="{"version":"0.21082","supported_sites":{"google":{"patterns":["^http\\:\/\/www\\.google\\..{2,3}(|\\\/ig|\\\/firefox)","^http\\:\/\/www\\.google\\..+\\\/search\\?","^http\\:\/\/www\\.google\\..+\\\/.*#hl=.*\u0026q=","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*#q=.*","^http\\:\/\/www\\.google\\..+\\\/.*hl=.*\u0026q=.*","^http\\:\/\/www\\.google\\..+\\\/#q=.*\u0026hl.*"],"js_files":[{"id":"wajam_google_se_js","path":"se_js.php?se=google\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,"listener_clear_mapping_list":false,"support_iframe":false,"support_https":false},"yahoo":{"patterns":["^http\\:\/\/.{2,10}\\.yahoo",","js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false"]\\.search.yahoo\\..+\\\/search\\?"],"js_files":[{"id":"wajam_se_js","path":"se_js.php?se=yahoo\u0026integration=search_engine"}],"css":["search_engine"],"ajax_call":true,"listener_login":true,"listener_sync_bookmarks":false,
Searching for "Smart Defrag"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SDInit.exe]
"Path"="C:\Program Files (x86)\IObit\Smart Defrag 2\SDInit.exe"
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\IntelliType Pro\AppSpecific\SDInit.exe]
"Path"="C:\Program Files (x86)\IObit\Smart Defrag 2\SDInit.exe"
Searching for "Tarma Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"TinFolder"="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"DisplayIcon"="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer]
-= EOF =-


----------



## obxtony (Aug 17, 2008)

Well it looks like thats it!! at last, couple of items there caught my eye!! Im gonna castrat the young so n so,damn good job my wife isnt able to see it, little blighter needsa hormone check I think, last time he gets to use the machine, I never realised how often nor for how long he has been using it, looks like everytime we went on hollidays and he and family were here looking after the dogs, !!
Hope I got all this in the right order , I think I was just trying to send to much at one time!
Talk soon 
and thanks again!
Tony


----------



## obxtony (Aug 17, 2008)

Oh Oh..Cant play BF3 now, cant even install it, when I try it just brings up a word page!
Up the creek without a paddle now sigh!:down:


----------



## eddie5659 (Mar 19, 2001)

Good grief, wasn't expecting all that in the registry. We'll update MBAM and run a scan later on.

We'll get rid of the actual folders though, which will help. Also, for all the stuff that you found and deleted but is left in the Recycle Bin, it should be okay to delete. I assume it was music, video's etc.

I did notice iMesh popped up. Do you still have that installed, as its another sharing program? Din't spot it at the beginning, just saw it now.

As for BF3, we'll have a look at that in a bit. Lets remove all the rubbish first.

------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> Folder::
> C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1
> C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote
> C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## eddie5659 (Mar 19, 2001)

For BF3, do you still have Origin installed?


----------



## obxtony (Aug 17, 2008)

sorry edie but when I clicked on csscript it did a complete scan I never had the screen you showed above so never had chance to put in the file!! and I do still have origin installed!


----------



## obxtony (Aug 17, 2008)

I ment the combofix!


----------



## obxtony (Aug 17, 2008)

wel I did as asked I think!!
and here is the HUGE file, probably in sections again!!
ComboFix 12-04-10.01 - tony 17/04/2012 17:44:55.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6103.4005 [GMT 1:00]
Running from: c:\downloads\desktop\ComboFix.exe
Command switches used :: c:\users\tony\Documents\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BANDOO
c:\program files (x86)\iMesh Applications\MediaBar
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Game Booster\license.dat
c:\program files (x86)\Maps4PC_0c
c:\program files (x86)\Maps4PC_0c\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\Maps4PC_0c\bar\1.bin\chrome\0cffxtbr.jar
c:\program files (x86)\Maps4PC_0c\bar\1.bin\INSTALL.RDF
c:\program files (x86)\Maps4PC_0c\bar\1.bin\LOGO.BMP
c:\program files (x86)\Maps4PC_0c\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\Maps4PC_0c\bar\Message\COMMON.T8S
c:\program files (x86)\Maps4PC_0c\bar\Settings\s_pid.dat
c:\program files (x86)\Maps4PC_0cEI
c:\program files (x86)\Yontoo
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\program files (x86)\Yontoo\YontooIEClient_2.dll
c:\programdata\Bandoo
c:\programdata\IObit
c:\programdata\IObit\Game Booster\GameBooster.ini
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Conduit
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Conduit\Community Alerts\Alert.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Conduit\Community Alerts\Alert0.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngin1.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngine.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\datastate.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\fav.ico
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\FileMonitor.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMFUpdater.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IntegrateFilter.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IObitCommunities.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\LatestNews\LatestNews.ini
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\RegFilter.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Scan.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\StartMenu.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\taskmgr.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\TaskSchedule.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\unins001.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\URLFilter.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\SDDriverMgr.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\SDInit.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\Skins\Black\Layout.ini
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\Skins\White\Layout.ini
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\taskMgr.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Maps4PC_0c
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\tbRadi.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\UNWISE.EXE
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuz0.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuz1.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuz2.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuze.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\uninstall.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\UNWISE.EXE
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\main.ico
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\UNWISE.EXE
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\UnwiseLauncher.exe
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado\BitTornado.lnk
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado\Uninstall.lnk
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Uninstall IObit Malware Fighter.lnk
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Conduit
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\AddedAppDialog\app-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\DetectedAppDialog\app-2go.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\DialogsAPI.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\excanvas.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\PIE.htc
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\SearchProtectorDialog\SearchProtector.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\settings.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\tbVuz2.dll
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\AddedAppDialog\app-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\DetectedAppDialog\app-2go.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\DialogsAPI.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\excanvas.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\PIE.htc
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\SearchProtectorDialog\SearchProtector.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\settings.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\tbVuz2.dll
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter\config.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Uninstaller\SoftwareCache.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\Smart Defrag 2\Config.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire\Saved\pro sharaeza [crack][fixed]\patch.nfo
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire\Saved\pro sharaeza[keygenKaXaY]\patch.nfo
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire\Saved\track001\play_mp3.nfo
c:\users\All Users\IObit\Game Booster\GameBooster.ini
c:\users\tony\AppData\Local\BearShare
c:\users\tony\AppData\Local\Conduit
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\DialogsAPI.js
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\PIE.htc
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\settings.js
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\version.txt
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=897164&fid=892962.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=909619&fid=905414.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_UK.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\LanguagePacks\en.xml
c:\users\tony\AppData\Local\ConduitEngine
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\tony\AppData\Local\ConduitEngine\ConduitEngine.dll


----------



## obxtony (Aug 17, 2008)

2nd!
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\AddedAppDialog\app-added.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\AddedAppDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DefualtImages\icon.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DetectedAppDialog\app-2go.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DetectedAppDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DialogsAPI.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\EngineFirstTimeDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\EngineFirstTimeDialog\right-click.gif
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\excanvas.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\generalDialogStyle.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\PIE.htc
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\RoundedCorners.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\RoundedCornersIE9.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Images\info.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Images\ok-on.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Images\ok.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\SearchProtector.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\settings.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\arrow.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\divider.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\facebook.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAddedAppDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppPendingDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\version.txt
c:\users\tony\AppData\Local\ConduitEngine\EngineSettings.json
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\Repository\conduit_ConduitEngine\dynamicDialogs\data.txt
c:\users\tony\AppData\Local\ConduitEngine\toolbar.cfg
c:\users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\tony\AppData\LocalLow\alotappbar
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_1007\images\1d14fe3350fef6b2cc0a4aa18ac5b0db.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_1008\images\88ac62cafc726fd05565fbb5981844b6.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_1612\images\4cb927452934d40a524bcd2eb975243f.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_2236\images\e19573a183f93bca062661bbb11462af.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_2254\images\8cffb8b3ba4df43dea939ac6952b3f2f.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_3562\images\d5aed714f2ab2d7fd8fd3f0b12d30a11.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_4629\images\7b2fdf9965fe4ff9b4ccddc50297c066.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_4646\images\d266238ef1b54a74043dfbe7eac42ef4.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_5511\images\fb796f56943073aada06a608516f386b.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_55411\images\b4aea870790b204b1b0945551ba97d45.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_5809\images\dea85611eacb320a29fe17b8907b7e05.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_5862\images\31b7f2c3bcbce9030f42ad480a938327.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_7035\images\d29600b50183c9cf8d52487c994299aa.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\domains.dat
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\add-app-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\add-app.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-13x13.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-16x16.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-65x34-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-65x34.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-95x55.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\cog-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\cog.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\discover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\error-icon.jpg
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\favicon.ico
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\loading.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\magnifying-glass.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\search-button-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\search-button.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\palette-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\palette.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\caption-bg.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\close-hover.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\close.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\configure-hover.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\configure.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\refresh-hover.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\refresh.bmp
c:\users\tony\AppData\LocalLow\alotappbar\toolbar.xml
c:\users\tony\AppData\LocalLow\alotappbar\toolbar.xml.backup
c:\users\tony\AppData\LocalLow\bearsharemediabartb
c:\users\tony\AppData\LocalLow\bearsharemediabartb\dtx.ini
c:\users\tony\AppData\LocalLow\bearsharemediabartb\guid.dat
c:\users\tony\AppData\LocalLow\Conduit
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\CacheIcons\http___alert_storage_conduit_com_57_1_15257_Images_634035703069522500_png.png
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=800208&fid=796027.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=897164&fid=892962.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=909619&fid=905414.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_15257_14923_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_15257_14923_US.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_800208_796027_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml
c:\users\tony\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_7_1_1.xml
c:\users\tony\AppData\LocalLow\Maps4PC_0c
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094AF4
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094E00
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094F38.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094FD4.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00095051.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\0009508F.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\000950DD.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\0009621C.jhtml
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\0009894B
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00099CEA.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\files.ini
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\History\search3
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\btmarrow.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\cancel.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\config.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\continue.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\dispatch.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\divider.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\gcancel.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\index.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\infobar.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\jquery.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\la.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lbcs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lbms.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lca.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcfc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcm.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcso.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lctn.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ldb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ldbg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lddg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lff.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lffb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lgs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lgw.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lha.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lhp.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lia.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\liwon.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lkazulah.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmd.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmfc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmh.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmma.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmosh.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmwf.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmws.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lobm.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\loryte.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lpss.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lqc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lrb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lrg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lrr.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lsc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lscr.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lsi.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lssd.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ltrs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ltvf.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lvs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lwb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lwf.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lzwinky.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\mgaddons.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ok.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\overlay.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\pid.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\qstring.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\shield.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\spacer.swf
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\toolbar.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\yelgrey.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\yellowbg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\zEnable.css
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\zEnable.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\zEnable.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\8_step1.gif
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\index.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\rebut4b.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\shield.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\prevcfg2.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\s_ie9mrd.dat
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\s_w1.dat
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\s_w2.dat
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\setting3.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\Shared\Cache\PopupProperties200401567.html
c:\users\tony\AppData\LocalLow\Maps4PC_0c\Shared\Cache\Radio.html
c:\users\tony\AppData\LocalLow\Maps4PC_0cEI
c:\users\tony\AppData\LocalLow\Maps4PC_0cEI\Installr\Cache\files.ini
c:\users\tony\AppData\LocalLow\mediabarim
c:\users\tony\AppData\LocalLow\mediabarim\dtx.ini
c:\users\tony\AppData\LocalLow\mediabarim\geodata.xml
c:\users\tony\AppData\LocalLow\mediabarim\geoip.xml
c:\users\tony\AppData\LocalLow\mediabarim\guid.dat
c:\users\tony\AppData\LocalLow\mediabarim\log.txt
c:\users\tony\AppData\LocalLow\mediabarim\preferences.dat
c:\users\tony\AppData\LocalLow\mediabarim\stats.dat
c:\users\tony\AppData\LocalLow\mediabarim\uninstallIE.dat
c:\users\tony\AppData\LocalLow\mediabarim\version.xml
c:\users\tony\AppData\LocalLow\mediabarim\weather\29dcc30c46c4a16ee5aa734a33f534e4
c:\users\tony\AppData\LocalLow\mediabarim\weather\b7974346827291993f35920e4c828c59
c:\users\tony\AppData\LocalLow\mediabarim\weather\forecasts_cache.xml
c:\users\tony\AppData\LocalLow\mediabarim\weather\observations_cache.xml
c:\users\tony\AppData\LocalLow\mediabarim\weatherbutton_prefs.xml


----------



## obxtony (Aug 17, 2008)

3rd!!!!
c:\users\tony\AppData\LocalLow\MyWebSearch
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\000164DA
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297233
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297696
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\002977ED.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\002979B2.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297C70.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297ED0.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0029818E.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A056.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A1CC.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A3DF.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A6DB.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\History\search3
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\btmarrow.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\cancel.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\config.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\continue.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\dispatch.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\divider.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\gcancel.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\index.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\infobar.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\jquery.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\la.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lbcs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lbms.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lca.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcfc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcm.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcso.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lctn.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ldb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ldbg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lddg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lff.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lffb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lgs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lgw.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lha.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lhp.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lia.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\liwon.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lkazulah.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmd.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmfc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmh.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmma.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmosh.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmwf.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmws.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lobm.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\loryte.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lpss.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lqc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lrb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lrg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lrr.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lsc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lscr.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lsi.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lssd.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ltrs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ltvf.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lvs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lwb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lwf.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lzwinky.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ok.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\overlay.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\pid.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\qstring.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\shield.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\spacer.swf
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\toolbar.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\yelgrey.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\yellowbg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\zEnable.css
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\zEnable.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\zEnable.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat
c:\users\tony\AppData\LocalLow\PriceGong
c:\users\tony\AppData\LocalLow\PriceGong\Data\1.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\a.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\b.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\c.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\d.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\e.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\f.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\g.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\ghkdejrtse.tmp
c:\users\tony\AppData\LocalLow\PriceGong\Data\h.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\i.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\J.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\k.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\l.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\m.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\mru.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\n.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\o.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\p.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\q.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\r.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\s.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\t.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\u.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\v.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\w.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\x.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\y.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\z.xml
c:\users\tony\AppData\LocalLow\searchqutb
c:\users\tony\AppData\LocalLow\searchqutb\dtx.ini
c:\users\tony\AppData\Roaming\Bandoo
c:\users\tony\AppData\Roaming\IObit
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\AutoSweep.ini
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-07-13(20-49-03).reg
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Ignore.ini
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Log\ASCLog-2011-07-13(20-49-03).txt
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Main.ini
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor\Config.ini
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-03-26.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-04-02.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-04-03.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-04-07.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\SoftwareCache.ini
c:\users\tony\AppData\Roaming\LimeWire
c:\users\tony\AppData\Roaming\LimeWire\browser\xul-v2.0b2.5-do-not-remove
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\tony\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\tony\AppData\Roaming\LimeWire\createtimes.cache


----------



## obxtony (Aug 17, 2008)

4th and last I hope!
c:\users\tony\AppData\Roaming\LimeWire\downloads.dat
c:\users\tony\AppData\Roaming\LimeWire\fileurns.cache
c:\users\tony\AppData\Roaming\LimeWire\gnutella.net
c:\users\tony\AppData\Roaming\LimeWire\installation.props
c:\users\tony\AppData\Roaming\LimeWire\library.dat
c:\users\tony\AppData\Roaming\LimeWire\library5.dat
c:\users\tony\AppData\Roaming\LimeWire\limewire.props
c:\users\tony\AppData\Roaming\LimeWire\lock
c:\users\tony\AppData\Roaming\LimeWire\mojito.props
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\1FEE1D13d01
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\2C5B4A30d01
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\tony\AppData\Roaming\LimeWire\player.props
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\tony\AppData\Roaming\LimeWire\questions.props
c:\users\tony\AppData\Roaming\LimeWire\responses.cache
c:\users\tony\AppData\Roaming\LimeWire\restaccess.txt
c:\users\tony\AppData\Roaming\LimeWire\simpp.cert
c:\users\tony\AppData\Roaming\LimeWire\simpp.xml
c:\users\tony\AppData\Roaming\LimeWire\spam.dat
c:\users\tony\AppData\Roaming\LimeWire\tables.props
c:\users\tony\AppData\Roaming\LimeWire\update.cert
c:\users\tony\AppData\Roaming\LimeWire\urns.dat
c:\users\tony\AppData\Roaming\LimeWire\version.xml
c:\users\tony\AppData\Roaming\LimeWire\versions.props
c:\users\tony\AppData\Roaming\LimeWire\xml\data\torrent.sxml3
c:\users\tony\AppData\Roaming\LimeWire\xml\data\video.sxml3
c:\users\tony\AppData\Roaming\system.conf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\f3PSSavr.scr
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 16:49 . 2012-04-17 16:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-17 16:49 . 2012-04-17 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 19:31 . 2012-04-16 19:31 -------- d-----w- c:\programdata\ATI
2012-04-16 19:31 . 2012-04-16 19:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-15 11:38 . 2012-04-15 11:38 447 ----a-w- C:\user.js
2012-04-15 08:47 . 2012-04-17 16:56 -------- d-----w- c:\program files (x86)\Steam
2012-04-14 11:43 . 2012-04-14 11:43 -------- d-----w- c:\users\tony\AppData\Local\Wajam
2012-04-14 11:43 . 2012-04-14 20:09 -------- d-----w- c:\program files (x86)\Wajam
2012-04-12 14:46 . 2012-04-12 14:46 -------- d-----w- C:\_OTL
2012-04-07 18:26 . 2012-04-07 20:04 -------- dc----w- c:\users\tony\AppData\Local\MigWiz
2012-04-07 08:34 . 2012-04-07 08:34 -------- d-----w- c:\program files (x86)\Safer Networking
2012-04-07 08:12 . 2012-04-14 20:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-07 08:12 . 2012-04-14 20:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-06 13:42 . 2012-04-06 14:02 -------- d-----w- c:\users\tony\AppData\Roaming\calibre
2012-04-06 13:42 . 2012-04-14 20:09 -------- d-----w- c:\program files (x86)\Calibre2
2012-04-05 19:19 . 2012-04-05 19:19 -------- d-----w- c:\users\tony\Doctor Web
2012-04-05 19:15 . 2012-04-05 19:15 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-04-05 09:51 . 2012-04-07 19:26 -------- d-----w- c:\program files (x86)\7-Zip
2012-04-04 20:20 . 2012-04-07 06:21 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-04-04 19:39 . 2012-04-04 19:39 691 ----a-w- c:\users\tony\AppData\Roaming\GetValue.vbs
2012-04-04 19:39 . 2012-04-04 19:39 35 ----a-w- c:\users\tony\AppData\Roaming\SetValue.bat
2012-04-04 19:16 . 2012-04-04 19:16 388096 ----a-r- c:\users\tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 19:16 . 2012-04-04 19:16 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-04 13:11 . 2012-04-07 19:46 -------- d-----w- c:\programdata\Doctor Web
2012-04-03 19:43 . 2012-04-04 19:54 -------- d-----w- c:\users\tony\AppData\Local\FileTypeAssistant
2012-04-03 19:42 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\File Type Assistant
2012-04-03 17:31 . 2012-04-07 06:21 -------- d-----w- c:\windows\en
2012-04-03 17:27 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-03 17:27 . 2012-04-07 06:21 -------- d-----w- c:\program files (x86)\Windows Live
2012-04-03 17:22 . 2012-04-03 17:22 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49e3c6cc1cd11be05\bingbarsetup.exe
2012-04-03 17:21 . 2012-04-03 17:21 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3ab9c82a1cd11be04\MeshBetaRemover.exe
2012-04-03 17:21 . 2012-04-03 17:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DSETUP.dll
2012-04-03 17:21 . 2012-04-03 17:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DXSETUP.exe
2012-04-03 17:21 . 2012-04-03 17:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\dsetup32.dll
2012-04-03 16:51 . 2012-04-03 16:51 -------- d-----w- c:\users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-04-03 16:49 . 2012-04-07 06:21 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-04-03 13:07 . 2012-04-03 13:07 -------- d-----w- c:\users\tony\DoctorWeb
2012-04-03 12:18 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-04-03 12:18 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 14:36 . 2012-04-14 20:09 -------- d-----w- c:\users\tony\AppData\Roaming\AVG2012
2012-04-02 14:34 . 2012-04-07 06:21 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-02 14:34 . 2012-04-17 14:46 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-02 14:34 . 2012-04-02 14:34 -------- d-----w- C:\$AVG
2012-04-02 13:19 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\Avast
2012-04-02 11:35 . 2012-04-02 12:58 -------- d-----w- c:\programdata\Alwil Software
2012-04-01 19:21 . 2012-04-07 06:21 -------- d-----w- c:\programdata\InstallShield
2012-04-01 19:20 . 2012-04-01 19:20 -------- d-----w- c:\program files (x86)\Medea International Ltd
2012-04-01 19:10 . 2012-04-03 13:33 -------- d-----w- c:\program files (x86)\Easy CD & DVD Cover Creator
2012-04-01 08:22 . 2012-04-13 20:22 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 07:45 . 2012-04-13 20:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 18:43 . 2012-03-26 18:43 -------- d-----w- c:\users\tony\AppData\Roaming\NCH Software
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 20:31 . 2012-01-11 20:39 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-16 20:30 . 2010-05-23 17:57 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2012-04-16 20:30 . 2010-05-09 17:03 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-13 20:50 . 2010-05-16 18:14 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-13 20:22 . 2011-05-18 17:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 08:43 . 2010-03-18 22:09 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-10 08:42 . 2010-05-23 17:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-10 08:42 . 2010-03-18 22:09 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-07 15:24 . 2010-05-09 17:03 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-26 14:45 . 2011-04-27 11:32 101360 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2010-08-04 00:54 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2012-02-15 03:17 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2010-08-04 00:21 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2010-08-04 00:28 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-02-15 02:25 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2010-03-03 03:06 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2010-08-04 00:14 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-05 15:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-03-18 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 04:25 . 2012-02-22 04:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 04:25 . 2012-02-22 04:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-21 16:16 . 2012-02-21 16:16 53248 ----a-r- c:\users\tony\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-31 03:46 . 2012-01-31 03:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-17_15.39.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-17 16:52 . 2012-04-17 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-17 15:38 . 2012-04-17 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-17 16:52 . 2012-04-17 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-17 15:38 . 2012-04-17 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-17 16:49 309760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-17 15:34 309760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-16 22:06 . 2012-04-17 16:49 37494572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1524944666-1662594902-3796366332-1000-12288.dat
- 2010-04-16 22:06 . 2012-04-17 15:34 37494572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1524944666-1662594902-3796366332-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-15 1242448]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-12-01 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-04 296056]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-05-03 306496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2010-10-04 25648]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-07 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-26 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-26 296048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-01-25 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/07 20:24];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-17 17:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-12-13 523136]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-26 976696]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:22]
.
2010-07-11 c:\windows\Tasks\Chameleon Monitor-startup-tony.job
- c:\program files (x86)\Common Files\Chameleon Manager\monitor.exe [2010-06-09 10:02]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 19:39]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 19:39]
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb118?a=6PQusNkZzZ&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,6c,43,24,25,8a,80,e7,f0,47,31,4d,2a,29,09,b8,f3,54,80,47,31,9a,4c,
e9,5c,fe,a6,10,b8,ad,2c,41,6c,c3,b4,a9,3f,b9,3f,1c,bd,76,14,26,15,dd,40,aa,\
"??"=hex:eb,d2,a3,8f,e2,18,9a,95,4e,92,26,3d,b4,8d,f6,c8
.
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SecuROM\License information*]
"datasecu"=hex:98,b9,91,0b,e2,bd,b5,c5,e3,c5,26,03,0e,b6,f5,7d,94,13,82,97,23,
8f,e3,c0,12,a6,76,74,d1,9b,6c,ee,67,29,89,01,2d,6b,62,37,30,36,ab,f1,df,1d,\
"rkeysecu"=hex:5b,db,b1,5f,32,d6,7e,fa,9e,17,6e,58,3b,5a,95,4c
.
[HKEY_LOCAL_MACHINE\software\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-04-17 18:03:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 17:03
ComboFix2.txt 2012-04-17 15:49
ComboFix3.txt 2012-04-10 16:21
.
Pre-Run: 1,076,543,610,880 bytes free
Post-Run: 1,076,277,735,424 bytes free
.
- - End Of File - - 166F8609C02C28A0545D2E0237952F27


----------



## obxtony (Aug 17, 2008)

there you go, piece of cake for a guru like me!!!!!!!!!!!!!


----------



## eddie5659 (Mar 19, 2001)

Made my day reading the last comment after reading all the logs 

Okay, well, it looks like its removed all of it, as you can tell 

I'm still in the process of checking the files that you uplaoded. One has been removed already (it snuck in the Combofix removal, so it was targeted). 3 are okay, but just checking the 5th. I'll let you know as soon as I can, but may take a while.

---

We have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future. These entries are legit, but we try and compile a list of good/bad, to help everyone 

Can you run the following in SystemLook again:


```
:file
C:\Windows\SysNative\drivers\AVer888RC_64.sys
C:\Windows\SysNative\drivers\AVer888RCIR_64.sys
C:\Windows\system32\drivers\dw_wfp.sys
C:\Program Files (x86)\DrWeb\dwservice.exe
C:\Program Files (x86)\DrWeb\dwnetfilter.exe
```
I promise it will be a small log 

Now, apart from BF3, we're nearly there. Just a couple of more things for the leftovers, then we'll look at BF3 

-----------

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

-------

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *unticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.

On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan

------------

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

eddie


----------



## obxtony (Aug 17, 2008)

sorry this the only way I can find to send the file!


```
OTS logfile created on: 17/04/2012 21:59:15 - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 996.79 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 359.04 Gb Free Space | 77.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TONY-PC
Current User Name: tony
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\tony\Downloads\OTS.exe -> [2012/04/17 21:58:27 | 000,646,656 | ---- | M] (OldTimer Tools)
pnkbstrb.exe -> C:\Windows\SysWOW64\PnkBstrB.exe -> [2012/04/16 21:31:08 | 000,189,248 | ---- | M] ()
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/04/16 21:30:59 | 000,075,064 | ---- | M] ()
kiespdlr.exe -> C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -> [2012/04/04 06:05:28 | 000,021,392 | ---- | M] ()
rapportservice.exe -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -> [2012/03/26 15:44:40 | 001,668,920 | ---- | M] (Trusteer Ltd.)
rapportmgmtservice.exe -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2012/03/26 15:44:40 | 000,976,696 | ---- | M] (Trusteer Ltd.)
wajamupdater.exe -> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -> [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam)
avgtray.exe -> C:\Program Files (x86)\AVG\AVG2012\avgtray.exe -> [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -> [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgfws.exe -> C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -> [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgidsagent.exe -> C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -> [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.)
realsched.exe -> C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -> [2011/12/04 18:38:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.)
lws.exe -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -> [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.)
camerahelpershell.exe -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe -> [2011/11/11 15:07:54 | 000,265,240 | ---- | M] ()
cocimanager.exe -> C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe -> [2011/08/12 13:19:40 | 000,680,984 | ---- | M] ()
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
seaport.exe -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation)
hydradm.exe -> C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe -> [2009/12/01 23:37:30 | 000,385,024 | ---- | M] (AMD)
clmlsvc.exe -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe -> [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation)
hp_remote_solution.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe -> [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard)
batindicator.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe -> [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard)
cnyhkey.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe -> [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard)
modledkey.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe -> [2009/02/27 20:13:04 | 000,053,248 | ---- | M] ()
searchprotection.exe -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
sdwinsec.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
swsc.exe -> C:\Windows\SysWOW64\swsc.exe -> [2006/01/09 10:36:06 | 000,040,960 | ---- | M] ()
 
[Modules - No Company Name]
clisecurert.dll -> C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll -> [2012/04/17 17:54:51 | 000,115,137 | ---- | M] ()
kiespdlr.exe -> C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -> [2012/04/04 06:05:28 | 000,021,392 | ---- | M] ()
rapportms.dll -> C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll -> [2012/02/20 09:37:24 | 000,520,464 | ---- | M] ()
js32.dll -> C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll -> [2012/02/01 13:43:10 | 000,557,056 | ---- | M] ()
devmanagercore.dll -> C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll -> [2011/11/11 15:09:20 | 000,336,408 | ---- | M] ()
qtgui4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll -> [2011/11/11 15:08:18 | 007,956,504 | ---- | M] ()
qtxml4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll -> [2011/11/11 15:08:18 | 000,342,552 | ---- | M] ()
qjpeg4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll -> [2011/11/11 15:08:18 | 000,128,536 | ---- | M] ()
qgif4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll -> [2011/11/11 15:08:18 | 000,029,208 | ---- | M] ()
qtcore4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll -> [2011/11/11 15:08:06 | 002,145,304 | ---- | M] ()
camerahelpershell.exe -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe -> [2011/11/11 15:07:54 | 000,265,240 | ---- | M] ()
cocimanager.exe -> C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe -> [2011/08/12 13:19:40 | 000,680,984 | ---- | M] ()
system.management.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6989a7f98486e07c8853a1cbac0b018b\System.Management.ni.dll -> [2011/06/15 10:42:24 | 001,206,784 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\2b64b354c9d774b00e34a38ca2f2bbf5\System.Runtime.Remoting.ni.dll -> [2011/06/15 10:41:24 | 000,760,320 | ---- | M] ()
system.xaml.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cda290604367dfed56f629590d9b247f\System.Xaml.ni.dll -> [2011/06/15 10:41:13 | 001,777,664 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\443b11b528455611c7549b56349a56eb\System.Runtime.Remoting.ni.dll -> [2011/06/14 20:42:38 | 000,771,584 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll -> [2011/06/14 20:42:12 | 012,431,360 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll -> [2011/06/14 20:42:07 | 001,586,688 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93e867e55d7df3a8b4bd1aba3af6f18d\WindowsBase.ni.dll -> [2011/06/14 20:41:53 | 003,325,952 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll -> [2011/06/14 20:41:49 | 005,452,800 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll -> [2011/06/14 20:41:47 | 000,971,264 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll -> [2011/06/14 20:41:46 | 007,949,824 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll -> [2011/06/14 20:41:32 | 011,490,304 | ---- | M] ()
presentationframework.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3301988e8bf82eb201a369b200a62aff\PresentationFramework.ni.dll -> [2011/06/14 20:22:41 | 017,640,448 | ---- | M] ()
presentationcore.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1e7c8398208782f3052122e52ab5f811\PresentationCore.ni.dll -> [2011/06/14 20:22:31 | 011,059,200 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1af7f78f2e767951259c73e1a1a94627\System.Windows.Forms.ni.dll -> [2011/06/14 20:22:28 | 013,083,136 | ---- | M] ()
presentationframework.aero.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7256c72bca2e8230e59ce69b426f4e80\PresentationFramework.Aero.ni.dll -> [2011/06/14 20:22:21 | 000,450,048 | ---- | M] ()
system.core.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4fdda3a7262d4e7a6a6efb4ae2d8629b\System.Core.ni.dll -> [2011/06/14 20:22:12 | 007,029,760 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\17e40bc51087ecebc2a73dca2a192182\System.Xml.ni.dll -> [2011/06/14 20:22:09 | 005,577,728 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\219da7501f7f0b9129a781bad64b4079\WindowsBase.ni.dll -> [2011/06/14 20:22:09 | 003,783,680 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a315406b55b1be4a462e2a0b33c4ad13\System.Drawing.ni.dll -> [2011/06/14 20:22:08 | 001,651,712 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System\795237f85cf5c8ff5a0499604698be19\System.ni.dll -> [2011/06/14 20:22:06 | 009,027,072 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\658bbc023e2f4f4e802be9483e988373\mscorlib.ni.dll -> [2011/05/14 20:32:50 | 014,416,384 | ---- | M] ()
clmedialibrary.dll -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll -> [2009/12/01 21:49:50 | 000,931,112 | ---- | M] ()
modledkey.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe -> [2009/02/27 20:13:04 | 000,053,248 | ---- | M] ()
wminput.dll -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll -> [2009/02/19 18:22:50 | 000,028,672 | ---- | M] ()
swsc.exe -> C:\Windows\SysWOW64\swsc.exe -> [2006/01/09 10:36:06 | 000,040,960 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD)
64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com)
64bit-(wlcrasvc)  [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(PnkBstrB) PnkBstrB [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrB.exe -> [2012/04/16 21:31:08 | 000,189,248 | ---- | M] ()
(PnkBstrA) PnkBstrA [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/04/16 21:30:59 | 000,075,064 | ---- | M] ()
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated)
(RapportMgmtService) Rapport Management Service [Auto | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2012/03/26 15:44:40 | 000,976,696 | ---- | M] (Trusteer Ltd.)
(WajamUpdater) WajamUpdater [Auto | Running] -> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -> [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam)
(avgwd) AVG WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -> [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgfws) AVG Firewall [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -> [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AVGIDSAgent) AVGIDSAgent [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -> [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -> [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(CDMA Device Service) CDMA Device Service [Auto | Running] -> C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -> [2011/08/02 10:47:14 | 000,159,232 | ---- | M] ()
(HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company)
(NielsenUpdate) Nielsen Update [Disabled | Stopped] -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe -> [2011/05/03 19:46:26 | 000,306,496 | ---- | M] (The Nielsen Company)
(BBSvc) Bing Bar Update Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -> [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.)
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation)
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.)
(ezSharedSvc) Easybits Shared Services for Windows [Auto | Running] -> C:\Windows\SysWOW64\ezsvc7.dll -> [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS)
(SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
 
[Driver Services - Safe List]
64bit-(RapportKE64) RapportKE64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\RapportKE64.sys -> [2012/03/26 15:45:32 | 000,101,360 | ---- | M] (Trusteer Ltd.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation)
64bit-(Avgtdia) AVG TDI Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgtdia.sys -> [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(Avgldx64) AVG AVI Loader Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgldx64.sys -> [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(Avgrkx64) AVG Anti-Rootkit Driver [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\avgrkx64.sys -> [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(LVUVC64) Logitech Webcam 120(UVC) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\LVUVC64.sys -> [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.)
64bit-(LVRS64) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lvrs64.sys -> [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.)
64bit-(Avgmfx64) AVG Mini-Filter Resident Anti-Virus Shield [File_System | System | Running] -> C:\Windows\SysNative\drivers\avgmfx64.sys -> [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(AVGIDSFilter) AVGIDSFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\avgidsfiltera.sys -> [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(AVGIDSEH) AVGIDSEH [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\avgidseha.sys -> [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(AVGIDSDriver) AVGIDSDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\avgidsdrivera.sys -> [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(ssadmdm) SAMSUNG Android USB Modem Drivers [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssadmdm.sys -> [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation)
64bit-(ssadbus) SAMSUNG Android USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssadbus.sys -> [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation)
64bit-(ssadmdfl) SAMSUNG Android USB Modem (Filter) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssadmdfl.sys -> [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation)
64bit-(dc3d) MS Hardware Device Detection Driver (USB) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation)
64bit-(Point64) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\point64.sys -> [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation)
64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(Avgfwfd) AVG network filter service [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgfwd6a.sys -> [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(aswFW) avast! TDI Firewall driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswFW.sys -> [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software)
64bit-(aswNdis2) avast! Firewall Core Firewall Service [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\aswNdis2.sys -> [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software)
64bit-(aswNdis) avast! Firewall NDIS Filter Service [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\aswNdis.sys -> [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software)
64bit-(TFsExDisk) TFsExDisk [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TFsExDisk.sys -> [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc)
64bit-(taphss) Anchorfree HSS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\taphss.sys -> [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.)
64bit-(AVER_H193) AVerMedia H193 Video Capture [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVer888RC_64.sys -> [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.)
64bit-(CXCIR) AVerMedia Consumer Infrared Receiver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -> [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.)
64bit-(netr28x) Ralink 802.11n Extensible Wireless Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\netr28x.sys -> [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.)
64bit-(LVPr2M64) Logitech LVPr2M64 Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\LVPr2M64.sys -> [2009/10/07 02:45:50 | 000,030,232 | ---- | M] ()
64bit-(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation)
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(PCDSRVC{F36B3A4C-F95654BD-06000000}_0) PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver [Kernel | On_Demand | Stopped] -> c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -> [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek                                            )
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usb8023x.sys -> [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
(RapportPG64) RapportPG64 [Kernel | System | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -> [2012/03/26 15:45:32 | 000,296,048 | ---- | M] (Trusteer Ltd.)
(RapportEI64) RapportEI64 [Kernel | System | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -> [2012/03/26 15:45:32 | 000,055,056 | ---- | M] (Trusteer Ltd.)
(RapportCerberus_34302) RapportCerberus_34302 [Kernel | System | Running] -> C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -> [2011/12/07 20:10:59 | 000,397,520 | ---- | M] ()
(TFsExDisk) TFsExDisk [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -> [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc)
(nnfwdk) Nielsen WFP Driver [Kernel | System | Running] -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys -> [2010/10/04 19:06:28 | 000,025,648 | ---- | M] (The Nielsen Company)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -> [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -> [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
({55662437-DA8C-40c0-AADA-2C816A897A49}) Power Control [2010/01/07 20:24:33] [Kernel | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -> [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\npptNT2.sys -> [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.)
(prohlp02) StarForce Protection Helper Driver v2 [Kernel | Boot | Stopped] -> C:\Windows\System32\drivers\prohlp02.sys -> [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology)
(prodrv06) StarForce Protection Environment Driver v6 [Kernel | System | Stopped] -> C:\Windows\System32\drivers\prodrv06.sys -> [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology)
(sfhlp01) StarForce Protection Helper Driver [Kernel | Boot | Stopped] -> C:\Windows\System32\drivers\sfhlp01.sys -> [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology)
(prosync1) StarForce Protection Synchronization Driver v1 [Kernel | Boot | Stopped] -> C:\Windows\System32\drivers\prosync1.sys -> [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> [URL]http://www.yahoo.com/?ilc=8[/URL] -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://mystart.incredibar.com/mb118?a=6PQusNkZzZ&i=26[/URL] -> 
HKEY_CURRENT_USER\: Main\\"XMLHTTP_UUID_Default" -> 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43  [binary data] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [YTNavAssistPlugin Class] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected]_0c.com -> C:\PROGRAM FILES (X86)\MAPS4PC_0C\BAR\1.BIN -> 
HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} -> C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4\ [C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4\] -> [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} -> C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\ [C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\] -> [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\tony\AppData\Roaming\Mozilla\Extensions -> [2010/07/21 14:26:56 | 000,000,000 | ---D | M]
  -> C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2010/07/17 07:00:10 | 000,000,000 | ---D | M]
< HOSTS File > ([2012/04/17 17:53:52 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 001,321,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [AVG Safe Search] -> [2012/02/14 04:53:14 | 001,987,936 | ---- | M] (AVG Technologies CZ, s.r.o.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2012/03/22 18:27:05 | 000,253,040 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2011/12/04 18:38:32 | 000,425,680 | ---- | M] (RealPlayer)
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 000,898,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [AVG Safe Search] -> [2012/02/14 04:53:12 | 001,408,352 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} [HKLM] -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll [Wajam] -> [2012/04/12 18:32:08 | 000,260,616 | ---- | M] (Wajam)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2011/10/10 11:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/12/30 02:03:26 | 000,098,304 | ---- | M] ()
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar Helper] -> [2011/04/01 11:14:30 | 001,144,072 | ---- | M] (Microsoft Corporation.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/03/22 18:27:05 | 000,253,040 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar] -> [2011/04/01 11:14:30 | 001,144,072 | ---- | M] (Microsoft Corporation.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/03/22 18:27:05 | 000,253,040 | ---- | M] (Google Inc.)
WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"IntelliPoint" -> c:\Program Files\Microsoft IntelliPoint\ipoint.exe ["c:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2011/08/01 16:59:06 | 002,417,032 | ---- | M] (Microsoft Corporation)
"itype" -> c:\Program Files\Microsoft IntelliType Pro\itype.exe ["c:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2011/08/10 17:40:58 | 001,873,256 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AMD AVT" -> C:\Windows\SysWow64\cmd.exe [Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml] -> [2009/07/14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation)
"AVG_TRAY" -> C:\Program Files (x86)\AVG\AVG2012\avgtray.exe ["C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"] -> [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BATINDICATOR" -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe] -> [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard)
"HP Remote Solution" -> C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe] -> [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard)
"hpsysdrv" -> c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation)
"LaunchHPOSIAPP" -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe] -> [2009/04/03 19:24:42 | 000,385,024 | ---- | M] (Hewlett-Packard)
"LWS" -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide] -> [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2012/03/09 02:30:12 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.)
"TkBellExe" -> C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe ["C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot] -> [2011/12/04 18:38:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.)
"YSearchProtection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HydraVisionDesktopManager" -> C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe ["C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"] -> [2009/12/01 23:37:30 | 000,385,024 | ---- | M] (AMD)
"igndlm.exe" -> C:\Program Files (x86)\Download Manager\DLM.exe [C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork] -> [2009/10/27 18:18:00 | 001,103,216 | ---- | M] (IGN Entertainment)
"KiesHelper" -> C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s] -> [2012/04/04 06:05:14 | 000,954,256 | ---- | M] (Samsung)
"KiesPDLR" -> C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe] -> [2012/04/04 06:05:28 | 000,021,392 | ---- | M] ()
"Search Protection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
"SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"Steam" -> C:\Program Files (x86)\Steam\Steam.exe ["C:\Program Files (x86)\Steam\Steam.exe" -silent] -> [2012/04/15 10:37:06 | 001,242,448 | ---- | M] (Valve Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"ConsentPromptBehaviorAdmin"]\\"ConsentPromptBehaviorAdmin[/URL]" ->  [0] -> File not found
[URL="file://\\"ConsentPromptBehaviorUser"]\\"ConsentPromptBehaviorUser[/URL]" ->  [3] -> File not found
[URL="file://\\"EnableLUA"]\\"EnableLUA[/URL]" ->  [0] -> File not found
[URL="file://\\"PromptOnSecureDesktop"]\\"PromptOnSecureDesktop[/URL]" ->  [0] -> File not found
[URL="file://\\"HideFastUserSwitching"]\\"HideFastUserSwitching[/URL]" ->  [0] -> File not found
[URL="file://\\"New"]\\"New[/URL] Value #1" ->  [] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [145] -> File not found
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"DisableLockWorkstation"]\\"DisableLockWorkstation[/URL]" ->  [0] -> File not found
[URL="file://\\"DisableChangePassword"]\\"DisableChangePassword[/URL]" ->  [0] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download all with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlall.htm [file://C:\Program Files (x86)\Free Download Manager\dlall.htm] -> [2007/06/02 12:25:02 | 000,000,893 | ---- | M] ()
Download selected with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlselected.htm [file://C:\Program Files (x86)\Free Download Manager\dlselected.htm] -> [2007/06/02 12:25:02 | 000,000,463 | ---- | M] ()
Download video with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlfvideo.htm [file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm] -> [2007/07/27 00:34:42 | 000,001,706 | ---- | M] ()
Download with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dllink.htm [file://C:\Program Files (x86)\Free Download Manager\dllink.htm] -> [2007/06/02 12:25:02 | 000,002,140 | ---- | M] ()
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download all with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlall.htm [file://C:\Program Files (x86)\Free Download Manager\dlall.htm] -> [2007/06/02 12:25:02 | 000,000,893 | ---- | M] ()
Download selected with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlselected.htm [file://C:\Program Files (x86)\Free Download Manager\dlselected.htm] -> [2007/06/02 12:25:02 | 000,000,463 | ---- | M] ()
Download video with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlfvideo.htm [file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm] -> [2007/07/27 00:34:42 | 000,001,706 | ---- | M] ()
Download with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dllink.htm [file://C:\Program Files (x86)\Free Download Manager\dllink.htm] -> [2007/06/02 12:25:02 | 000,002,140 | ---- | M] ()
Google Sidewiki... ->  [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html] -> File not found
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DA58ACA7-18A6-403A-93DA-6E4172D43709}:{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [Button: AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 001,321,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2011/10/10 11:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Click to Call] -> [2011/10/10 11:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.)
{DA58ACA7-18A6-403A-93DA-6E4172D43709}:{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [Button: AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 000,898,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> [URL]http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s[/URL] -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0067DBFC-A752-458C-AE6E-B9C7E63D4824} [HKLM] -> [URL]http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab[/URL] [Device Detection] -> 
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> [URL]http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab[/URL] [PCPitstop Utility] -> 
{140E4DF8-9E14-4A34-9577-C77561ED7883} [HKLM] -> [URL]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab[/URL] [SysInfo Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [HKLM] -> [URL]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab[/URL] [CDownloadCtrl Object] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> [URL]http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab[/URL] [GMNRev Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0] -> 
{A27C56D2-3F58-4ABB-AA31-1168EDA6636F} [HKLM] -> [URL]http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab[/URL] [PCMaticVer Class] -> 
{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} [HKLM] -> [URL]https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab[/URL] [Battlefield Play4Free Updater] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/URL] [Java Plug-in 1.6.0_26] -> 
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> [URL]http://utilities.pcpitstop.com/da2/PCPitStop2.cab[/URL] [PCPitstop Exam] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{14A415D3-A49B-4310-B7F9-59487581C101}\\DhcpNameServer -> 192.168.1.254   (Realtek PCIe GBE Family Controller) -> 
{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}\\DhcpNameServer -> 192.168.1.254   (802.11n Wireless LAN Card) -> 
{C8BB1216-68BF-461B-AEAC-74DC30A29905}\\DhcpNameServer -> 192.168.42.129   (SAMSUNG Android USB Remote NDIS Network Device) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
systempropertiesperformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/14 02:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{E54729E8-BB3D-4270-9D49-7389EA579090}" [HKLM] -> C:\Windows\SysWOW64\ezUPBHook.dll [EasyBits Security Shield Hook - prevents launching insecure programs by kids] -> [2010/01/07 21:37:37 | 000,052,272 | ---- | M] (EasyBits Software Corp.)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0BD98A84-BEAC-4C88-B431-4D5BF2953B0F} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31261"][email protected],-31261[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{158B9081-018C-4BAF-883C-C3F787A3F9ED} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31285"][email protected],-31285[/EMAIL] | app=system | 
{2E212A26-0D2D-4918-BC20-417FDF20E48D} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31265"][email protected],-31265[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{3523CB2E-FCB7-4D0E-AA83-3366DB93F8D9} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28507"][email protected],-28507[/EMAIL] | app=system | 
{438F393B-E286-4F0D-B1A9-7721F813FD72} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28527"][email protected],-28527[/EMAIL] | app=system | 
{66C34473-E5C8-4750-88DF-64A6D36FE283} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31269"][email protected],-31269[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{6A61F0DD-B310-48BA-9F23-63443DE2802D} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=network discovery (ssdp-in) | app=c:\windows\system32\svchost.exe | svc=ssdpsrv | 
{6D87CD9E-DBB3-4C77-A436-4E958FBDFF7C} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28515"][email protected],-28515[/EMAIL] | app=system | 
{6E10C56A-0C9F-4A20-BD72-607CC16CC65C} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28503"][email protected],-28503[/EMAIL] | app=system | 
{7508839C-5663-47CB-8420-31E49D7173E8} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31253"][email protected],-31253[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{7950BCD1-CCED-40FD-8BF6-6247A64F8FAF} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28531"]name=[email protected],-28531[/EMAIL] | app=system | 
{799003F7-52DF-4032-A326-BD74FB0D378F} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28550"][email protected],-28550[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{7EF86CD5-5310-4942-B866-7B36477814CE} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{83527542-07A7-4BE5-8D85-285898F9D27D} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31277"][email protected],-31277[/EMAIL] | app=system | 
{BB2A524D-6099-42E1-B840-AC5DCE42FE9B} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28535"][email protected],-28535[/EMAIL] | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{C2C20A11-C17D-41A7-AA92-549AAD780F45} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{C94D862E-E557-4D94-8DF3-60F0A9927E5A} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28523"][email protected],-28523[/EMAIL] | app=system | 
{CF7892FF-BF68-4F6C-A445-51918B069D8A} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28511"][email protected],-28511[/EMAIL] | app=system | 
{D6B72E0C-FD27-4415-87CD-F5EECA411A17} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28539"][email protected],-28539[/EMAIL] | svc=rpcss | 
{E54EEC6A-550A-4B4B-8AED-588580441677} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28548"][email protected],-28548[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{E8DCD7B5-CD78-4F14-B4C6-B6A25AE69388} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31273"][email protected],-31273[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{E993DF6F-8697-40C5-A929-C895E5865466} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31289"][email protected],-31289[/EMAIL] | app=system | 
{EA4C36D7-3E36-44CE-8173-789AD45AC3F3} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31257"][email protected],-31257[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{F321CBD4-0983-43A5-8EAB-21140FBBA112} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28519"][email protected],-28519[/EMAIL] | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{048D50E0-388C-48BA-86C3-C05A0FF7A869} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{0AF0A027-326A-4E91-A7D9-ABA5798B7B6E} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31023"][email protected],-31023[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{0B4EBE19-480E-4BDC-90AE-D03B41A70A0B} -> profile=domain | protocol=17 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{0B999421-3B0C-416E-89F2-0EA6A50A1EE8} -> profile=private | protocol=1 | dir=out | action=allow | [EMAIL="[email protected],-28544"][email protected],-28544[/EMAIL] | 
{0C41A8BE-9EA8-4228-998E-4AE967321B03} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield: bad company 2 | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
{0F64B9FF-C2F5-4851-802B-F6A3BF80EFCB} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{1BFF9E59-D048-4981-8A31-105BDDBCFE6D} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{1E812969-676A-4CD4-A7BB-E7EF4FFBBAB0} -> profile=private | protocol=17 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{28A57F74-3A82-45AC-B861-91C8F3A7F244} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield: bad company 2 | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
{2A5F964F-518E-444B-A7B9-D3E5BB1BE9FD} -> profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31313"][email protected],-31313[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{2AF8CB34-D9AD-4F3D-99E1-113D4BD6EE19} -> profile=private | protocol=17 | dir=in | action=allow | name=ijjioptimizer.exe | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe | 
{2B2FF102-10CE-4BA6-9106-B28C7D747879} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31007"][email protected],-31007[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{306A11BC-0E0F-4D18-8D44-C2830428DB84} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31301"][email protected],-31301[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{35180188-7C15-4F1B-A98A-B0618B5CDA84} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31293"][email protected],-31293[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{363DB79F-FE39-4BA9-84CD-0037E96F7885} -> profile=private | protocol=6 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
{3891EA11-587A-4816-A150-AD390E39FA24} -> profile=private | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-28545"][email protected],-28545[/EMAIL] | 
{3B3E1F3C-BBA0-4191-A942-E423102669D4} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31305"][email protected],-31305[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{3C3DEE0D-07FC-4FF2-B380-AE94E1EFCB92} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
{3C78FB2E-9EA2-4ACD-A76B-62AA829B1E33} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
{3F6EF948-738E-4592-A5DA-6111F1B0D0BC} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{3F807600-46A5-420C-B06F-8403113142B4} -> profile=private | protocol=17 | dir=in | action=allow | name=muz aod app player | app=c:\windows\syswow64\muzapp.exe | 
{40068F64-6399-44B8-880C-94143202E4B1} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{45BCC314-730B-4D46-B1E6-6C5956A684D6} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{4C5E7299-7349-4970-B153-AACF44D458A7} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31317"][email protected],-31317[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{4D4D0687-6F47-4C0B-A4FD-90F629170F1E} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31281"][email protected],-31281[/EMAIL] | app=system | 
{5047A43C-51BD-401C-8B22-2A19286587BB} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
{5BA83309-78BD-42AA-9005-D9882D468841} -> profile=private | protocol=6 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
{5D112C76-6495-4E5F-971E-FEF2154CE918} -> profile=private | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
{619CF72A-6093-4302-81B8-0D8E62421204} -> profile=domain | protocol=6 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{62581B93-3265-4143-AEDF-8A94676CBE0F} -> profile=private | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
{65DACC5F-27AB-4D31-82D6-BC0D03147DDD} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{662FD4EC-0DC8-40A0-8B4B-6DA9B9AA7C35} -> profile=public | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{6A03AB5F-62F9-434F-BDFF-8F1AE9380D42} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
{6CDEF74B-4CC3-4A45-B827-48B448E47FFB} -> profile=private | protocol=6 | dir=in | action=allow | name=muz aod app player | app=c:\windows\syswow64\muzapp.exe | 
{73920F5F-9523-441A-B327-B18C6D13FAEA} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 3 | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
{743490F6-E464-407B-85E4-6891AFAD3215} -> dir=in | action=allow | name=programupdatecheck | app=c:\program files (x86)\file type assistant\tsassist.exe | 
{77BE3E79-6E80-4212-8F05-80BBD9E2F270} -> profile=private | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{78E15A02-F889-4431-A83E-C6FA45C716DA} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 3 | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A} -> profile=public | protocol=17 | dir=in | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{8174E542-19BA-49CD-856F-60EFB697335F} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{83313234-62D1-4018-B793-363DE7ED4424} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{88AFC28F-DCAB-4F4E-AACC-0E3591741628} -> profile=private | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{891EEA6B-6263-4187-B835-88022E3E2D27} -> profile=private | protocol=17 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{898D39EE-B680-4D62-9B0F-19567CCF48E4} -> profile=private | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{8DE5C862-82BF-4A64-A559-EF5A65C51658} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | 
{8E31C36D-E445-4ECD-9861-85E2161336E6} -> protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-502"][email protected],-502[/EMAIL] | app=system | 
{92459C5E-D350-4cba-AA74-C8F989C9336F} -> profile=private | protocol=6 | dir=out | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{927259DD-F21B-46AF-90CB-17157C30CA7C} -> profile=public | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{94D5DC1C-CA7A-400C-940D-16ACAFD630A4} -> profile=private | protocol=6 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{9A455DC0-8938-4451-9810-803D434BA1BA} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31297"][email protected],-31297[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{9BEEBBE0-EAE2-493F-BDDD-F4DB2241F24F} -> profile=private | protocol=6 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{9C14347F-AA90-40A0-9FF8-EF853289C4EF} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{9CBD5DF8-1917-4069-A918-F881E7315D69} -> profile=private | protocol=6 | dir=in | action=allow | name=ijjioptimizer.exe | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe | 
{A56BB65F-3BB3-474F-B3B8-EEC1DCFC7A86} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{AB1A2D0C-0966-45C0-81DE-797E6BE906E3} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{AB5F688E-2908-424B-B974-D6BDD3A3DD16} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31011"][email protected],-31011[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{AFEE0F81-50F6-45D8-8F54-41620F3C6BC2} -> profile=private | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{B078B2B6-A878-44ff-9BCC-458257924F96} -> profile=public | protocol=6 | dir=in | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{B1A40E4F-58DB-490f-9D18-55B5194E8BD5} -> profile=private | protocol=17 | dir=out | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{B20B7039-2DCF-4753-8D36-059411857C4E} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{B3E0D66E-0BC5-4435-8DCC-87B09F011090} -> profile=private | protocol=6 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{B6505FE5-8F64-4BEF-B10D-04107D56CA85} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31321"][email protected],-31321[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{B7F6541A-6AEA-405D-BEE0-CAF61D8858AA} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{BAAA85A2-2357-4815-A2A8-305A9757C2D7} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{C0F9278F-C9C8-4747-AEE6-874867C0DE8E} -> profile=private | protocol=6 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
{C3E9B20A-B7E2-4aab-9835-3C548937E46F} -> profile=private | dir=out | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{C99053D4-0C66-4ED5-B2B1-7B68BD22A64B} -> profile=private | protocol=1 | dir=in | action=allow | [EMAIL="[email protected],-28543"][email protected],-28543[/EMAIL] | 
{C9CF8E3B-EBC6-4311-92E3-947220987FAD} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
{D12E2195-7C07-479D-B364-5872D84DD261} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31309"][email protected],-31309[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{D39B906C-4C79-473A-90A9-010E06EE0920} -> profile=private | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{D3C0F77C-4D2B-42E2-BA56-42C4A29077DB} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{D89CA11E-B30C-4F0F-BC1D-FB582F5E8579} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
{E0AB3417-F4E5-4D70-91CA-A583D932950C} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31024"][email protected],-31024[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{E401C239-547C-4898-B5E5-735937F58EEB} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{E6DB07FB-66F7-4FB7-AB0E-638BF1AB9529} -> profile=private | protocol=17 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
{E845BCA9-3C3C-4357-B4D2-D5D9755A069E} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31003"][email protected],-31003[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{E8A0F33C-E9D0-4784-A2C7-25BBE5B26601} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{EB53174E-214C-4B84-81BB-BE7DF454858A} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{EB81C682-F79E-4732-9825-03F1E652148B} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
{EC2E65EB-D0C8-4545-BF5E-41158E047E2C} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{EE68ED65-4342-481A-9FDB-81B639DEC51D} -> profile=private | protocol=17 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
{F270B614-7FC3-429D-AC10-59FC96EC9C2A} -> profile=private | protocol=17 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
{F42823E8-90A8-4076-A5A5-4BB86EA744D3} -> profile=private | protocol=17 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{F75E4049-00BF-4E0C-B71A-111D3B28AF22} -> protocol=58 | dir=out | action=allow | [EMAIL="[email protected],-503"][email protected],-503[/EMAIL] | 
{FB3C034C-723C-48B5-9118-D6279D7D146E} -> profile=private | protocol=58 | dir=out | action=allow | [EMAIL="[email protected],-28546"][email protected],-28546[/EMAIL] | 
{FC3962DE-A873-4692-9719-534DC2DB7A8E} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{FDC3B3F5-E9EF-43AC-AE75-A0E28A49288E} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31025"][email protected],-31025[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
TCP Query User{0C9D268A-F481-4207-9E23-FF8A7EF95128}C:\program files (x86)\505games\1c\men of war\mow.exe -> profile=private | protocol=6 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow.exe | 
TCP Query User{28C8F17F-E026-4B3A-9047-5F53D211BA36}C:\program files (x86)\505games\1c\men of war\mow_mp.exe -> profile=private | protocol=6 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow_mp.exe | 
TCP Query User{28EA2D27-67DF-480A-9CA7-B7ED3AA5DFD3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=6 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
TCP Query User{3CDAA89A-9916-4679-A38B-024209D3FFB1}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe -> profile=public | protocol=6 | dir=in | action=block | name=hpnetworkcommunicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
TCP Query User{52DB951E-49C4-48AC-8DE0-4D72C9BF81B0}C:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe -> profile=private | protocol=6 | dir=in | action=allow | name=silent hunter iv | app=c:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe | 
TCP Query User{693C73F4-26CE-4ABF-A46F-BCF1E63C4037}C:\program files (x86)\ijji\ijji reactor\reactor.exe -> profile=private | protocol=6 | dir=in | action=allow | name=reactor application | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe | 
TCP Query User{6E528DCC-BF03-4A18-BA08-3F6654025456}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
TCP Query User{A43BBE6A-C59E-4BC4-92A8-A5820361F58E}C:\program files (x86)\free download manager\fdm.exe -> profile=private | protocol=6 | dir=in | action=allow | name=free download manager | app=c:\program files (x86)\free download manager\fdm.exe | 
TCP Query User{B3A4F668-4F24-412C-B56F-A82766C53BFB}C:\program files (x86)\tvuplayer\tvuplayer.exe -> profile=private | protocol=6 | dir=in | action=block | name=tvuplayer component | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
TCP Query User{C16516B3-A828-4934-862B-74192F61A171}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{DCB611B9-5C2E-43C1-93CB-41CEF936DC32}C:\program files (x86)\ubisoft\silenthunteriii\sh3.exe -> profile=private | protocol=6 | dir=in | action=allow | name=silent hunter iii | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe | 
UDP Query User{53A37BD1-E0AB-4561-A3F1-17F590CE16CE}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
UDP Query User{93366096-33CB-4929-9262-4E756CDB0C62}C:\program files (x86)\505games\1c\men of war\mow_mp.exe -> profile=private | protocol=17 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow_mp.exe | 
UDP Query User{9C637C33-7E89-479D-ACBB-69F21D2F9CE7}C:\program files (x86)\tvuplayer\tvuplayer.exe -> profile=private | protocol=17 | dir=in | action=block | name=tvuplayer component | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
UDP Query User{A93B18FC-3AB6-4A1E-9A2B-B47314EB9208}C:\program files (x86)\ijji\ijji reactor\reactor.exe -> profile=private | protocol=17 | dir=in | action=allow | name=reactor application | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe | 
UDP Query User{B3CB5CA5-3661-43C5-BE3A-6EE75443E3A3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=17 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
UDP Query User{B5F40723-7538-4C91-A3C7-1E258045C904}C:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe -> profile=private | protocol=17 | dir=in | action=allow | name=silent hunter iv | app=c:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe | 
UDP Query User{BB25790D-8B4C-4655-BF41-824292B1CF42}C:\program files (x86)\ubisoft\silenthunteriii\sh3.exe -> profile=private | protocol=17 | dir=in | action=allow | name=silent hunter iii | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe | 
UDP Query User{BE015D6A-D911-4892-9811-CEB133D38D95}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{C5CE4881-43C6-4F44-8B21-8E950B1996E8}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe -> profile=public | protocol=17 | dir=in | action=block | name=hpnetworkcommunicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
UDP Query User{E94CECB8-2460-4EB2-9924-9FCF0EB7B3B0}C:\program files (x86)\free download manager\fdm.exe -> profile=private | protocol=17 | dir=in | action=allow | name=free download manager | app=c:\program files (x86)\free download manager\fdm.exe | 
UDP Query User{F30792C6-5BBE-48CE-BD6F-00039949EB59}C:\program files (x86)\505games\1c\men of war\mow.exe -> profile=private | protocol=17 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
E:\AutoRun.exe [MZ | ] -> E:\AutoRun.exe [ CDFS ] -> [2011/10/07 14:22:00 | 068,472,672 | R--- | M] (Electronic Arts)
E:\Autorun [] -> E:\Autorun [ CDFS ] -> [2011/10/08 00:24:21 | 000,000,000 | ---D | M]
E:\Autorun.ico [] -> E:\Autorun.ico [ CDFS ] -> [2011/09/09 20:35:07 | 000,206,657 | R--- | M] ()
E:\autorun.inf [[autorun] |  | open=Autorun.exe |  | Icon=Autorun.ico |  | Name=Battlefield 3 |  | ] -> E:\autorun.inf [ CDFS ] -> [2011/10/08 00:24:21 | 000,000,144 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/04/17 17:54:09 | 000,000,000 | -HSD | C]
 New folder -> C:\Users\tony\Desktop\New folder -> [2012/04/17 17:49:07 | 000,000,000 | ---D | C]
 ComboFix -> C:\ComboFix -> [2012/04/17 17:43:25 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2012/04/17 16:21:59 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2012/04/17 16:21:59 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/04/17 16:21:59 | 000,060,416 | ---- | C] (NirSoft)
 OriginSetup.exe -> C:\Users\tony\Desktop\OriginSetup.exe -> [2012/04/16 20:48:13 | 035,859,328 | ---- | C] (Electronic Arts, Inc.)
 ATI -> C:\ProgramData\ATI -> [2012/04/16 20:31:39 | 000,000,000 | ---D | C]
 AMD AVT -> C:\Program Files (x86)\AMD AVT -> [2012/04/16 20:31:07 | 000,000,000 | ---D | C]
 Catalyst Control Center -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center -> [2012/04/16 20:30:47 | 000,000,000 | ---D | C]
 {CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212} -> C:\Users\tony\AppData\Local\{CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212} -> [2012/04/15 12:40:48 | 000,000,000 | ---D | C]
 {3B990DC9-EA51-4864-B87C-6377D261C81F} -> C:\Users\tony\AppData\Local\{3B990DC9-EA51-4864-B87C-6377D261C81F} -> [2012/04/15 12:40:26 | 000,000,000 | ---D | C]
 Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2012/04/15 12:38:33 | 000,000,000 | ---D | C]
 Steam -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam -> [2012/04/15 09:47:57 | 000,000,000 | ---D | C]
 Steam -> C:\Program Files (x86)\Steam -> [2012/04/15 09:47:57 | 000,000,000 | ---D | C]
 {D0C320BA-AF65-47CD-AC17-D3EEE86B441C} -> C:\Users\tony\AppData\Local\{D0C320BA-AF65-47CD-AC17-D3EEE86B441C} -> [2012/04/14 16:20:29 | 000,000,000 | ---D | C]
 {AC38A120-D29E-485F-97B1-67C9565F99A6} -> C:\Users\tony\AppData\Local\{AC38A120-D29E-485F-97B1-67C9565F99A6} -> [2012/04/14 16:20:08 | 000,000,000 | ---D | C]
 Wajam -> C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam -> [2012/04/14 12:43:29 | 000,000,000 | ---D | C]
 Wajam -> C:\Users\tony\AppData\Local\Wajam -> [2012/04/14 12:43:26 | 000,000,000 | ---D | C]
 Wajam -> C:\Program Files (x86)\Wajam -> [2012/04/14 12:43:25 | 000,000,000 | ---D | C]
 {FE2575D4-938B-463C-BF48-D19364A6D836} -> C:\Users\tony\AppData\Local\{FE2575D4-938B-463C-BF48-D19364A6D836} -> [2012/04/13 23:07:00 | 000,000,000 | ---D | C]
 {8A4A0784-0F59-418C-8478-2D275E9C6465} -> C:\Users\tony\AppData\Local\{8A4A0784-0F59-418C-8478-2D275E9C6465} -> [2012/04/13 23:06:35 | 000,000,000 | ---D | C]
 BFBC2 -> C:\Users\tony\Documents\BFBC2 -> [2012/04/13 21:50:26 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2012/04/12 15:46:11 | 000,000,000 | ---D | C]
 {09197206-9038-4C87-8DB7-80297CE57D43} -> C:\Users\tony\AppData\Local\{09197206-9038-4C87-8DB7-80297CE57D43} -> [2012/04/11 21:05:10 | 000,000,000 | ---D | C]
 {EE623F98-DE60-479A-9B82-70F06740601D} -> C:\Users\tony\AppData\Local\{EE623F98-DE60-479A-9B82-70F06740601D} -> [2012/04/11 21:04:48 | 000,000,000 | ---D | C]
 Yahoo! Search Protection -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Search Protection -> [2012/04/10 20:02:50 | 000,000,000 | ---D | C]
 Yahoo! Messenger -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger -> [2012/04/10 20:01:38 | 000,000,000 | ---D | C]
 {ED0739EE-62DC-436A-A469-15FE30932C28} -> C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28} -> [2012/04/10 19:35:45 | 000,000,000 | ---D | C]
 {A0837905-B61B-4AF9-9C3A-F243CDF7B5A1} -> C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1} -> [2012/04/10 19:35:23 | 000,000,000 | ---D | C]
 ERDNT -> C:\Windows\ERDNT -> [2012/04/10 16:05:55 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2012/04/10 16:05:00 | 000,000,000 | ---D | C]
 obxtony -> C:\Users\tony\Desktop\obxtony -> [2012/04/10 16:04:35 | 000,000,000 | ---D | C]
 {2F066433-5805-4286-8505-D0C0A15E38B4} -> C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4} -> [2012/04/09 19:01:57 | 000,000,000 | ---D | C]
 {C9F53BDD-5E51-4686-B64B-E0D91B5B1C37} -> C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37} -> [2012/04/09 19:01:34 | 000,000,000 | ---D | C]
 {EBC24E23-B1D8-4BD5-9523-7D7914FE002C} -> C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C} -> [2012/04/08 19:19:42 | 000,000,000 | ---D | C]
 {8D606DB7-1713-4A97-9290-21324C7740D7} -> C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7} -> [2012/04/08 19:19:08 | 000,000,000 | ---D | C]
 {D4F5AD0E-3665-4FB0-8FED-9160A54DC115} -> C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115} -> [2012/04/07 21:58:15 | 000,000,000 | ---D | C]
 {3509F9A2-AADA-469F-89F9-7EE2A70EF3A2} -> C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2} -> [2012/04/07 21:57:42 | 000,000,000 | ---D | C]
 MigWiz -> C:\Users\tony\AppData\Local\MigWiz -> [2012/04/07 19:26:12 | 000,000,000 | ---D | C]
 Safer Networking -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking -> [2012/04/07 09:34:17 | 000,000,000 | ---D | C]
 Safer Networking -> C:\Program Files (x86)\Safer Networking -> [2012/04/07 09:34:15 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy -> [2012/04/07 09:12:30 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2012/04/07 09:12:19 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2012/04/07 09:12:19 | 000,000,000 | ---D | C]
 {067C83F3-C17B-4A8B-8ED0-CDC052226BEF} -> C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF} -> [2012/04/06 18:57:06 | 000,000,000 | ---D | C]
 {5EB24990-5AC6-42D9-A311-631507352D3F} -> C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F} -> [2012/04/06 18:56:56 | 000,000,000 | ---D | C]
 calibre -> C:\Users\tony\AppData\Roaming\calibre -> [2012/04/06 14:42:45 | 000,000,000 | ---D | C]
 Calibre2 -> C:\Program Files (x86)\Calibre2 -> [2012/04/06 14:42:25 | 000,000,000 | ---D | C]
 calibre - E-book Management -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management -> [2012/04/06 14:42:25 | 000,000,000 | ---D | C]
 calibre -> C:\Users\tony\Desktop\calibre -> [2012/04/06 14:39:14 | 000,000,000 | ---D | C]
 dds -> C:\Users\tony\Documents\dds -> [2012/04/06 09:37:22 | 000,000,000 | ---D | C]
 {9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7} -> C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7} -> [2012/04/05 20:52:11 | 000,000,000 | ---D | C]
 {EE89EB67-0EC3-4C73-A05F-1989EFD85538} -> C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538} -> [2012/04/05 20:52:01 | 000,000,000 | ---D | C]
 {0FE452DD-D14E-4681-B38D-50BC06F5E0AB} -> C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB} -> [2012/04/05 20:51:23 | 000,000,000 | ---D | C]
 anti virus progs -> C:\Users\tony\Desktop\anti virus progs -> [2012/04/05 20:50:09 | 000,000,000 | ---D | C]
 {6A63525C-CECC-45C8-ADDD-3CFBBB397684} -> C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684} -> [2012/04/05 20:19:52 | 000,000,000 | ---D | C]
 Doctor Web -> C:\Users\tony\Doctor Web -> [2012/04/05 20:19:19 | 000,000,000 | ---D | C]
 Doctor Web -> C:\Program Files\Common Files\Doctor Web -> [2012/04/05 20:15:24 | 000,000,000 | ---D | C]
 WinRAR -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2012/04/05 11:09:29 | 000,000,000 | ---D | C]
 WinRAR -> C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2012/04/05 11:09:28 | 000,000,000 | ---D | C]
 7-Zip -> C:\Program Files (x86)\7-Zip -> [2012/04/05 10:51:04 | 000,000,000 | ---D | C]
 Trojan Remover -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover -> [2012/04/04 21:20:19 | 000,000,000 | ---D | C]
 Trojan Remover -> C:\Program Files (x86)\Trojan Remover -> [2012/04/04 21:20:17 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis -> [2012/04/04 20:16:41 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2012/04/04 20:16:38 | 000,000,000 | ---D | C]
 Doctor Web -> C:\ProgramData\Doctor Web -> [2012/04/04 14:11:54 | 000,000,000 | ---D | C]
 {05CDD276-D8EB-470D-BEEE-5F884B7CD010} -> C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010} -> [2012/04/04 14:00:09 | 000,000,000 | ---D | C]
 {AE25F25F-56DB-45D6-8383-20B62CA3C443} -> C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443} -> [2012/04/04 13:59:33 | 000,000,000 | ---D | C]
 FileTypeAssistant -> C:\Users\tony\AppData\Local\FileTypeAssistant -> [2012/04/03 20:43:19 | 000,000,000 | ---D | C]
 File Type Assistant -> C:\Program Files (x86)\File Type Assistant -> [2012/04/03 20:42:07 | 000,000,000 | ---D | C]
 {43822405-A0B3-48A8-A2D8-F9FA6492E5D9} -> C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9} -> [2012/04/03 18:37:40 | 000,000,000 | ---D | C]
 {9B47A818-941C-4DBB-9E95-CAF8FCA90AF4} -> C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4} -> [2012/04/03 18:37:15 | 000,000,000 | ---D | C]
 en -> C:\Windows\en -> [2012/04/03 18:31:11 | 000,000,000 | ---D | C]
 fssfltr.sys -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2012/04/03 18:27:06 | 000,048,488 | ---- | C] (Microsoft Corporation)
 Windows Live -> C:\Program Files (x86)\Windows Live -> [2012/04/03 18:27:04 | 000,000,000 | ---D | C]
 antiphishing-vmninternethelper1_1dn -> C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn -> [2012/04/03 17:51:00 | 000,000,000 | ---D | C]
 Anti-phishing Domain Advisor -> C:\ProgramData\Anti-phishing Domain Advisor -> [2012/04/03 17:49:47 | 000,000,000 | ---D | C]
 DoctorWeb -> C:\Users\tony\DoctorWeb -> [2012/04/03 14:07:27 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/04/03 13:18:46 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation)
 AVG2012 -> C:\Users\tony\AppData\Roaming\AVG2012 -> [2012/04/02 15:36:00 | 000,000,000 | ---D | C]
 AVG -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG -> [2012/04/02 15:34:48 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\SysWow64\drivers\AVG -> [2012/04/02 15:34:47 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\SysNative\drivers\AVG -> [2012/04/02 15:34:16 | 000,000,000 | ---D | C]
 $AVG -> C:\$AVG -> [2012/04/02 15:34:16 | 000,000,000 | ---D | C]
 {8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB} -> C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB} -> [2012/04/02 14:51:43 | 000,000,000 | ---D | C]
 Avast -> C:\Program Files (x86)\Avast -> [2012/04/02 14:19:23 | 000,000,000 | ---D | C]
 Alwil Software -> C:\ProgramData\Alwil Software -> [2012/04/02 12:35:53 | 000,000,000 | ---D | C]
 {A8DB2F49-72AC-4100-AEF6-AF1C4C00B992} -> C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992} -> [2012/04/01 21:30:41 | 000,000,000 | ---D | C]
 InstallShield -> C:\ProgramData\InstallShield -> [2012/04/01 20:21:32 | 000,000,000 | ---D | C]
 exPressit SE3.1 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1 -> [2012/04/01 20:21:29 | 000,000,000 | ---D | C]
 Medea International Ltd -> C:\Program Files (x86)\Medea International Ltd -> [2012/04/01 20:20:57 | 000,000,000 | ---D | C]
 Easy CD & DVD Cover Creator -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator -> [2012/04/01 20:10:05 | 000,000,000 | ---D | C]
 Easy CD & DVD Cover Creator -> C:\Program Files (x86)\Easy CD & DVD Cover Creator -> [2012/04/01 20:10:05 | 000,000,000 | ---D | C]
 {63031E79-5994-47C3-A62B-7E3F16D3BC6B} -> C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B} -> [2012/04/01 13:17:12 | 000,000,000 | ---D | C]
 FlashPlayerInstaller.exe -> C:\Windows\SysWow64\FlashPlayerInstaller.exe -> [2012/04/01 09:22:24 | 008,741,536 | ---- | C] (Adobe Systems Incorporated)
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2012/04/01 08:45:22 | 000,418,464 | ---- | C] (Adobe Systems Incorporated)
 {857B99DD-E471-44B7-9D75-EB93AC8824D3} -> C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3} -> [2012/03/31 21:40:48 | 000,000,000 | ---D | C]
 {2BE6239F-2354-49CF-B5B5-B4C252A1FC21} -> C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21} -> [2012/03/30 16:35:20 | 000,000,000 | ---D | C]
 {9C756B8E-2D97-4233-A6EF-E63260A03254} -> C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254} -> [2012/03/29 13:04:26 | 000,000,000 | ---D | C]
 {446D9E88-128B-449A-BCE0-16FC00C42158} -> C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158} -> [2012/03/28 12:50:23 | 000,000,000 | ---D | C]
 {4F060886-1E38-4688-B88B-F8EC7FF14681} -> C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681} -> [2012/03/27 15:17:57 | 000,000,000 | ---D | C]
 {9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F} -> C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F} -> [2012/03/27 15:17:23 | 000,000,000 | ---D | C]
 Audio Related Programs -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs -> [2012/03/26 19:43:29 | 000,000,000 | ---D | C]
 NCH Software -> C:\Users\tony\AppData\Roaming\NCH Software -> [2012/03/26 19:43:28 | 000,000,000 | ---D | C]
 {AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0} -> C:\Users\tony\AppData\Local\{AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0} -> [2012/03/26 16:00:00 | 000,000,000 | ---D | C]
 {DB4E6178-9220-4CC1-A907-8C4A748864AC} -> C:\Users\tony\AppData\Local\{DB4E6178-9220-4CC1-A907-8C4A748864AC} -> [2012/03/26 15:59:26 | 000,000,000 | ---D | C]
 {E70BEA43-EE38-4B90-A0D0-CC548B418F1E} -> C:\Users\tony\AppData\Local\{E70BEA43-EE38-4B90-A0D0-CC548B418F1E} -> [2012/03/25 13:24:43 | 000,000,000 | ---D | C]
 {C174684F-B933-48DA-9705-55BAD924DFDC} -> C:\Users\tony\AppData\Local\{C174684F-B933-48DA-9705-55BAD924DFDC} -> [2012/03/25 13:24:32 | 000,000,000 | ---D | C]
 {849B5759-7852-4C16-A587-DF56D1150EA5} -> C:\Users\tony\AppData\Local\{849B5759-7852-4C16-A587-DF56D1150EA5} -> [2012/03/24 12:25:14 | 000,000,000 | ---D | C]
 {01FAD4A7-E417-4E09-9764-76CBE8829BDE} -> C:\Users\tony\AppData\Local\{01FAD4A7-E417-4E09-9764-76CBE8829BDE} -> [2012/03/24 12:24:40 | 000,000,000 | ---D | C]
 {A9929552-2911-405F-AA91-9BEA9F27082D} -> C:\Users\tony\AppData\Local\{A9929552-2911-405F-AA91-9BEA9F27082D} -> [2012/03/23 12:01:03 | 000,000,000 | ---D | C]
 {4C5C1DF7-380F-4600-A527-60E56CD5BA2D} -> C:\Users\tony\AppData\Local\{4C5C1DF7-380F-4600-A527-60E56CD5BA2D} -> [2012/03/23 12:00:29 | 000,000,000 | ---D | C]
 {94A1ECFB-DF46-47D2-B106-D853457126AE} -> C:\Users\tony\AppData\Local\{94A1ECFB-DF46-47D2-B106-D853457126AE} -> [2012/03/22 19:54:38 | 000,000,000 | ---D | C]
 {24D3FA49-06C1-44B6-B683-53686ADE2D5F} -> C:\Users\tony\AppData\Local\{24D3FA49-06C1-44B6-B683-53686ADE2D5F} -> [2012/03/22 19:54:04 | 000,000,000 | ---D | C]
 {DF9A6783-B1C2-445D-AD89-C2AB4C6478D0} -> C:\Users\tony\AppData\Local\{DF9A6783-B1C2-445D-AD89-C2AB4C6478D0} -> [2012/03/21 16:26:27 | 000,000,000 | ---D | C]
 {E32EE5AA-30BC-47D4-BC9E-A71A2B8E9136} -> C:\Users\tony\AppData\Local\{E32EE5AA-30BC-47D4-BC9E-A71A2B8E9136} -> [2012/03/21 16:25:54 | 000,000,000 | ---D | C]
 {834ED68F-4F61-465C-B4AC-F1884944BBE2} -> C:\Users\tony\AppData\Local\{834ED68F-4F61-465C-B4AC-F1884944BBE2} -> [2012/03/21 13:45:26 | 000,000,000 | ---D | C]
 {DC935FC3-0C2B-4127-BC0F-7D7E85337B0E} -> C:\Users\tony\AppData\Local\{DC935FC3-0C2B-4127-BC0F-7D7E85337B0E} -> [2012/03/20 22:27:58 | 000,000,000 | ---D | C]
 {4245FF05-0B0E-49B7-A8EB-1CF0F3B774F5} -> C:\Users\tony\AppData\Local\{4245FF05-0B0E-49B7-A8EB-1CF0F3B774F5} -> [2012/03/20 22:27:24 | 000,000,000 | ---D | C]
 {AD552651-31B8-4E97-84C9-C49E8D7D9AC6} -> C:\Users\tony\AppData\Local\{AD552651-31B8-4E97-84C9-C49E8D7D9AC6} -> [2012/03/19 11:01:41 | 000,000,000 | ---D | C]
 {07D25B5A-17C4-4616-AAE1-020AB012BC1B} -> C:\Users\tony\AppData\Local\{07D25B5A-17C4-4616-AAE1-020AB012BC1B} -> [2012/03/19 11:01:07 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/04/17 21:31:00 | 000,000,898 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/04/17 21:22:00 | 000,000,830 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/04/17 18:20:45 | 000,015,792 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/04/17 18:20:45 | 000,015,792 | -H-- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/04/17 17:54:21 | 000,000,894 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/04/17 17:53:52 | 000,000,027 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012/04/17 17:52:02 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/04/17 17:51:14 | 504,688,639 | -HS- | M] ()
 combofix - Shortcut.lnk -> C:\Users\tony\Desktop\combofix - Shortcut.lnk -> [2012/04/17 17:36:16 | 000,014,525 | ---- | M] ()
 incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2012/04/17 15:46:19 | 095,332,207 | ---- | M] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/04/16 21:31:08 | 000,189,248 | ---- | M] ()
 pbsvc_bc2.exe -> C:\Windows\SysWow64\pbsvc_bc2.exe -> [2012/04/16 21:30:59 | 002,434,856 | ---- | M] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2012/04/16 21:30:59 | 000,075,064 | ---- | M] ()
 OriginSetup.exe -> C:\Users\tony\Desktop\OriginSetup.exe -> [2012/04/16 20:49:47 | 035,859,328 | ---- | M] (Electronic Arts, Inc.)
 iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2012/04/16 19:30:43 | 000,624,083 | ---- | M] ()
 iavichjg.avm -> C:\Windows\SysNative\drivers\AVG\iavichjg.avm -> [2012/04/15 19:30:55 | 000,277,357 | ---- | M] ()
 user.js -> C:\user.js -> [2012/04/15 12:38:34 | 000,000,447 | ---- | M] ()
 Steam.lnk -> C:\Users\Public\Desktop\Steam.lnk -> [2012/04/15 09:47:59 | 000,000,919 | ---- | M] ()
 SteamInstall.msi -> C:\Users\tony\Desktop\SteamInstall.msi -> [2012/04/14 13:50:08 | 001,588,224 | ---- | M] ()
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2012/04/13 21:50:35 | 000,270,904 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2012/04/13 21:22:54 | 000,418,464 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2012/04/13 21:22:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerInstaller.exe -> C:\Windows\SysWow64\FlashPlayerInstaller.exe -> [2012/04/13 21:22:50 | 008,741,536 | ---- | M] (Adobe Systems Incorporated)
 Yahoo! Messenger.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,165 | ---- | M] ()
 Yahoo! Messenger.lnk -> C:\Users\Public\Desktop\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,141 | ---- | M] ()
 dt.dat -> C:\Users\tony\AppData\Local\dt.dat -> [2012/04/10 19:05:30 | 000,017,407 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/04/09 19:12:32 | 000,001,115 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/04/08 09:31:47 | 000,726,444 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/04/08 09:31:47 | 000,628,414 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/04/08 09:31:47 | 000,110,598 | ---- | M] ()
 PnkBstrB.ex0 -> C:\Windows\SysWow64\PnkBstrB.ex0 -> [2012/04/07 16:24:06 | 000,283,304 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,288 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,264 | ---- | M] ()
 calibre - E-book management.lnk -> C:\Users\Public\Desktop\calibre - E-book management.lnk -> [2012/04/06 14:42:36 | 000,000,962 | ---- | M] ()
 GetValue.vbs -> C:\Users\tony\AppData\Roaming\GetValue.vbs -> [2012/04/04 20:39:39 | 000,000,691 | ---- | M] ()
 SetValue.bat -> C:\Users\tony\AppData\Roaming\SetValue.bat -> [2012/04/04 20:39:39 | 000,000,035 | ---- | M] ()
 ars.cache -> C:\Users\tony\AppData\Local\ars.cache -> [2012/04/04 20:04:08 | 000,150,880 | ---- | M] ()
 housecall.guid.cache -> C:\Users\tony\AppData\Local\housecall.guid.cache -> [2012/04/04 18:56:35 | 000,000,036 | ---- | M] ()
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation)
 ia_remove.sh -> C:\Users\tony\ia_remove.sh -> [2012/04/03 17:22:48 | 000,008,409 | ---- | M] ()
 iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2012/04/02 15:59:01 | 000,000,000 | ---- | M] ()
 AVG 2012.lnk -> C:\Users\Public\Desktop\AVG 2012.lnk -> [2012/04/02 15:34:48 | 000,000,967 | ---- | M] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | M] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | M] ()
 config.nt -> C:\Windows\SysWow64\config.nt -> [2012/04/02 14:58:36 | 000,000,000 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2012/04/02 13:14:05 | 000,001,256 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/04/02 09:11:45 | 000,348,088 | ---- | M] ()
 Express Burn Disc Burning Software.lnk -> C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk -> [2012/03/26 19:43:28 | 000,001,196 | ---- | M] ()
 RapportKE64.sys -> C:\Windows\SysNative\drivers\RapportKE64.sys -> [2012/03/26 15:45:32 | 000,101,360 | ---- | M] (Trusteer Ltd.)
 
[Files - No Company Name]
 combofix - Shortcut.lnk -> C:\Users\tony\Desktop\combofix - Shortcut.lnk -> [2012/04/17 17:36:16 | 000,014,525 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2012/04/17 16:21:59 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2012/04/17 16:21:59 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2012/04/17 16:21:59 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2012/04/17 16:21:59 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2012/04/17 16:21:59 | 000,068,096 | ---- | C] ()
 incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2012/04/17 15:46:19 | 095,332,207 | ---- | C] ()
 iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2012/04/16 19:30:43 | 000,624,083 | ---- | C] ()
 iavichjg.avm -> C:\Windows\SysNative\drivers\AVG\iavichjg.avm -> [2012/04/15 19:30:55 | 000,277,357 | ---- | C] ()
 user.js -> C:\user.js -> [2012/04/15 12:38:33 | 000,000,447 | ---- | C] ()
 Steam.lnk -> C:\Users\Public\Desktop\Steam.lnk -> [2012/04/15 09:47:59 | 000,000,919 | ---- | C] ()
 SteamInstall.msi -> C:\Users\tony\Desktop\SteamInstall.msi -> [2012/04/14 13:50:04 | 001,588,224 | ---- | C] ()
 Yahoo! Messenger.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,165 | ---- | C] ()
 Yahoo! Messenger.lnk -> C:\Users\Public\Desktop\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,141 | ---- | C] ()
 dt.dat -> C:\Users\tony\AppData\Local\dt.dat -> [2012/04/10 19:05:30 | 000,017,407 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/04/09 19:12:32 | 000,001,115 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,288 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,264 | ---- | C] ()
 calibre - E-book management.lnk -> C:\Users\Public\Desktop\calibre - E-book management.lnk -> [2012/04/06 14:42:36 | 000,000,962 | ---- | C] ()
 GetValue.vbs -> C:\Users\tony\AppData\Roaming\GetValue.vbs -> [2012/04/04 20:39:39 | 000,000,691 | ---- | C] ()
 SetValue.bat -> C:\Users\tony\AppData\Roaming\SetValue.bat -> [2012/04/04 20:39:39 | 000,000,035 | ---- | C] ()
 swsc.exe -> C:\Windows\SysWow64\swsc.exe -> [2012/04/04 20:36:41 | 000,040,960 | ---- | C] ()
 ars.cache -> C:\Users\tony\AppData\Local\ars.cache -> [2012/04/04 20:04:08 | 000,150,880 | ---- | C] ()
 housecall.guid.cache -> C:\Users\tony\AppData\Local\housecall.guid.cache -> [2012/04/04 18:56:35 | 000,000,036 | ---- | C] ()
 Windows Live Movie Maker.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> [2012/04/03 18:29:01 | 000,001,307 | ---- | C] ()
 Windows Live Photo Gallery.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> [2012/04/03 18:28:47 | 000,001,376 | ---- | C] ()
 Windows Live Mail.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> [2012/04/03 18:28:26 | 000,001,460 | ---- | C] ()
 Windows Live Messenger.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> [2012/04/03 18:28:10 | 000,002,488 | ---- | C] ()
 Chat Messenger.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chat Messenger.lnk -> [2012/04/03 17:50:49 | 000,001,179 | ---- | C] ()
 ia_remove.sh -> C:\Users\tony\ia_remove.sh -> [2012/04/03 17:22:48 | 000,008,409 | ---- | C] ()
 iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2012/04/02 15:59:01 | 000,000,000 | ---- | C] ()
 AVG 2012.lnk -> C:\Users\Public\Desktop\AVG 2012.lnk -> [2012/04/02 15:34:48 | 000,000,967 | ---- | C] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | C] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | C] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/04/01 08:45:24 | 000,000,830 | ---- | C] ()
 Express Burn Disc Burning Software.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk -> [2012/03/26 19:43:28 | 000,001,208 | ---- | C] ()
 Express Burn Disc Burning Software.lnk -> C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk -> [2012/03/26 19:43:28 | 000,001,196 | ---- | C] ()
 ativvsvl.dat -> C:\Windows\SysWow64\ativvsvl.dat -> [2012/02/15 03:36:36 | 000,204,952 | ---- | C] ()
 ativvsva.dat -> C:\Windows\SysWow64\ativvsva.dat -> [2012/02/15 03:36:36 | 000,157,144 | ---- | C] ()
 OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2012/02/14 23:05:16 | 000,054,784 | ---- | C] ()
 kdbsdk32.dll -> C:\Windows\SysWow64\kdbsdk32.dll -> [2012/01/31 07:00:24 | 000,016,896 | ---- | C] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/01/11 21:39:47 | 000,189,248 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011/09/13 00:06:16 | 000,003,917 | ---- | C] ()
 GhostObjGAFix.xml -> C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml -> [2011/08/23 18:59:11 | 000,001,854 | ---- | C] ()
 ztvunrar36.dll -> C:\Windows\SysWow64\ztvunrar36.dll -> [2011/07/15 12:25:23 | 000,162,304 | ---- | C] ()
 unrar3.dll -> C:\Windows\SysWow64\unrar3.dll -> [2011/07/15 12:25:23 | 000,153,088 | ---- | C] ()
 ztvunace26.dll -> C:\Windows\SysWow64\ztvunace26.dll -> [2011/07/15 12:25:23 | 000,077,312 | ---- | C] ()
 unacev2.dll -> C:\Windows\SysWow64\unacev2.dll -> [2011/07/15 12:25:23 | 000,075,264 | ---- | C] ()
 mlfcache.dat -> C:\Windows\SysWow64\mlfcache.dat -> [2011/07/07 18:40:34 | 000,145,704 | -H-- | C] ()
 MusiccityDownload.exe -> C:\Windows\MusiccityDownload.exe -> [2011/04/27 14:19:32 | 000,030,568 | ---- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2011/04/14 19:39:27 | 000,000,376 | ---- | C] ()
 cis-2.4.dll -> C:\Windows\SysWow64\cis-2.4.dll -> [2011/01/04 17:10:56 | 000,974,848 | ---- | C] ()
 issacapi_bs-2.3.dll -> C:\Windows\SysWow64\issacapi_bs-2.3.dll -> [2011/01/04 17:10:56 | 000,081,920 | ---- | C] ()
 issacapi_pe-2.3.dll -> C:\Windows\SysWow64\issacapi_pe-2.3.dll -> [2011/01/04 17:10:56 | 000,065,536 | ---- | C] ()
 issacapi_se-2.3.dll -> C:\Windows\SysWow64\issacapi_se-2.3.dll -> [2011/01/04 17:10:56 | 000,057,344 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2010/12/02 17:23:54 | 000,815,104 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2010/12/02 17:23:54 | 000,180,224 | ---- | C] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2010/10/18 12:59:49 | 000,000,086 | ---- | C] ()
 WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/09/06 10:11:58 | 000,000,193 | ---- | C] ()
 LogiDPP.dll -> C:\Windows\SysWow64\LogiDPP.dll -> [2010/07/27 08:03:20 | 010,829,656 | ---- | C] ()
 LogiDPPApp.exe -> C:\Windows\SysWow64\LogiDPPApp.exe -> [2010/07/27 08:03:20 | 000,102,744 | ---- | C] ()
 DevManagerCore.dll -> C:\Windows\SysWow64\DevManagerCore.dll -> [2010/07/27 08:03:18 | 000,290,648 | ---- | C] ()
 _MSRSTRT.EXE -> C:\Windows\_MSRSTRT.EXE -> [2010/07/20 13:31:23 | 000,002,560 | ---- | C] ()
 pbsvc_bc2.exe -> C:\Windows\SysWow64\pbsvc_bc2.exe -> [2010/05/23 18:57:31 | 002,434,856 | ---- | C] ()
 pbsvc.exe -> C:\Windows\SysWow64\pbsvc.exe -> [2010/05/09 18:03:08 | 001,957,672 | ---- | C] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2010/05/09 18:03:08 | 000,075,064 | ---- | C] ()
 wklnhst.dat -> C:\Users\tony\AppData\Roaming\wklnhst.dat -> [2010/04/27 18:40:00 | 000,000,620 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
< End of report >
```


----------



## obxtony (Aug 17, 2008)

eset I HOPE!!!
C:\Downloads\desktop\715032 a variant of Win32/Soft32Downloader.A application
C:\Downloads\Software\715032 a variant of Win32/Soft32Downloader.A application
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir a variant of Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient_2.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\dropdowndealssetup-silentinstaller.exe probably a variant of Win32/Adware.NHHMTKI application
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDownloader_for_calibre.exe Win32/SoftonicDownloader.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe Win32/SoftonicDownloader.D application
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\drivers\etc\hosts Win32/Qhost trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\Process.exe Win32/PrcView application
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller.exe probably a variant of Win32/Adware.NHHMTKI application
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller[1].exe probably a variant of Win32/Adware.NHHMTKI application
C:\Users\tony\Desktop\unused desktops\asc-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\tony\Desktop\unused desktops\imf-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\tony\Downloads\Steam.exe MSIL/Solimba application
C:\_OTL\MovedFiles\04122012_154611\C_Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
F:\TONY-PC\Backup Set 2012-04-07 183321\Backup Files 2012-04-07 183321\Backup files 10.zip multiple threats
F:\TONY-PC\Backup Set 2012-04-08 203605\Backup Files 2012-04-08 203605\Backup files 10.zip multiple threats
F:\TONY-PC\Backup Set 2012-04-14 212348\Backup Files 2012-04-14 212348\Backup files 10.zip MSIL/Solimba application
F:\TONY-PC\Backup Set 2012-04-14 212348\Backup Files 2012-04-14 212348\Backup files 8.zip multiple threats


----------



## obxtony (Aug 17, 2008)

I EAGERLY await your next command Obiwan


----------



## obxtony (Aug 17, 2008)

It takes exactly 4 mins and 10 seconds to boot up my pc to where I can get on the net!!


----------



## obxtony (Aug 17, 2008)

Just thought I would run a mbam scan again...LOOK what it found!!
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.19.02
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-PC [administrator]
19/04/2012 16:31:37
mbam-log-2012-04-19 (18-08-46).txt
Scan type: Full scan
Scan options enabled: Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | P2P
Objects scanned: 502854
Time elapsed: 1 hour(s), 19 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 44
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDownloader_for_calibre.exe (PUP.ToolbarDownloader) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe (PUP.MyWebSearch) -> No action taken.
(end)


----------



## eddie5659 (Mar 19, 2001)

Okay, first OTS 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\[email protected]_0c.com -> C:\PROGRAM FILES (X86)\MAPS4PC_0C\BAR\1.BIN
YY -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Alternate Data Streams]
NY -> @Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix.  Post that information back here

=======================

Eset:

Most of those are actually already removed. Qoobox is Combofix's quarintine folder, so we'll be removing them all soon 

C:\Downloads\desktop\715032
C:\Downloads\Software\715032

I have a feeling this is one of the tools we've used, with a random number. However, we can check it just to be sure.

So, if you want to run Systemlook as follows:


```
:file
C:\Downloads\desktop\715032
C:\Downloads\Software\715032
C:\Windows\SysNative\drivers\AVer888RC_64.sys
C:\Windows\SysNative\drivers\AVer888RCIR_64.sys
C:\Windows\system32\drivers\dw_wfp.sys
C:\Program Files (x86)\DrWeb\dwservice.exe
C:\Program Files (x86)\DrWeb\dwnetfilter.exe
:filefind
*FunWeb*
:folderfind
*FunWeb*
:regfind
*FunWeb*
```
And post the log.

=============================

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDownloader_for_calibre.exe
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\dropdowndealssetup-silentinstaller.exe
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller.exe
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller[1].exe
C:\Users\tony\Desktop\unused desktops\asc-setup.exe
C:\Users\tony\Desktop\unused desktops\imf-setup.exe

we'll remove, and I've added some to the SystemLook above 

not sure what are in these:

F:\TONY-PC\Backup Set 2012-04-07 183321\Backup Files 2012-04-07 183321\Backup files 10.zip multiple threats
F:\TONY-PC\Backup Set 2012-04-08 203605\Backup Files 2012-04-08 203605\Backup files 10.zip multiple threats
F:\TONY-PC\Backup Set 2012-04-14 212348\Backup Files 2012-04-14 212348\Backup files 10.zip MSIL/Solimba application
F:\TONY-PC\Backup Set 2012-04-14 212348\Backup Files 2012-04-14 212348\Backup files 8.zip multiple threats

But you may want to run a scan on each zip. Were these the backups before you started removing the malware?

--------

MBAM:

Again, Eset found most of them already, of which I explained above 

--------

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

--------------

so, removing the files found:

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDownloader_for_calibre.exe
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\dropdowndealssetup-silentinstaller.exe
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller.exe
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller[1].exe
C:\Users\tony\Desktop\unused desktops\asc-setup.exe
C:\Users\tony\Desktop\unused desktops\imf-setup.exe
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

========================

eddie


----------



## obxtony (Aug 17, 2008)

OTS!!
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_0c.com deleted successfully.
File C:\PROGRAM FILES (X86)\MAPS4PC_0C\BAR\1.BIN not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
[Alternate Data Streams]
Unable to delete ADS C:\Users\ .
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 04192012_204731


----------



## obxtony (Aug 17, 2008)

the files in drive F are on my backup spare hard drive which I have now disconnected and shall reformat to make sure it is clean!


----------



## obxtony (Aug 17, 2008)

first lot
SystemLook 30.07.11 by jpshortstuff
Log created at 20:50 on 19/04/2012 by tony
Administrator - Elevation successful
========== file ==========
C:\Downloads\desktop\715032 - File found and opened.
MD5: F018F4DE3EFFBD3961F010DCE7C222BA
Created at 17:04 on 03/04/2012
Modified at 17:04 on 03/04/2012
Size: 575288 bytes
Attributes: --a----
FileDescription: 
FileVersion: 1.0.0.309
ProductVersion: 1.0.0.0
OriginalFilename: 
InternalName: 
ProductName: 
CompanyName: 
LegalCopyright: 
Comments: 
C:\Downloads\Software\715032 - File found and opened.
MD5: F018F4DE3EFFBD3961F010DCE7C222BA
Created at 17:06 on 03/04/2012
Modified at 17:06 on 03/04/2012
Size: 575288 bytes
Attributes: --a----
FileDescription: 
FileVersion: 1.0.0.309
ProductVersion: 1.0.0.0
OriginalFilename: 
InternalName: 
ProductName: 
CompanyName: 
LegalCopyright: 
Comments: 
C:\Windows\SysNative\drivers\AVer888RC_64.sys - Unable to find/read file.
C:\Windows\SysNative\drivers\AVer888RCIR_64.sys - Unable to find/read file.
C:\Windows\system32\drivers\dw_wfp.sys - Unable to find/read file.
C:\Program Files (x86)\DrWeb\dwservice.exe - Unable to find/read file.
C:\Program Files (x86)\DrWeb\dwnetfilter.exe - Unable to find/read file.
========== filefind ==========
Searching for "*FunWeb*"
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip --a---- 569 bytes [15:30 19/04/2012] [15:30 19/04/2012] 94D6F584A0BE5156C7DEF72ED95E3C71
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip --a---- 617 bytes [15:30 19/04/2012] [15:30 19/04/2012] 32C664CF300CCB22973A66261DB8346C
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip --a---- 618 bytes [15:30 19/04/2012] [15:30 19/04/2012] 7880F0CE86AE075FDD11F2BF675395F0
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip --a---- 587 bytes [15:30 19/04/2012] [15:30 19/04/2012] 826763AE5BDF093134082BEDFEDDFE0F
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip --a---- 617 bytes [15:30 19/04/2012] [15:30 19/04/2012] CE700B38E9443BC2C51A690A91B2B479
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip --a---- 594 bytes [15:30 19/04/2012] [15:30 19/04/2012] 202BFCB8EC86FD1CC0522E201EB62600
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip --a---- 618 bytes [15:30 19/04/2012] [15:30 19/04/2012] 2801A2F1DC1FF7A7AB23EB8153A392B8
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip --a---- 564 bytes [15:30 19/04/2012] [15:30 19/04/2012] 5DFE1CFC6F3F5CC88A2A2B24D6E6718C
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip --a---- 612 bytes [15:30 19/04/2012] [15:30 19/04/2012] 42DE90D9E3A6D2B78E2B381F5D8653FF
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip --a---- 567 bytes [15:30 19/04/2012] [15:30 19/04/2012] 5DD9D21D67EA6C4E6B31C479CC1131AB
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip --a---- 619 bytes [15:30 19/04/2012] [15:30 19/04/2012] DCF2EB6C0ACE80A5C8DADC78261406EC
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip --a---- 568 bytes [15:30 19/04/2012] [15:30 19/04/2012] BF28CF8B5A8F2CBA9CA7532208FFDB33
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip --a---- 617 bytes [15:30 19/04/2012] [15:30 19/04/2012] 1E805DB14E75006C07FB7FBEDFEB2CB0
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip --a---- 573 bytes [15:30 19/04/2012] [15:30 19/04/2012] 998DAB8EFAB61358CC1CA2BE8D818207
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip --a---- 619 bytes [15:30 19/04/2012] [15:30 19/04/2012] 8682FAC049D7C47BAD2E82D84950C151
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts.zip --a---- 569 bytes [15:30 19/04/2012] [15:30 19/04/2012] 94D6F584A0BE5156C7DEF72ED95E3C71
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip --a---- 617 bytes [15:30 19/04/2012] [15:30 19/04/2012] 32C664CF300CCB22973A66261DB8346C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip --a---- 618 bytes [15:30 19/04/2012] [15:30 19/04/2012] 7880F0CE86AE075FDD11F2BF675395F0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip --a---- 587 bytes [15:30 19/04/2012] [15:30 19/04/2012] 826763AE5BDF093134082BEDFEDDFE0F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip --a---- 617 bytes [15:30 19/04/2012] [15:30 19/04/2012] CE700B38E9443BC2C51A690A91B2B479
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip --a---- 594 bytes [15:30 19/04/2012] [15:30 19/04/2012] 202BFCB8EC86FD1CC0522E201EB62600
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip --a---- 618 bytes [15:30 19/04/2012] [15:30 19/04/2012] 2801A2F1DC1FF7A7AB23EB8153A392B8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip --a---- 564 bytes [15:30 19/04/2012] [15:30 19/04/2012] 5DFE1CFC6F3F5CC88A2A2B24D6E6718C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip --a---- 612 bytes [15:30 19/04/2012] [15:30 19/04/2012] 42DE90D9E3A6D2B78E2B381F5D8653FF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip --a---- 567 bytes [15:30 19/04/2012] [15:30 19/04/2012] 5DD9D21D67EA6C4E6B31C479CC1131AB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip --a---- 619 bytes [15:30 19/04/2012] [15:30 19/04/2012] DCF2EB6C0ACE80A5C8DADC78261406EC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip --a---- 568 bytes [15:30 19/04/2012] [15:30 19/04/2012] BF28CF8B5A8F2CBA9CA7532208FFDB33
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip --a---- 617 bytes [15:30 19/04/2012] [15:30 19/04/2012] 1E805DB14E75006C07FB7FBEDFEB2CB0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip --a---- 573 bytes [15:30 19/04/2012] [15:30 19/04/2012] 998DAB8EFAB61358CC1CA2BE8D818207
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip --a---- 619 bytes [15:30 19/04/2012] [15:30 19/04/2012] 8682FAC049D7C47BAD2E82D84950C151
========== folderfind ==========
Searching for "*FunWeb*"
C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts d------ [15:33 17/04/2012]
C:\Users\tony\AppData\LocalLow\FunWebProducts d-a---- [21:01 19/03/2010]
========== regfind ==========
Searching for "*FunWeb*"
No data found.
-= EOF =-


----------



## obxtony (Aug 17, 2008)

2nd lot for syslook!
SystemLook 30.07.11 by jpshortstuff
Log created at 21:00 on 19/04/2012 by tony
Administrator - Elevation successful
No Context: C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll
No Context: C:\Program Files (x86)\Windows Live\Messenger\riched20.dll
No Context: C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDown loader_for_calibre.exe
No Context: C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\dropdowndealssetup-silentinstaller.exe
No Context: C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe
No Context: C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe
No Context: C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller.exe
No Context: C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller[1].exe
No Context: C:\Users\tony\Desktop\unused desktops\asc-setup.exe
No Context: C:\Users\tony\Desktop\unused desktops\imf-setup.exe
-= EOF =-


----------



## obxtony (Aug 17, 2008)

security check
Results of screen317's Security Check version 0.99.32 
Windows 7 x64 *(UAC is disabled!)* 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Disabled! 
AVG PC Tuneup 
ESET Online Scanner v3 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Spybot - Search & Destroy 
Trojan Remover 6.8.3 
AVG PC Tuneup 
Java(TM) 6 Update 26 
*Java version out of date!* 
Adobe Reader 9 *Adobe Reader out of date!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
AVG avgwdsvc.exe 
AVG avgtray.exe 
*``````````End of Log````````````*


----------



## obxtony (Aug 17, 2008)

OTM
All processes killed
========== FILES ==========
File/Folder C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll not found.
File/Folder C:\Program Files (x86)\Windows Live\Messenger\riched20.dll not found.
File/Folder C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDownloader_for_calibre.exe not found.
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\dropdowndealssetup-silentinstaller.exe moved successfully.
File/Folder C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe not found.
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe moved successfully.
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller.exe moved successfully.
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller[1].exe moved successfully.
C:\Users\tony\Desktop\unused desktops\asc-setup.exe moved successfully.
C:\Users\tony\Desktop\unused desktops\imf-setup.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tony
->Temp folder emptied: 2402864 bytes
->Temporary Internet Files folder emptied: 535927982 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3588 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73014 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 1194 bytes

Total Files Cleaned = 513.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: tony
->Flash cache emptied: 456 bytes

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 04192012_210656


----------



## obxtony (Aug 17, 2008)

You do realise that you have lost me COMPLETELY!! well after the first page that is lol
Hope we are nearly there!:up:


----------



## obxtony (Aug 17, 2008)

ok Rebooted ( normal 4 mins +!)Cant see much change Im afraid still taking forever to get on Explorer


----------



## eddie5659 (Mar 19, 2001)

Well, although I lost you a few steps back, we're 99% there with the removal of the malware. We'll also speed up the startup, once its all done 

Now, for the following files, they were from an earlier date from when we started on this thread, so can you uplaod them to the same place as before:

*C:\Downloads\desktop\715032
C:\Downloads\Software\715032*

http://thespykiller.co.uk/index.php/topic,9920.0.html

Just reply to the thread, and post it there 

------------

Now, lets remove this. Using OTM as before, can you run it as follows:


 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Users\tony\AppData\LocalLow\FunWebProducts
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

----------
Your Java is also out of date, so lets get that sorted as well:








Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. *NOT supported for use in 9x or ME*

*Upgrade Java* : (64 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 3 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Check the box that says: "*Accept License Agreement.*".
Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u3-windows-x64.exe* and select "Run as an Administrator.")

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files

OK out of all the screens. 

--------------
eddie


----------



## obxtony (Aug 17, 2008)

Edie HELP!!I am trying to upload the files but keep getting the Message Virus found.the description is as follows;evansacc.co.cc/main.php?page = 87530969e400fef2exploit blackhole exploit kit type (2150)Found in c:\Programme Files (x86) Internet explorer\Iexplorer.exe process id:8132.


----------



## obxtony (Aug 17, 2008)

OTM files!!
Had a hard time getting IE to boot up! but ok now...whew!:up:
All processes killed
========== FILES ==========
C:\Users\tony\AppData\LocalLow\FunWebProducts\Shared\Cache folder moved successfully.
C:\Users\tony\AppData\LocalLow\FunWebProducts\Shared folder moved successfully.
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache folder moved successfully.
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr folder moved successfully.
C:\Users\tony\AppData\LocalLow\FunWebProducts folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tony
->Temp folder emptied: 8315785 bytes
->Temporary Internet Files folder emptied: 409661252 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5366 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77634 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 52243631 bytes

Total Files Cleaned = 449.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: tony
->Flash cache emptied: 456 bytes

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 04222012_102301
Files moved on Reboot...
C:\Users\tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12S7G9WJ\ck[1].htm moved successfully.
Registry entries deleted on Reboot...


----------



## obxtony (Aug 17, 2008)

Java DONE!


----------



## eddie5659 (Mar 19, 2001)

Got the files 

Looking at them now, but you said you got this:



> Edie HELP!!I am trying to upload the files but keep getting the Message Virus found.the description is as follows;evansacc.co.cc/main.php?page = 87530969e400fef2exploit blackhole exploit kit type (2150)Found in c:\Programme Files (x86) Internet explorer\Iexplorer.exe process id:8132.


Is that at the site you were uploading to? Where was the error message coming from, antivirus or elsewhere?


----------



## obxtony (Aug 17, 2008)

came from AVG when I was trying to upload the 2 files.


----------



## obxtony (Aug 17, 2008)

sorry edie have to go now need my meds bad. hope to chat tomorrow?and thank you so very much againTony


----------



## eddie5659 (Mar 19, 2001)

No problem, been away most of the weekend, so playing catchup.

I'll look at the replies either tonight or tomorrow, but the file is not bad. Just an installer, so we'll remove those later


----------



## eddie5659 (Mar 19, 2001)

Okay, so far so good. Most of the malware has gone, more likely all of it.

However, you're saying that its taking a while for the internet, so can you run this for me:

Please download *Farbar Service Scanner* and run it on the computer with the issue.
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

-------

Also, can you re-run OTL again, and just click the Quick Scan button. Only one log will be produced, so if you can copy/paste that, we'll trim some of the startup programs, to help it speed up.

Also, can you use these:

Download *TFC* to your desktop 

Open the file and close any other windows. 
It *will close all programs itself* when run, make sure to let it run uninterrupted. 
Click the Start button to begin the process. The program should not take long to finish its job 
Once its finished it should *reboot your machine*, if not, do this yourself to ensure a complete clean

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

---------------

eddie


----------



## obxtony (Aug 17, 2008)

FBAR!!

Farbar Service Scanner Version: 16-04-2012
Ran by tony (administrator) on 23-04-2012 at 21:36:02
Running from "C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQVBOHC6"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy: 
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy: 
============================

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-06-14 20:13] - [2011-04-25 06:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 01:36] - [2009-07-14 02:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## obxtony (Aug 17, 2008)

OTL!!
OTL logfile created on: 23/04/2012 21:38:01 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 58.70% Memory free
11.92 Gb Paging File | 8.80 Gb Available in Paging File | 73.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 981.07 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 21:35:39 | 000,337,325 | ---- | M] () -- C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQVBOHC6\FSS.exe
PRC - [2012/04/17 09:04:02 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/16 21:31:08 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/04/16 21:30:59 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/10 21:46:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL.exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2011/12/04 18:38:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/23 21:35:39 | 000,337,325 | ---- | M] () -- C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQVBOHC6\FSS.exe
MOD - [2012/04/22 10:34:08 | 000,115,137 | ---- | M] () -- C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/06/15 10:42:24 | 001,206,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6989a7f98486e07c8853a1cbac0b018b\System.Management.ni.dll
MOD - [2011/06/15 10:41:24 | 000,760,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\2b64b354c9d774b00e34a38ca2f2bbf5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/15 10:41:13 | 001,777,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cda290604367dfed56f629590d9b247f\System.Xaml.ni.dll
MOD - [2011/06/14 20:42:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\443b11b528455611c7549b56349a56eb\System.Runtime.Remoting.ni.dll
MOD - [2011/06/14 20:42:12 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll
MOD - [2011/06/14 20:42:07 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll
MOD - [2011/06/14 20:41:53 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93e867e55d7df3a8b4bd1aba3af6f18d\WindowsBase.ni.dll
MOD - [2011/06/14 20:41:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll
MOD - [2011/06/14 20:41:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll
MOD - [2011/06/14 20:41:46 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll
MOD - [2011/06/14 20:41:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/06/14 20:22:41 | 017,640,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3301988e8bf82eb201a369b200a62aff\PresentationFramework.ni.dll
MOD - [2011/06/14 20:22:31 | 011,059,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1e7c8398208782f3052122e52ab5f811\PresentationCore.ni.dll
MOD - [2011/06/14 20:22:28 | 013,083,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1af7f78f2e767951259c73e1a1a94627\System.Windows.Forms.ni.dll
MOD - [2011/06/14 20:22:21 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7256c72bca2e8230e59ce69b426f4e80\PresentationFramework.Aero.ni.dll
MOD - [2011/06/14 20:22:12 | 007,029,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4fdda3a7262d4e7a6a6efb4ae2d8629b\System.Core.ni.dll
MOD - [2011/06/14 20:22:09 | 005,577,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\17e40bc51087ecebc2a73dca2a192182\System.Xml.ni.dll
MOD - [2011/06/14 20:22:09 | 003,783,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\219da7501f7f0b9129a781bad64b4079\WindowsBase.ni.dll
MOD - [2011/06/14 20:22:08 | 001,651,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a315406b55b1be4a462e2a0b33c4ad13\System.Drawing.ni.dll
MOD - [2011/06/14 20:22:06 | 009,027,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\795237f85cf5c8ff5a0499604698be19\System.ni.dll
MOD - [2011/05/14 20:32:50 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\658bbc023e2f4f4e802be9483e988373\mscorlib.ni.dll
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/16 21:31:08 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/04/16 21:30:59 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/17 09:04:20 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/04/17 09:04:20 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb118?a=6PQusNkZzZ&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {48D14A8B-A71C-4488-B15E-49830036293C}
IE - HKCU\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb118/?search={searchTerms}&loc=IB_DS&a=6PQusNkZzZ&i=26
IE - HKCU\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/15 12:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 10:23:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [HanPurple] C:\Users\tony\AppData\Local\HanPurple\nvdhuqgj.dll (CyberLink Corp.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9:*64bit:* - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8BB1216-68BF-461B-AEAC-74DC30A29905}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/07 14:22:00 | 068,472,672 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 00:24:21 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/09/09 20:35:07 | 000,206,657 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 00:24:21 | 000,000,144 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 18:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/23 18:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/04/23 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{528E58D0-C36B-4A6F-B29F-CB303B6D12E9}
[2012/04/23 15:25:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{854E8797-43D3-4D07-AFBC-5E2D9FF8A4A2}
[2012/04/23 15:13:32 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{7A0C5E06-D08F-4B38-91C1-ECD1DD112EEB}
[2012/04/23 15:05:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6EC5DB70-5F8F-4164-BE84-5AFF2BBB9634}
[2012/04/23 15:05:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{66438BF7-2006-499B-8F09-B62CB9397661}
[2012/04/23 15:04:21 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D48E8083-2053-4A05-9467-B641C3552C5E}
[2012/04/23 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE504197-2ECF-4932-A5E5-D2D029F37073}
[2012/04/23 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A95CAA33-CB33-4894-A1B5-7E36171821CE}
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/22 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\F7
[2012/04/22 13:27:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{18F44574-F541-4DDA-B5F1-0EBB57DA14E3}
[2012/04/22 13:26:59 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{11AAA05F-4BCA-46F0-ADC6-4DB959308822}
[2012/04/22 11:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\HanPurple
[2012/04/19 21:06:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/19 20:47:31 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/04/19 19:56:55 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{063A5750-D12C-4B73-AF1A-26FC58706C2A}
[2012/04/19 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{1EE05C67-83EE-44A2-BE92-8BAC5A8AC9E0}
[2012/04/17 22:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/17 17:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/17 17:43:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 16:21:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 16:21:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 16:21:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/16 20:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/16 20:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/16 20:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/04/15 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212}
[2012/04/15 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3B990DC9-EA51-4864-B87C-6377D261C81F}
[2012/04/15 12:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/04/14 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D0C320BA-AF65-47CD-AC17-D3EEE86B441C}
[2012/04/14 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AC38A120-D29E-485F-97B1-67C9565F99A6}
[2012/04/14 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/04/14 12:43:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Wajam
[2012/04/14 12:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/04/13 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE2575D4-938B-463C-BF48-D19364A6D836}
[2012/04/13 23:06:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8A4A0784-0F59-418C-8478-2D275E9C6465}
[2012/04/13 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\BFBC2
[2012/04/12 15:46:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/11 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{09197206-9038-4C87-8DB7-80297CE57D43}
[2012/04/11 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE623F98-DE60-479A-9B82-70F06740601D}
[2012/04/10 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28}
[2012/04/10 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1}
[2012/04/10 16:05:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 16:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4}
[2012/04/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37}
[2012/04/08 19:19:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C}
[2012/04/08 19:19:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7}
[2012/04/07 21:58:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115}
[2012/04/07 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2}
[2012/04/07 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\MigWiz
[2012/04/07 09:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/04/07 09:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/04/07 09:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/06 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF}
[2012/04/06 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F}
[2012/04/06 14:42:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\calibre
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/04/06 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\calibre
[2012/04/06 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\dds
[2012/04/05 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
[2012/04/05 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
[2012/04/05 20:51:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
[2012/04/05 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\anti virus progs
[2012/04/05 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
[2012/04/05 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\tony\Doctor Web
[2012/04/05 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012/04/05 11:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/04/04 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/04 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/04 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2012/04/04 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
[2012/04/04 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
[2012/04/03 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\FileTypeAssistant
[2012/04/03 20:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/04/03 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
[2012/04/03 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
[2012/04/03 18:31:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/03 18:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/04/03 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/04/03 17:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/04/03 14:07:27 | 000,000,000 | ---D | C] -- C:\Users\tony\DoctorWeb
[2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/04/03 13:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/04/02 15:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/02 15:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/04/02 14:51:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
[2012/04/02 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avast
[2012/04/02 12:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/04/01 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
[2012/04/01 20:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/04/01 20:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1
[2012/04/01 20:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medea International Ltd
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy CD & DVD Cover Creator
[2012/04/01 13:17:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
[2012/03/31 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
[2012/03/30 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21}
[2012/03/29 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254}
[2012/03/28 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158}
[2012/03/27 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681}
[2012/03/27 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F}
[2012/03/26 19:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012/03/26 19:43:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\NCH Software
[2012/03/26 16:00:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0}
[2012/03/26 15:59:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{DB4E6178-9220-4CC1-A907-8C4A748864AC}
[2012/03/25 13:24:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{E70BEA43-EE38-4B90-A0D0-CC548B418F1E}
[2012/03/25 13:24:32 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C174684F-B933-48DA-9705-55BAD924DFDC}

========== Files - Modified Within 30 Days ==========

[2012/04/23 21:35:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 21:35:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 21:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/23 21:25:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/23 21:23:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 21:22:39 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 20:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/23 18:26:55 | 000,001,167 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/23 18:26:55 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/23 11:31:03 | 095,997,857 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/23 11:30:41 | 000,279,598 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/23 09:58:33 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/23 09:58:33 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/23 09:58:33 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/22 18:57:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/22 10:23:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/18 13:57:10 | 000,000,222 | ---- | M] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/04/16 21:31:08 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/16 21:30:59 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/04/16 21:30:59 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/16 19:30:43 | 000,624,083 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/15 12:38:34 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/13 21:50:35 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/10 19:05:30 | 000,017,407 | ---- | M] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 16:24:06 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/07 09:12:31 | 000,001,288 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | M] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | M] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | M] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:04:08 | 000,150,880 | ---- | M] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | M] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 17:22:48 | 000,008,409 | ---- | M] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/02 14:58:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/02 13:14:05 | 000,001,256 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/02 09:11:45 | 000,348,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/26 19:43:28 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk

========== Files Created - No Company Name ==========

[2012/04/23 18:26:55 | 000,001,167 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/23 18:26:55 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/23 11:31:03 | 095,997,857 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/23 11:30:41 | 000,279,598 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/18 13:57:10 | 000,000,222 | ---- | C] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 16:21:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 16:21:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 16:21:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 16:21:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 16:21:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/16 19:30:43 | 000,624,083 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/15 12:38:33 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/10 19:05:30 | 000,017,407 | ---- | C] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | C] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | C] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:36:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/04/04 20:04:08 | 000,150,880 | ---- | C] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | C] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/03 18:29:01 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/03 18:28:47 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/03 18:28:26 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/03 17:22:48 | 000,008,409 | ---- | C] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/01 08:45:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/26 19:43:28 | 000,001,208 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2012/03/26 19:43:28 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/11 21:39:47 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 18:59:11 | 000,001,854 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml
[2011/07/15 12:25:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/07/15 12:25:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2011/07/15 12:25:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/07/15 12:25:23 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/07/07 18:40:34 | 000,145,704 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/14 19:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/02 17:23:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/02 17:23:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/18 12:59:49 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/06 10:11:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/20 13:31:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/23 18:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/09 18:03:08 | 001,957,672 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/09 18:03:08 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/27 18:40:00 | 000,000,620 | ---- | C] () -- C:\Users\tony\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/03/07 21:28:39 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\acccore
[2012/03/03 14:42:12 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\AVG
[2012/04/14 21:09:22 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/02/03 21:43:40 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Azureus
[2012/04/06 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\calibre
[2010/03/26 00:08:27 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/29 11:38:23 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\DriverCure
[2012/04/10 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Free Download Manager
[2010/06/16 06:45:46 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\GetRightToGo
[2012/03/12 22:00:53 | 000,000,000 | -H-D | M] -- C:\Users\tony\AppData\Roaming\ijjigame
[2010/03/26 21:12:17 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Leadertech
[2011/07/30 21:06:58 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Lexmark Productivity Studio
[2010/07/04 22:15:13 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\NeoSoftTools
[2012/03/03 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Origin
[2012/04/10 15:10:08 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Paltalk
[2010/10/17 18:31:03 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Raptr
[2011/09/02 19:54:18 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\RegistryKeys
[2012/02/03 21:43:41 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Samsung
[2011/09/04 13:50:08 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Shareaza
[2012/02/03 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Simply Super Software
[2010/04/07 14:12:37 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Systweak
[2010/04/27 18:40:01 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Template
[2010/03/21 21:24:38 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\The Creative Assembly
[2012/02/03 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Trusteer
[2012/02/14 18:20:02 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\TS3Client
[2011/11/29 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\ts3overlay
[2010/09/15 18:03:55 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\W
[2010/12/23 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\wargaming.net
[2012/03/15 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\WildTangent
[2010/03/20 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\WinBatch
[2012/03/10 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Windows Live Writer
[2011/04/12 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\X5400 Series
[2010/03/25 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\_MDLogs
[2010/07/11 18:28:39 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\Chameleon Monitor-startup-tony.job
[2011/06/30 10:33:04 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/03/19 12:15:36 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
< End of report >


----------



## obxtony (Aug 17, 2008)

Thanks edie.Ill be on tomorrow night if I am ok after the Hospice tomorrow, hate that place!Regards and as always my thenksTony


----------



## obxtony (Aug 17, 2008)

Dying to get back on to play BF3!!
Do I have to uninstall it first? if I do Ill lose all my standings?
Ah me!!


----------



## obxtony (Aug 17, 2008)

Eddie Im having probs with some of my progs, missing .dll files !!can I restore them from my disc?( HP disc came with original machine and has the win 7 bits on I think!!)


----------



## obxtony (Aug 17, 2008)

getting weird things happening when I try and access Widows msn I get a Microsoft Word document come up with loads of hyroglyphics!


----------



## obxtony (Aug 17, 2008)

just about had it with this machine looks like Im gpoing to give it swimming lessons lol


----------



## eddie5659 (Mar 19, 2001)

Hiya

Sorry, was late in from work 

Okay, lets try this first.

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

eddie


----------



## eddie5659 (Mar 19, 2001)

Also, did you know your firewall is disabled? If not, we'll get that fixed, just let me know either way 


Just looking thru the new OTL log, and there is some malware surfacing. Can you update MBAM and run a scan again, and post the log


----------



## eddie5659 (Mar 19, 2001)

With regards to BF3, you shouldn't lose your rank etc, as its all on Battlelog, and that is web based.

I used to uninstall BF2 a few times when it had trouble, and I never lost my rank, thankfully


----------



## obxtony (Aug 17, 2008)

OMG started MBAB (after updating) and IMEDIATELY found 117 items! Ill post results when finished. Must be a breading ground in my pc!
Yopur going on Holiday?? Hope you have a fabulous time you certainly deserve it.I looked at firewall and canrt see it disabled (probably looking in wrong place sigh)


----------



## obxtony (Aug 17, 2008)

no probs found running cmd


----------



## obxtony (Aug 17, 2008)

Mbam report:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.25.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-PC [administrator]
25/04/2012 12:31:47
mbam-log-2012-04-25 (14-23-16).txt
Scan type: Full scan
Scan options enabled: Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | P2P
Objects scanned: 501530
Time elapsed: 1 hour(s), 46 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 138
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{03A37CA0-AC78-48C3-B061-E82D3644CCBE} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.SkinLauncherSettings.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.SkinLauncherSettings (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.SkinLauncher (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.SkinLauncher.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 22
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\gen1 (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\jsifb (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\wbnotify (PUP.MyWebSearch) -> No action taken.
Files Detected: 81
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\00C6B869.exe (PUP.MyWebSearch) -> No action taken.
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\gen1\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> No action taken.
(end)


----------



## eddie5659 (Mar 19, 2001)

Not sure where that lot came from, as we removed the folders before. If you re-run it, but when it says Show Results, make sure all the boxes are ticked, and then select Remove, and post the new log.

I want to deleve a bit deeper, so can you run this for me:


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)


----------



## obxtony (Aug 17, 2008)

running mbam now
deleted all those files last time!!
see what comes up now?


----------



## obxtony (Aug 17, 2008)

oops says I dont have permission to run rsit from this site


----------



## obxtony (Aug 17, 2008)

doesnt look like anything on mbam now eddie


----------



## eddie5659 (Mar 19, 2001)

If you download RSIT to your desktop like you did before with the OTL program, and run it from the desktop, it should be okay.


----------



## obxtony (Aug 17, 2008)

it wont let me download from that link you gave


----------



## obxtony (Aug 17, 2008)

You don't have permission to access /random/RSIT.exe on this server.


----------



## obxtony (Aug 17, 2008)

off to bed now eddie m8
nite!


----------



## eddie5659 (Mar 19, 2001)

Okay, just re-run OTL again, and I'll look at that 

Night


----------



## obxtony (Aug 17, 2008)

ran Spybot this morning and here is the log...in 2 parts!!
part 1

--- Search result list ---
IncrediBar: [SBI $430C5658] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\DisplayName=...MyStart Search...
IncrediBar: [SBI $6FA574B7] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\URL=...http://mystart.incredibar.com/*...
IncrediBar: [SBI $91B383C6] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
IncrediBar: [SBI $A7C7A4CA] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
FunWebProducts: [SBI $8C4358AC] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
FunWebProducts: [SBI $E3AF827A] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
FunWebProducts: [SBI $E3AF827A] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
FunWebProducts: [SBI $036600C0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
FunWebProducts: [SBI $036600C0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
FunWebProducts: [SBI $2AEC0692] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
FunWebProducts: [SBI $28AAB8CB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
FunWebProducts: [SBI $28AAB8CB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
FunWebProducts: [SBI $1FE355FA] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB}
MyWay.MyWebSearch: [SBI $31A33FBC] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
MyWay.MyWebSearch: [SBI $45492A3B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: [SBI $45492A3B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: [SBI $C7B4FC73] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: [SBI $C7B4FC73] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: [SBI $A9DBD3A1] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: [SBI $B4140203] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: [SBI $B4140203] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: [SBI $7D166358] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: [SBI $7D166358] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: [SBI $5B4611BE] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: [SBI $5B4611BE] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: [SBI $4689C01C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: [SBI $4689C01C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: [SBI $7390AC55] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
MyWay.MyWebSearch: [SBI $7390AC55] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
MyWay.MyWebSearch: [SBI $205CC8F2] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\FunWebProducts
MyWay.MyWebSearch: [SBI $93F63F8F] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected]
MyWay.MyWebSearch: [SBI $33173CA4] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
FunWebProducts: [SBI $DB2B49F5] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
FunWebProducts: [SBI $FD7B3B13] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
FunWebProducts: [SBI $FD7B3B13] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
MyWebSearch: [SBI $1BF07E2D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: [SBI $063FAF8F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: [SBI $063FAF8F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: [SBI $49545C76] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
MyWebSearch: [SBI $4B220C13] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
MyWebSearch: [SBI $4B220C13] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
MyWebSearch: [SBI $9BC10F0D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
MyWebSearch: [SBI $9BC10F0D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
MyWebSearch: [SBI $C497E5AD] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: [SBI $0778094F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: [SBI $0778094F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: [SBI $A020D1EF] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
MyWebSearch: [SBI $4343368F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
MyWebSearch: [SBI $4343368F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
MyWebSearch: [SBI $28E3F240] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
MyWebSearch: [SBI $EB0F98F9] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
MyWebSearch: [SBI $EB0F98F9] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
MyWebSearch: [SBI $60D9B2FA] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWebSearch: [SBI $134ADC4E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
MyWebSearch: [SBI $134ADC4E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
MyWebSearch: [SBI $7085932F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
MyWebSearch: [SBI $7085932F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
MyWebSearch: [SBI $A352080D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
MyWebSearch: [SBI $A352080D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
MyWebSearch: [SBI $689AB931] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
MyWebSearch: [SBI $689AB931] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
MyWebSearch: [SBI $1FBE02BC] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
MyWebSearch: [SBI $1FBE02BC] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
MyWebSearch: [SBI $FB21141E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
MyWebSearch: [SBI $FB21141E] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
MediaPlex: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

Right Media: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

MediaPlex: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

Statcounter: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

Zedo: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

Clickbank: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

FastClick: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

Clickbank: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

Adviva: Tracking cookie (Internet Explorer: tony) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-04-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-04-18 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-03-20 Includes\Hijackers.sbi (*)
2012-04-23 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-04-23 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-04-18 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-04-11 Includes\TrojansC-02.sbi (*)
2012-04-19 Includes\TrojansC-03.sbi (*)
2012-04-23 Includes\TrojansC-04.sbi (*)
2012-03-27 Includes\TrojansC-05.sbi (*)
2012-04-23 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)

--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: C98FF6C440E8967251F59C7919B505A1
Located: HK_LM:Run, AMD AVT
command: Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
file: C:\Windows\system32\Cmd.exe
size: 302592
MD5: AD7B9C14083B52BC532FBA5948342B98
Located: HK_LM:Run, Anti-phishing Domain Advisor
command: "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
file: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
size: 217256
MD5: 43CC960ED33AD7B552772711284B0CDD
Located: HK_LM:Run, AVG_TRAY
command: "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
file: C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
size: 2575712
MD5: DE42F63D66534B444357B4106DCBD704
Located: HK_LM:Run, BATINDICATOR
command: C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
size: 2068992
MD5: 4298DB2F9FE4FE4C96AC4528542680F8
Located: HK_LM:Run, HP Remote Solution
command: %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
size: 656896
MD5: 47DCE3A2FE0B34DD9F01EB4037303A3E
Located: HK_LM:Run, hpsysdrv
command: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
file: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
size: 62768
MD5: 554A50B5310E702029D3A675459108FF
Located: HK_LM:Run, IAStorIcon
command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 284696
MD5: 852F12CA7C4FC7E3D77B606492435556
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 879D74337173A6D630D3D06184D354C1
Located: HK_LM:Run, LaunchHPOSIAPP
command: C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
size: 385024
MD5: D2EEB58B35C841EDAE333619E0AD5B02
Located: HK_LM:Run, LWS
command: C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
file: C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
size: 205336
MD5: A2418D3C557C0A0C634DA713A8AC3789
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
Located: HK_LM:Run, TrojanScanner
command: C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
file: C:\Program Files (x86)\Trojan Remover\Trjscan.exe
size: 1238800
MD5: B13BE8904B855BBA9E27D5DB2B7D6AB0
Located: HK_LM:Run, vProt
command: "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
file: C:\Program Files (x86)\AVG Secure Search\vprot.exe
size: 1116544
MD5: B339D30A2D2E2E8ADE46981F1491C8FA
Located: HK_CU:Run, Advanced SystemCare 5
where: .DEFAULT...
command: "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
file: C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Chameleon System Monitor
where: S-1-5-21-1524944666-1662594902-3796366332-1000...
command: C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe /startup
file: C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe
size: 1802752
MD5: 2CF3FA09EB71D8CD55CFBE32695933F8
Located: HK_CU:Run, EADM
where: S-1-5-21-1524944666-1662594902-3796366332-1000...
command: "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
file: C:\Program Files (x86)\Origin\Origin.exe
size: 3402376
MD5: 9A018FAFE23F601CBAF74E835F5F645D
Located: HK_CU:Run, KiesHelper
where: S-1-5-21-1524944666-1662594902-3796366332-1000...
command: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
file: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
size: 954256
MD5: C60CE0D55CF80AEC6DDDD27D1CBADA08
Located: HK_CU:Run, KiesPDLR
where: S-1-5-21-1524944666-1662594902-3796366332-1000...
command: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
file: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
size: 21392
MD5: F4158E8EED7ED7AB0727F54DCDC1FF89
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1524944666-1662594902-3796366332-1000...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, Advanced SystemCare 5
where: S-1-5-18...
command: "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
file: C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), AML Device Install.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
file: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
size: 10752
MD5: 6E43238CADA10ED92DCC50C67A9B742F
Located: Startup (common), Microsoft Office.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: FDC1F94B79D3C08E5D66341E3CD6688E

--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 26/03/2012 16:39:00
Date (last access): 24/04/2012 17:52:30
Date (last write): 26/03/2012 16:39:00
Filesize: 75200
Attributes: archive 
MD5: 885BA7AE8F650E7D7BCB5B966E00DDCE
CRC32: A0D904C3
Version: 9.5.1.283
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 09/12/2010 19:03:08
Date (last access): 24/04/2012 21:00:42
Date (last write): 04/12/2011 18:38:34
Filesize: 425680
Attributes: archive 
MD5: 6E5700EB96D1D3C03ED1417B39382C4E
CRC32: 1D1D6989
Version: 15.0.0.198
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} (AVG Do-Not-Track)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AVG Do-Not-Track
CLSID name: AVG Do-Not-Track
Path: C:\Program Files (x86)\AVG\AVG2012\
Long name: avgdtiex.dll
Short name: 
Date (created): 20/02/2012 05:04:16
Date (last access): 24/04/2012 22:12:12
Date (last write): 20/02/2012 05:04:16
Filesize: 898912
Attributes: archive 
MD5: B69D7DB505528DA656CBDF2E9560CA69
CRC32: 1C5D39A6
Version: 12.0.0.2118
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files (x86)\AVG\AVG2012\
Long name: avgssie.dll
Short name: 
Date (created): 14/02/2012 04:53:12
Date (last access): 24/04/2012 22:12:12
Date (last write): 14/02/2012 04:53:12
Filesize: 1408352
Attributes: archive 
MD5: 325D7B6D0B9B166A48A3AB958C4B2E5D
CRC32: 37BABC07
Version: 12.0.0.2111
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 28/03/2011 21:35:06
Date (last access): 24/04/2012 13:19:46
Date (last write): 28/03/2011 21:35:06
Filesize: 441216
Attributes: archive 
MD5: CF39A105CD553EED31E2255AFF4C6742
CRC32: 3D1149C5
Version: 7.250.4232.0
{95B7759C-8C7F-4BF1-B163-73684A933233} (AVG Security Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: AVG Security Toolbar
Path: C:\Program Files (x86)\AVG Secure Search\11.0.0.9\
Long name: AVG Secure Search_toolbar.dll
Short name: AVGSEC~1.DLL
Date (created): 24/04/2012 22:23:10
Date (last access): 24/04/2012 22:23:10
Date (last write): 24/04/2012 22:23:10
Filesize: 2067328
Attributes: archive 
MD5: ACDD847DB8DEEA5569425D55630071C0
CRC32: FA36B3E3
Version: 11.0.0.9
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} (Windows Live Messenger Companion Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: Windows Live Messenger Companion Helper
Path: C:\Program Files (x86)\Windows Live\Companion\
Long name: companioncore.dll
Short name: COMPAN~1.DLL
Date (created): 08/03/2012 18:14:38
Date (last access): 24/04/2012 20:22:34
Date (last write): 08/03/2012 18:14:38
Filesize: 393600
Attributes: archive 
MD5: 8513A7BB078A669E75F2ADC3FB007B24
CRC32: E900D37E
Version: 15.4.3555.308
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files (x86)\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~1.DLL
Date (created): 06/04/2011 11:38:30
Date (last access): 24/04/2012 17:53:50
Date (last write): 22/03/2012 18:27:02
Filesize: 192112
Attributes: archive 
MD5: 5B97AB550022B2783894C558FA2E1310
CRC32: 66F3ED5B
Version: 7.3.2710.138
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SkypeIEPluginBHO
CLSID name: Skype Browser Helper
Path: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\
Long name: skypeieplugin.dll
Short name: SKYPEI~1.DLL
Date (created): 17/01/2012 11:43:46
Date (last access): 24/04/2012 13:20:38
Date (last write): 17/01/2012 11:43:46
Filesize: 3855520
Attributes: archive 
MD5: 70CE1DA6684A7043B0008C2F2E286E27
CRC32: 146CBAA3
Version: 5.9.0.9216
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: FDMIECookiesBHO Class
Path: C:\Program Files (x86)\Free Download Manager\
Long name: iefdm2.dll
Short name: 
Date (created): 21/03/2010 19:57:40
Date (last access): 24/04/2012 17:52:30
Date (last write): 30/12/2008 02:03:26
Filesize: 98304
Attributes: archive 
MD5: 635827CCBEF561E1E0CF9D97624CA225
CRC32: 54772110
Version: 841.0.0.0
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: Bing Bar Helper
Path: "C:\Program Files (x86)\Microsoft\BingBar\
Long name: BingExt.dll"
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 
CLSID name: Java(tm) Plug-In 2 SSV Helper

--- ActiveX list ---
{0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection)
DPF name: 
CLSID name: Device Detection
Installer: C:\Windows\Downloaded Program Files\LogitechDeviceDetection32.inf
Codebase: http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name: 
CLSID name: PCPitstop Utility
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link: 
info source: Patrick M. Kolla
{140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class)
DPF name: 
CLSID name: SysInfo Class
Installer: C:\Windows\Downloaded Program Files\SystemRequirementsLab.inf
Codebase: http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
Path: C:\Program Files (x86)\SystemRequirementsLab\
Long name: srldetect_cyri_4.1.71.0.dll
Short name: SRLDET~1.DLL
Date (created): 26/02/2010 10:11:34
Date (last access): 24/04/2012 13:20:14
Date (last write): 26/02/2010 10:11:34
Filesize: 653432
Attributes: archive 
MD5: C02023883B7EA9A0679643D8FDC4DA27
CRC32: 689EA236
Version: 4.1.71.0
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name: 
CLSID name: Installation Support
Installer: 
Codebase: C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link: 
info source: Patrick M. Kolla
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object)
DPF name: 
CLSID name: CDownloadCtrl Object
Installer: 
Codebase: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
description: 
classification: Legitimate
known filename: FilePlanetDownloadCtrl.dll
info link: 
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Download Manager\
Long name: DLMControl.dll
Short name: DLMCON~1.DLL
Date (created): 27/10/2009 18:17:50
Date (last access): 24/04/2012 13:20:22
Date (last write): 27/10/2009 18:17:50
Filesize: 324976
Attributes: archive 
MD5: AF78E9D4D1ED741039FA610157F91711
CRC32: 874FC008
Version: 2.3.10.115
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class)
DPF name: 
CLSID name: GMNRev Class
Installer: C:\Windows\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
Path: C:\Program Files (x86)\HP\Common\
Long name: HPGMNRev.dll
Short name: 
Date (created): 13/11/2009 16:29:24
Date (last access): 24/04/2012 13:20:32
Date (last write): 13/11/2009 16:29:24
Filesize: 188472
Attributes: archive 
MD5: FF8B6F7E41BA8B22B091C8E5F1050548
CRC32: 485F84F7
Version: 9.7.3.0
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name: 
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~2\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 17/04/2012 22:17:52
Date (last access): 24/04/2012 13:19:44
Date (last write): 30/09/2011 09:28:08
Filesize: 3405744
Attributes: archive 
MD5: 751EE920D6811584E5B1F0B153A5A4E2
CRC32: E2EE1C02
Version: 1.0.0.6583
{A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class)
DPF name: 
CLSID name: PCMaticVer Class
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater)
DPF name: 
CLSID name: Battlefield Play4Free Updater
Installer: C:\Windows\Downloaded Program Files\BP4FUpdater.inf
Codebase: https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
DPF name: 
CLSID name: PCPitstop Exam
Installer: C:\Windows\Downloaded Program Files\PCPitstop2.inf
Codebase: http://utilities.pcpitstop.com/da2/PCPitStop2.cab

--- Process list ---
PID: 0 ( 0) [System]
PID: 1604 (1532) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
size: 1668920
MD5: 811B336C4F531E4F8975CEED45932CC2
PID: 3112 (2632) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
size: 62768
MD5: 554A50B5310E702029D3A675459108FF
PID: 3128 (2632) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
size: 2068992
MD5: 4298DB2F9FE4FE4C96AC4528542680F8
PID: 3188 (2632) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
size: 656896
MD5: 47DCE3A2FE0B34DD9F01EB4037303A3E
PID: 3204 (2632) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 284696
MD5: 852F12CA7C4FC7E3D77B606492435556
PID: 3212 (2632) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
size: 205336
MD5: A2418D3C557C0A0C634DA713A8AC3789
PID: 3332 (2632) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
size: 2575712
MD5: DE42F63D66534B444357B4106DCBD704
PID: 3640 (1460) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
size: 1069568
MD5: E145F3779E180E7C92DB69EB4475C492
PID: 3656 (2632) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
PID: 3672 (2632) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
size: 217256
MD5: 43CC960ED33AD7B552772711284B0CDD
PID: 3688 (2632) C:\Program Files (x86)\AVG Secure Search\vprot.exe
size: 1116544
MD5: B339D30A2D2E2E8ADE46981F1491C8FA
PID: 3840 (3152) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
size: 2068992
MD5: EDCB55CF7135CCF9818EEC413FB39410
PID: 3848 (3212) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
size: 265240
MD5: 550B8CB98A8FA1D7A1A7371055A38DDA
PID: 3872 (1460) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
size: 207872
MD5: 2D0631DA51B1416B9C4EAA29FB6466B2
PID: 4336 (4224) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
size: 53248
MD5: 4FF9D0D5FEC26D9F2312A8C15CA59C8F
PID: 4548 ( 848) C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
size: 680984
MD5: 902054D6B4292329F9594FFF24EE02DB
PID: 5084 (4224) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
size: 210216
MD5: 30426544CDDC55B8B71DEB556722ECE3
PID: 5996 ( 848) C:\Program Files (x86)\Common Files\Motive\McciControlHost.exe
size: 309128
MD5: FAA51850621B5CB6045F139726B27C49
PID: 6268 (4312) C:\Program Files (x86)\Origin\Origin.exe
size: 3402376
MD5: 9A018FAFE23F601CBAF74E835F5F645D
PID: 7464 (1560) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 6916 (5892) C:\Program Files (x86)\FixCleaner\FixCleaner.exe
size: 47658848
MD5: D697BC38C92DEFB96CE6A01E8DB08454
PID: 4 ( 0) System
PID: 364 ( 4) smss.exe
PID: 532 ( 508) csrss.exe
PID: 612 ( 604) csrss.exe
PID: 620 ( 508) wininit.exe
size: 96256
PID: 656 ( 604) winlogon.exe
PID: 716 ( 620) services.exe
PID: 724 ( 620) lsass.exe
PID: 732 ( 620) lsm.exe
PID: 848 ( 716) svchost.exe
size: 20992
PID: 928 ( 716) svchost.exe
size: 20992
PID: 1012 ( 716) RapportMgmtService.exe
PID: 536 ( 716) atiesrxx.exe
PID: 704 ( 716) svchost.exe
size: 20992
PID: 864 ( 716) svchost.exe
size: 20992
PID: 712 ( 716) svchost.exe
size: 20992
PID: 1156 ( 716) svchost.exe
size: 20992
PID: 1204 ( 536) atieclxx.exe
PID: 1328 ( 716) svchost.exe
size: 20992
PID: 1552 ( 864) C:\Windows\System32\dwm.exe
PID: 1560 (1544) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 1744 ( 716) spoolsv.exe
PID: 1832 ( 716) svchost.exe
size: 20992
PID: 1932 ( 716) SASCORE64.EXE
PID: 1960 ( 716) AppleMobileDeviceService.exe
PID: 2028 ( 716) avgfws.exe
PID: 1520 ( 716) avgwdsvc.exe
PID: 1660 ( 716) mDNSResponder.exe
PID: 1516 ( 716) VIAService.exe
PID: 1784 ( 716) svchost.exe
size: 20992
PID: 1716 ( 716) svchost.exe
size: 20992
PID: 1232 ( 716) HPDrvMntSvc.exe
PID: 1068 ( 716) LSSrvc.exe
PID: 2064 ( 716) McciCMService.exe
PID: 2156 ( 716) McciCMService.exe
PID: 2360 ( 716) SeaPort.EXE
PID: 2396 (1520) avgnsa.exe
PID: 2404 ( 716) C:\Windows\System32\taskhost.exe
PID: 2424 (1520) avgemca.exe
PID: 2612 (1520) avgrsa.exe
PID: 2912 (2612) avgcsrva.exe
PID: 2956 (1560) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 2417032
MD5: 5B72629C8144D1A96490D4C090D28DA1
PID: 2968 ( 716) svchost.exe
size: 20992
PID: 3000 (1560) C:\Program Files\Microsoft IntelliType Pro\itype.exe
size: 1873256
MD5: 88CA0FFA894AF4B0D90B93FAA2A0A0D9
PID: 3024 (1560) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
size: 610360
MD5: A5E7025E2B9FFD21956CD5D3E08BFE0D
PID: 3040 ( 716) ToolbarUpdater.exe
PID: 148 ( 716) WajamUpdater.exe
PID: 1460 (1560) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
size: 3451904
MD5: CFEEF423DB3993CFE16C1BF0F696A886
PID: 2588 ( 716) WLIDSVC.EXE
PID: 2792 ( 716) YahooAUService.exe
PID: 3960 (2588) WLIDSVCM.EXE
PID: 4068 (3000) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
size: 516968
MD5: 722909EA9156F50EF1B386D76D4525A5
PID: 4224 ( 712) C:\Windows\System32\taskeng.exe
size: 192000
MD5: 4F2659160AFCCA990305816946F69407
PID: 4388 ( 716) SDWinSec.exe
PID: 4832 ( 716) avgidsagent.exe
PID: 2804 ( 716) SearchIndexer.exe
size: 427520
PID: 5240 ( 716) svchost.exe
size: 20992
PID: 5392 ( 864) WUDFHost.exe
PID: 5572 ( 716) wmpnetwk.exe
PID: 6084 (2396) avgcsrva.exe
PID: 6096 ( 848) C:\Program Files\Common Files\Motive\McciControlHost.exe
size: 452096
MD5: 28A2F174A290964DC472340789202C89
PID: 3744 ( 716) svchost.exe
size: 20992
PID: 5160 ( 848) dllhost.exe
size: 7168
PID: 2296 ( 716) HPSA_Service.exe
PID: 5976 ( 716) PresentationFontCache.exe
PID: 6960 ( 716) C:\Windows\System32\taskhost.exe
PID: 1972 ( 716) PnkBstrB.exe
size: 283304
PID: 5920 ( 716) PnkBstrA.exe
size: 76888
PID: 6152 ( 704) audiodg.exe
PID: 2820 ( 712) taskeng.exe
size: 192000
PID: 4208 (2804) SearchProtocolHost.exe
size: 164352
PID: 2808 (2804) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: A6CD6B3F71E13E2E45B727FB8A47EA87
PID: 6416 ( 716) svchost.exe
size: 20992

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 26/04/2012 13:33:33
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://isearch.avg.com/?cid={0BF34C...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=hp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/?ilc=8
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename: 
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: 
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: 
Namespace Provider 5: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 6: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

--- Uninstall list ---
(AddressBook)
Adobe AIR 1.5.3.9130 (Adobe AIR)
version (major): 1
version (minor): 5
install location: c:\Program Files (x86)\Common Files\Adobe AIR\
uninstall cmd: c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
publisher: Adobe Systems Inc.
Amazon Kindle (Amazon Kindle)
uninstall cmd: C:\Program Files (x86)\Amazon\Kindle\uninstall.exe
publisher: Amazon
Anti-phishing Domain Advisor 1.1.0.1 (Anti-phishing Domain Advisor)
install location: C:\ProgramData\Anti-phishing Domain Advisor
uninstall cmd: C:\ProgramData\Anti-phishing Domain Advisor\uninstall.exe
publisher: Visicom Media Inc. (Powered by Panda Security)
AVG Security Toolbar 11.0.0.9 (AVG Secure Search)
uninstall cmd: C:\Program Files (x86)\AVG Secure Search\UNINSTALL.exe /UNINSTALL
publisher: AVG Technologies
AVS DVD Copy version 4.1.1 (AVS DVD Copy_is1)
install date: 20101021
install location: C:\Program Files (x86)\AVS4YOU\AVSDVDCopy\
uninstall cmd: "C:\Program Files (x86)\AVS4YOU\AVSDVDCopy\unins000.exe"
publisher: Online Media Technologies Ltd.
help link: http://www.avs4you.com/support/index.aspx
AVS Image Converter 1.3.1.136 (AVS Image Converter_is1)
install date: 20101105
install location: C:\Program Files (x86)\AVS4YOU\AVSImageConverter\
uninstall cmd: "C:\Program Files (x86)\AVS4YOU\AVSImageConverter\unins000.exe"
publisher: Online Media Technologies Ltd.
help link: http://www.avs4you.com/support.aspx
AVS Update Manager 1.0 (AVS Update Manager_is1)
install date: 20101105
install location: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\
uninstall cmd: "C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe"
publisher: Online Media Technologies Ltd.
help link: http://www.avs4you.com/support/index.aspx
AVS4YOU Software Navigator 1.4 (AVS4YOU Software Navigator_is1)
install date: 20101105
install location: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\
uninstall cmd: "C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
publisher: Online Media Technologies Ltd.
help link: http://www.avs4you.com
Battlelog Web Plugins 1.118.0 (Battlelog Web Plugins)
install location: C:\Program Files (x86)\Battlelog Web Plugins
install source: http://battlelog.battlefield.com/
uninstall cmd: C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe
publisher: EA Digital Illusions CE AB
BT Broadband Desktop Help (BT Broadband Desktop Help)
uninstall cmd: C:\Program Files (x86)\BT Broadband Desktop Help\btbb\unBTBDH.exe
BTHomeHub (BTHomeHub)
uninstall cmd: C:\Program Files (x86).\BTHomeHub.\Uninstall.exe BTHomeHub3.0
publisher: British Telecommunications Plc.
Acrobat.com 1.1.377 (com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1)
install location: C:\Program Files (x86)\Adobe\Acrobat.com\
uninstall cmd: C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
publisher: Adobe Systems Incorporated
(Connection Manager)
Cross Fire En (Cross Fire_is1)
install date: 20100415
install location: C:\Program Files (x86)\Z8Games\CrossFire\
uninstall cmd: "C:\Program Files (x86)\Z8Games\CrossFire\unins000.exe"
publisher: Z8Games.com
help link: http://Crossfire.z8games.com
Disketch CD Label Software (Disketch)
uninstall cmd: C:\Program Files (x86)\NCH Software\Disketch\uninst.exe
publisher: NCH Software
Download Manager 2.3.10 2.3.10 (Download Manager)
uninstall cmd: C:\Program Files (x86)\Download Manager\uninst.exe
publisher: IGN Entertainment, Inc.
Easy CD and DVD Cover Creator 4.13 4.13 (Easy CD and DVD Cover Creator)
uninstall cmd: C:\Program Files (x86)\Easy CD & DVD Cover Creator\uninst.exe
publisher: Ben Williamson
Magic Desktop (EasyBits Magic Desktop)
install location: C:\Program Files (x86)\EasyBits For Kids
uninstall cmd: C:\Windows\system32\ezMDUninstall.exe
publisher: EasyBits Software AS
ESET Online Scanner v3 (ESET Online Scanner)
uninstall cmd: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESN Sonar 0.70.4 (ESN Sonar-0.70.4)
install location: C:\Program Files (x86)\Battlelog Web Plugins\Sonar
install source: http://www.sonar-api.com/
uninstall cmd: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
publisher: ESN Social Software AB
help link: http://www.sonar-api.com/
Express Burn Disc Burning Software (ExpressBurn)
install location: C:\Program Files (x86)\NCH Software\ExpressBurn
uninstall cmd: C:\Program Files (x86)\NCH Software\ExpressBurn\uninst.exe
publisher: NCH Software
Free Download Manager 3.0 (Free Download Manager_is1)
install date: 20100823
install location: C:\Program Files (x86)\Free Download Manager\
uninstall cmd: "C:\Program Files (x86)\Free Download Manager\unins000.exe"
publisher: FreeDownloadManager.ORG
help link: http://www.freedownloadmanager.org/
GoToAssist Corporate 9.0.0.570 (GoToAssist)
version: 150995514
version (major): 9
install date: 20110901
install location: C:\Program Files (x86)\Citrix\GoToAssist\570
uninstall cmd: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AUninstaller.exe /uninstall
publisher: Citrix Online, a division of Citrix Systems, Inc.
help link: http://www.gotoassist.com/support
Hardware Helper 10.0 (Hardware Helper_is1)
estimated size: 11270
install date: 20110726
install location: C:\Program Files (x86)\Driver-Soft\HardwareHelper\
uninstall cmd: "C:\Program Files (x86)\Driver-Soft\HardwareHelper\unins000.exe"
publisher: Driver-Soft Inc.
help link: http://www.pchelpsoft.com/hardware-helper/support
HP Photo Creations 1.0.0.3781 (HP Photo Creations)
estimated size: 15000
install location: C:\ProgramData\HP Photo Creations
uninstall cmd: C:\Program Files (x86)\HP Photo Creations\uninst.exe
publisher: HP Photo Creations Powered by RocketLife
help link: http://www.hp.com/support
HP Remote Solution 1.1.11.0 (HP Remote Solution)
version: 16842769
version (major): 1
version (minor): 1
install location: C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution
uninstall cmd: "C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}\HP_Remote_Solution_Install.exe" REMOVE=TRUE MODIFY=FALSE
publisher: Hewlett-Packard
comments: Hewlett-Packard
contact: HP Remote Solution
(IE40)
CyberLink DVD Suite Deluxe 7.0.2115 (InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79})
version: 117440512
version (major): 7
estimated size: 37032
install date: 20100107
install location: c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
Movie Theme Pack for HP MediaSmart Video 3.1.3310 (InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 340208
install date: 20100107
install location: c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media Movie Theme Pack\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe" /z-uninstall /zMS
publisher: Hewlett-Packard
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
5.5.2216 (InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5})
version: 87162880
version (major): 5
version (minor): 50
estimated size: 54872
install date: 20100107
install location: C:\Program Files (x86)\Hewlett-Packard\Recovery\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
Samsung Kies 2.0.0.11044_11 (InstallShield_{758C8301-2696-4855-AF45-534B1200980A})
version: 33554432
version (major): 2
estimated size: 185652
install date: 20111012
install location: C:\Program Files (x86)\Samsung\Kies\
install source: C:\Users\tony\AppData\Local\Downloaded Installations\{3EC8F441-7A39-4DCB-AA0F-7B9D44C55530}\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
publisher: Samsung Electronics Co., Ltd.
Silent Hunter III 1.00.0000 (InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7})
version: 16777216
version (major): 1
estimated size: 2556966
install date: 20101017
install location: C:\Program Files (x86)\Ubisoft\SilentHunterIII\
install source: E:\
uninstall cmd: C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7} /l1033 
publisher: Ubisoft
comments: 
contact: Customer Support Department
help link: http://support.ubi.com/
help telephone: 
HP MediaSmart Music/Photo/Video 3.1.3601 (InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 321976
install date: 20100320
install location: c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
publisher: Hewlett-Packard
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
LabelPrint 2.5.2017 (InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243})
version: 36831232
version (major): 2
version (minor): 5
estimated size: 236168
install date: 20100107
install location: c:\Program Files (x86)\CyberLink\LabelPrint\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
PowerDirector 7.0.3405 (InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1})
version: 117440512
version (major): 7
estimated size: 534920
install date: 20100107
install location: c:\Program Files (x86)\CyberLink\PowerDirector\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
HP MediaSmart DVD 3.1.3317 (InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 99068
install date: 20100107
install location: c:\Program Files (x86)\Hewlett-Packard\Media\DVD\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
publisher: Hewlett-Packard
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
DVD Menu Pack for HP MediaSmart Video 3.1.3224 (InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 102904
install date: 20100107
install location: c:\Program Files (x86)\Hewlett-Packard\TouchSmart\DVD Menu Pack\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe" /z-uninstall /zMS
publisher: Hewlett-Packard
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
JoneSoft MD5Mate v1.1.0 1.1.0 (JoneSoft MD5Mate_is1)
install date: 20101016
install location: C:\Program Files (x86)\JoneSoft\MD5Mate\
uninstall cmd: "C:\Program Files (x86)\JoneSoft\MD5Mate\unins000.exe"
publisher: JoneSoft
help link: http://www.users.on.net/~jscones/software/
Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931906
Logitech Vid HD 7.2 (7259) (Logitech Vid)
version (major): 7
version (minor): 2
install location: C:\Program Files (x86)\Logitech\Vid HD
uninstall cmd: C:\Program Files (x86)\Logitech\Vid HD\uninst.exe
publisher: Logitech Inc..
help link: http://www.logitech.com/vid
Malwarebytes Anti-Malware version 1.61.0.1400 1.61.0.1400 (Malwarebytes' Anti-Malware_is1)
estimated size: 18479
install date: 20120409
install location: C:\Program Files (x86)\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
(My HP Game Console)
install location: C:\Program Files (x86)\HP Games\HP Game Console
uninstall cmd: "C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe"
publisher: WildTangent
help link: http://support.wildgames.com
NoteWorthy Composer 2 Viewer Version 2.1 (NoteWorthy Composer 2 Viewer)
version (major): 2
version (minor): 100
install location: C:\Program Files (x86)\Noteworthy Software\NoteWorthy Composer 2 Viewer
uninstall cmd: "C:\Program Files (x86)\Noteworthy Software\NoteWorthy Composer 2 Viewer\Uninstall.exe"
publisher: NoteWorthy Software, Inc.
help link: http://noteworthysoftware.com/
OpenAL (OpenAL)
uninstall cmd: "C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Origin 8.5.0.4550 (Origin)
install location: C:\Program Files (x86)\Origin
uninstall cmd: C:\Program Files (x86)\Origin\OriginUninstall.exe
publisher: Electronic Arts, Inc.
PunkBuster Services 0.991 (PunkBusterSvc)
uninstall cmd: C:\Program Files (x86)\Electronic Arts\Battlefield 3\pbsvc.exe -u
publisher: Even Balance, Inc.
help link: http://www.evenbalance.com/index.php?page=pbsvcfaq.php
Rapport 3.5.1201.68 (Rapport_msi)
install location: C:\
uninstall cmd: msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\ProgramData\Trusteer\Rapport\logs\uninstall.log"
publisher: Trusteer
RealPlayer (RealPlayer 15.0)
install location: c:\program files (x86)\real\realplayer\
uninstall cmd: c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
publisher: RealNetworks
comments: Play, Save, and Organize your music and videos, Burn a CD, or simply take your music with you.
contact: RealNetworks
Revo Uninstaller 1.92 1.92 (Revo Uninstaller)
install location: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller
uninstall cmd: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
publisher: VS Revo Group
comments: Thank you for choosing Revo Uninstaller!
help link: http://www.revouninstaller.com
Download Updater (AOL LLC) (SoftwareUpdUtility)
uninstall cmd: C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe
Men of War: Condemned Heroes (Steam App 204860)
install location: c:\program files (x86)\steam\steamapps\common\men of war condemned heroes
uninstall cmd: "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/204860
help link: http://support.steampowered.com/
Men of War: Vietnam (Steam App 63940)
install location: c:\program files (x86)\steam\steamapps\common\men of war - vietnam
uninstall cmd: "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/63940
help link: http://support.steampowered.com/
Trojan Remover 6.8.3 6.8.3 (Trojan Remover_is1)
estimated size: 18878
install date: 20120404
install location: C:\Program Files (x86)\Trojan Remover\
uninstall cmd: "C:\Program Files (x86)\Trojan Remover\unins000.exe"
publisher: Simply Super Software
comments: Trojan Remover is designed to detect/remove Malware
contact: [email protected]
help link: http://www.simplysup.com/support/
File Type Assistant (Trusted Software Assistant_is1)
estimated size: 3951
install date: 20120403
install location: C:\Program Files (x86)\File Type Assistant\
uninstall cmd: "C:\Program Files (x86)\File Type Assistant\unins000.exe"
publisher: Trusted Software
TVUPlayer 2.5.2.2 2.5.2.2 (TVUPlayer)
uninstall cmd: C:\Program Files (x86)\TVUPlayer\uninst.exe
publisher: TVU networks
(WIC)
HP Games 1.0.0.71 (WildTangent hp Master Uninstall)
install location: C:\Program Files (x86)\HP Games
uninstall cmd: "C:\Program Files (x86)\HP Games\Uninstall.exe"
publisher: WildTangent
comments: HPCMPQ2501
1.2.6.0 (WildTangentGameProvider-hp-genres)
install location: C:\Program Files (x86)\HP Games\Game Explorer Categories - genres
uninstall cmd: "C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
publisher: WildTangent, Inc.
1.2.6.0 (WildTangentGameProvider-hp-main)
install location: C:\Program Files (x86)\HP Games\Game Explorer Categories - main
uninstall cmd: "C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"
publisher: WildTangent, Inc.
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files (x86)\WinRAR\uninstall.exe
2.2.0.63 (WT065226)
install location: C:\Program Files (x86)\HP Games\Blasterball 3
uninstall cmd: "C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065277)
install location: C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2
uninstall cmd: "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065290)
install location: C:\Program Files (x86)\HP Games\Mah Jong Medley
uninstall cmd: "C:\Program Files (x86)\HP Games\Mah Jong Medley\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065295)
install location: C:\Program Files (x86)\HP Games\Polar Bowler
uninstall cmd: "C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065296)
install location: C:\Program Files (x86)\HP Games\Polar Golfer
uninstall cmd: "C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065297)
install location: C:\Program Files (x86)\HP Games\Super Collapse 3
uninstall cmd: "C:\Program Files (x86)\HP Games\Super Collapse 3\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065305)
install location: C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City
uninstall cmd: "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065307)
install location: C:\Program Files (x86)\HP Games\World of Goo
uninstall cmd: "C:\Program Files (x86)\HP Games\World of Goo\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.63 (WT065308)
install location: C:\Program Files (x86)\HP Games\Dora's Carnival Adventure
uninstall cmd: "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT065414)
install location: C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe
uninstall cmd: "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT065426)
install location: C:\Program Files (x86)\HP Games\Chuzzle Deluxe
uninstall cmd: "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT065446)
install location: C:\Program Files (x86)\HP Games\Peggle
uninstall cmd: "C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT065454)
install location: C:\Program Files (x86)\HP Games\Slingo Deluxe
uninstall cmd: "C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT065459)
install location: C:\Program Files (x86)\HP Games\Zuma Deluxe
uninstall cmd: "C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT074389)
install location: C:\Program Files (x86)\HP Games\Diner Dash
uninstall cmd: "C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT074421)
install location: C:\Program Files (x86)\HP Games\FATE
uninstall cmd: "C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT074441)
install location: C:\Program Files (x86)\HP Games\THE GAME OF LIFE
uninstall cmd: "C:\Program Files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT074442)
install location: C:\Program Files (x86)\HP Games\Virtual Families
uninstall cmd: "C:\Program Files (x86)\HP Games\Virtual Families\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.65 (WT074585)
install location: C:\Program Files (x86)\HP Games\Yahtzee
uninstall cmd: "C:\Program Files (x86)\HP Games\Yahtzee\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
2.2.0.80 (WT075046)
install location: C:\Program Files (x86)\HP Games\StoneLoops of Jurassica
uninstall cmd: "C:\Program Files (x86)\HP Games\StoneLoops of Jurassica\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Yahoo! Software Update (Yahoo! Software Update)
uninstall cmd: C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
(Yahoo! Toolbar)
uninstall cmd: C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Microsoft Office 2000 Professional 9.00.2720 ({00010409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 172688
install date: 20110414
install source: E:\
uninstall cmd: MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files (x86)\Microsoft Office\Office\ofread9.txt 
Steam 1.0.0.0 ({048298C9-A4D3-490B-9FF9-AB023A9238F3})
version: 16777216
version (major): 1
estimated size: 1631
install date: 20120415
install source: C:\Users\tony\Downloads\
uninstall cmd: MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
publisher: Valve Corporation
comments: Steam
help link: http://support.steampowered.com/
HP Customer Experience Enhancements 6.0.1.3 ({07FA4960-B038-49EB-891B-9F95930AA544})
version: 100663297
version (major): 6
estimated size: 261
install date: 20100107
uninstall cmd: MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
publisher: Hewlett-Packard
LWS Pictures And Video 13.31.1038.0 ({08610298-29AE-445B-B37D-EFBE05802967})
version: 220136462
version (major): 13
version (minor): 31
estimated size: 13624
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
publisher: Logitech
({08DB3902-2CE0-474D-BCE3-0177766CE9F1})
CCC Help Dutch 2012.0309.0042.976 ({0A590981-75A9-B968-4A29-718E5A8E1416})
version (major): 2012
version (minor): 309
estimated size: 463
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\nl\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Windows Live Installer 15.4.3502.0922 ({0B0F231F-CE6A-483D-AA23-77B364F75917})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 30940
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\b89e41f61cbe02812\
uninstall cmd: MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
publisher: Microsoft Corporation
Silent Hunter 4 Wolves of the Pacific 1.04.0000 ({0D005F09-A5F4-473B-A901-5735C6AF5628})
version: 17039360
install date: 20101006
install location: C:\Program Files (x86)\Ubisoft\Silent Hunter 4 Wolves of the Pacific
install source: E:\
uninstall cmd: C:\Program Files (x86)\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Ubisoft
CCC Help Chinese Traditional 2012.0309.0042.976 ({0E6B8EA7-4FDF-F730-8F28-05720874BE71})
version (major): 2012
version (minor): 309
estimated size: 483
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\zh-CHT\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Security Update for CAPICOM (KB931906) 2.1.0.2 ({0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 769
install date: 20100320
uninstall cmd: MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
CCC Help Russian 2012.0309.0042.976 ({1003E625-BE5B-390B-7B60-D483D0B75A26})
version (major): 2012
version (minor): 309
estimated size: 587
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\ru\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Application Profiles 2.0.4337.36028 ({10EBB586-D21E-60CA-0856-AA753EBE1F16})
version: 33558769
version (major): 2
estimated size: 357
install date: 20111201
install location: C:\Program Files (x86)\ATI Technologies\Application Profiles\
install source: C:\AMD\AMD_Catalyst_11.11_CAP2\
uninstall cmd: MsiExec.exe /X{10EBB586-D21E-60CA-0856-AA753EBE1F16}
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Men of War (Remove Only) 1.17.5.1 ({137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1)
install date: 20100511
install location: C:\Program Files (x86)\505games\1C\Men of War\
uninstall cmd: "C:\Program Files (x86)\505games\1C\Men of War\unins000.exe"
publisher: 505games
help link: http://www.1cpublishing.eu/support
readme: C:\Program Files (x86)\505games\1C\Men of War\readme.txt
Update 1.11.3.1 for "Men of War" 1.11.3.1 ({137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1)
install date: 140510
uninstall cmd: C:\Program Files (x86)\505games\1C\Men of War\unins000.exe
readme: C:\Program Files (x86)\505games\1C\Men of War\changelog.txt
Update 1.17.5.1 for "Men of War" 1.17.5.1 ({137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.17.5.1)
install date: 140510
uninstall cmd: C:\Program Files (x86)\505games\1C\Men of War\unins000.exe
readme: C:\Program Files (x86)\505games\1C\Men of War\changelog.txt
CameraHelperMsi 13.31.1038.0 ({15634701-BACE-4449-8B25-1567DA8C9FD3})
version: 220136462
version (major): 13
version (minor): 31
estimated size: 2124
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
publisher: Logitech
Microsoft Works 9.7.0621 ({15BC8CD0-A65B-47D0-A2DD-90A824590FA8})
version: 151454317
version (major): 9
version (minor): 7
estimated size: 511877
install date: 20101214
uninstall cmd: MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
publisher: Microsoft Corporation
comments: Microsoft Works installation
help link: http://go.microsoft.com/fwlink/?LinkId=6831
LWS Help_main 13.31.1044.0 ({1651216E-E7AD-4250-92A1-FB8ED61391C9})
version: 220136468
version (major): 13
version (minor): 31
estimated size: 4751
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
publisher: Logitech
CCC Help Polish 2012.0309.0042.976 ({1690611F-D4EA-A00D-DAAD-91D216869679})
version (major): 2012
version (minor): 309
estimated size: 491
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\pl\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
LWS Twitter 13.30.1346.0 ({174A3B31-4C43-43DD-866F-73C9DB887B48})
version: 220071234
version (major): 13
version (minor): 30
estimated size: 1116
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
publisher: Logitech
HP Setup 1.2.3560.3170 ({17B4760F-334B-475D-829F-1A3E94A6A4E6})
version: 16911848
install date: 20100107
install location: C:\Program Files (x86)\Hewlett-Packard\HP Setup
uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe" -l0x9 -removeonly
publisher: Hewlett-Packard
Google Toolbar for Internet Explorer 1.0.0 ({18455581-E099-4BA8-BC6B-F34B2F06600C})
version: 16777216
version (major): 1
estimated size: 29
install date: 20110406
install source: C:\Program Files (x86)\Google\Google Toolbar\
uninstall cmd: MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
publisher: Google Inc.
Windows Live Movie Maker 15.4.3502.0922 ({19BA08F7-C728-469C-8A35-BFBD3633BE08})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 352
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d3e93f9a1ccfae81b\
uninstall cmd: MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
publisher: Microsoft Corporation
({1CC069FA-1A86-402E-9787-3F04E652C67A})
install location: C:\Program Files (x86)\Hewlett-Packard\HP Support Information\
Rapport 3.5.1108.69 ({1DD81E7D-0D28-4CEB-87B2-C041A4FCB215})
version: 50660436
version (major): 3
version (minor): 5
estimated size: 71620
install date: 20120124
uninstall cmd: MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
publisher: Trusteer
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 ({1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
version: 151025673
version (major): 9
estimated size: 596
install date: 20100107
uninstall cmd: MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
publisher: Microsoft Corporation
Junk Mail filter update 15.4.3502.0922 ({1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 3580
install date: 20110311
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\2342c81d1cbe02920\
uninstall cmd: MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
publisher: Microsoft Corporation
CyberLink DVD Suite Deluxe 7.0.2115 ({1FBF6C24-C1FD-4101-A42B-0C564F9E8E79})
version: 117440512
version (major): 7
estimated size: 37032
install date: 20100107
install location: c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
Windows Live SOXE Definitions 15.4.3502.0922 ({200FEC62-3C34-4D60-9CE8-EC372E01C08F})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 104
install date: 20110311
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d0249b6b1cbe02816\
uninstall cmd: MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
publisher: Microsoft Corporation
LWS YouTube Plugin 13.31.1038.0 ({21DF0294-6B9D-4741-AB6F-B2ABFBD2387E})
version: 220136462
version (major): 13
version (minor): 31
estimated size: 1088
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
publisher: Logitech
Google Toolbar for Internet Explorer 7.3.2710.138 ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
install location: C:\Program Files (x86)\Google\Google Toolbar\
uninstall cmd: "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall
publisher: Google Inc.
({26A24AE4-039D-4CA4-87B4-2F83216020FB})
({26A24AE4-039D-4CA4-87B4-2F83216021FB})
({26A24AE4-039D-4CA4-87B4-2F83216022FB})
({26A24AE4-039D-4CA4-87B4-2F83216023FB})
({26A24AE4-039D-4CA4-87B4-2F83216024FB})
({26A24AE4-039D-4CA4-87B4-2F83216026FB})
CCC Help Portuguese 2012.0309.0042.976 ({26EED5E6-EC40-35A9-602A-C3CF03A9C1E6})
version (major): 2012
version (minor): 309
estimated size: 475
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\pt-BR\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
RealUpgrade 1.1 1.1.0 ({28C2DED6-325B-4CC7-983A-1777C8F7FBAB})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 809
install date: 20111204
uninstall cmd: MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
publisher: RealNetworks, Inc.
Windows Live Mesh ActiveX Control for Remote Connections 15.4.5722.2 ({2902F983-B4C1-44BA-B85D-5C6D52E2C441})
version: 251926106
version (major): 15
version (minor): 4
estimated size: 5708
install date: 20120424
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\246bae1d1cd221e01\
uninstall cmd: MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
publisher: Microsoft Corporation
Windows Live Messenger 15.4.3538.0513 ({2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24})
version: 251923922
version (major): 15
version (minor): 4
estimated size: 17864
install date: 20120424
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\68b16ab71cd11bf0e\
uninstall cmd: MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
publisher: Microsoft Corporation
CCC Help Italian 2012.0309.0042.976 ({2C33E65D-9187-8F2E-40D8-BD9E24E341FB})
version (major): 2012
version (minor): 309
estimated size: 471
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\it\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Movie Theme Pack for HP MediaSmart Video 3.1.3310 ({3023EBDA-BF1B-4831-B347-E5018555F26E})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 340208
install date: 20100107
install location: c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media Movie Theme Pack\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe" /z-uninstall
publisher: Hewlett-Packard
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
Windows Live Photo Gallery 15.4.3502.0922 ({3336F667-9049-4D46-98B6-4C743EEBC5B1})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 93904
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a5ca17e1ccfae810\
uninstall cmd: MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
publisher: Microsoft Corporation
Windows Live Photo Gallery 15.4.3502.0922 ({34F4D9A4-42C2-4348-BEF4-E553C84549E7})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 12268
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\bcfd9f971ccfae819\
uninstall cmd: MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
publisher: Microsoft Corporation
Catalyst Control Center Graphics Previews Common 2012.0309.43.976 ({36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA})
version (major): 2012
version (minor): 309
estimated size: 3540
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Graphics-Previews-Common\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
CCC Help Turkish 2012.0309.0042.976 ({38F6C932-2274-4897-479D-03AA6BA5B567})
version (major): 2012
version (minor): 309
estimated size: 479
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\tr\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
CCC Help Swedish 2012.0309.0042.976 ({3AB00888-CA03-0BFD-3F3C-C877767192B0})
version (major): 2012
version (minor): 309
estimated size: 459
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\sv\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Battlefield: Bad Company 2 1.0.0.0 ({3AC8457C-0385-4BEA-A959-E095F05D6D67})
version: 16777216
version (major): 1
estimated size: 6009416
install date: 20120416
install location: C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\
install source: E:\
uninstall cmd: MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
publisher: Electronic Arts
help link: C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\Support\\EA Help\\Electronic_Arts_Technical_Support.htm
readme: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Battlefield Bad Company 2\Read Me.lnk
CCC Help Thai 2012.0309.0042.976 ({3ACA2563-E786-BDD4-C87B-09909BB3F61C})
version (major): 2012
version (minor): 309
estimated size: 559
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\th\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
CCC Help Danish 2012.0309.0042.976 ({3BC2C64B-0DA0-974B-6311-AED4F3711DCE})
version (major): 2012
version (minor): 309
estimated size: 467
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\da\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Intel(R) Rapid Storage Technology 9.5.0.1037 ({3E29EE6C-963A-4aae-86C1-DC237C4A49FC})
version (major): 9
version (minor): 5
install location: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology
uninstall cmd: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
publisher: Intel Corporation
erLT 1.20.138.34 ({3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C})
version: 18088074
version (major): 1
version (minor): 20
estimated size: 492
install date: 20120221
install location: C:\Program Files (x86)\Logitech\Ereg\
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\Ereg\LT\
uninstall cmd: MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
publisher: Logitech, Inc.
comments: Logitech Registration
FixCleaner 2.0.4419 ({3F2268B0-B60D-4678-BF33-E1CD21FCCF82})
version: 33558851
version (major): 2
estimated size: 46889
install date: 20120424
install source: C:\Users\Public\Documents\Downloaded Installers\{3F2268B0-B60D-4678-BF33-E1CD21FCCF82}\
uninstall cmd: MsiExec.exe /X{3F2268B0-B60D-4678-BF33-E1CD21FCCF82}
publisher: Slimware Utilities, Inc.
HP Advisor 3.3.9512.3162 ({40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B})
version: 50537768
version (major): 3
version (minor): 3
estimated size: 50953
install date: 20100107
install location: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\
uninstall cmd: MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
publisher: Hewlett-Packard
contact: Hewlett Packard Technical Support
help link: http://www.hp.com/cgi-bin/hpsupport/index.pl
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) 3.5.30730.0 ({41785C66-90F2-40CE-8CB5-1C94BFC97280})
version: 50690058
version (major): 3
version (minor): 5
estimated size: 10634
install date: 20120424
install source: c:\5c392992d13f303fca1990331d\
uninstall cmd: MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/2500170
A.V.A 24.18.03866 ({42AF51C0-4028-46CF-B616-FB1F75286457})
version: 403836698
install date: 20100415
install location: C:\ijji\ENGLISH\AVA
install source: C:\Downloads\Software\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{42AF51C0-4028-46CF-B616-FB1F75286457}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: A.V.A
Bing Bar 7.0.619.0 ({449CE12D-E2C7-4B97-B19E-55D163EA9435})
version: 117441131
version (major): 7
estimated size: 24868
install date: 20120403
install source: C:\Program Files (x86)\Microsoft\BingBar\Installers\BingBar7.0.619\
uninstall cmd: MsiExec.exe /X{449CE12D-E2C7-4B97-B19E-55D163EA9435}
publisher: Microsoft Corporation
Recovery Manager 5.5.2216 ({44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5})
version: 87162880
version (major): 5
version (minor): 50
estimated size: 54872
install date: 20100107
install location: C:\Program Files (x86)\Hewlett-Packard\Recovery\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
HiJackThis 1.0.0 ({45A66726-69BC-466B-A7A4-12FCBA4883D7})
version: 16777216
version (major): 1
estimated size: 369
install date: 20120404
install source: C:\Downloads\desktop\
uninstall cmd: MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
publisher: Trend Micro
({495A8A3C-8FD0-4C46-9979-95C26181A1AB})
Java Auto Updater 2.0.5.1 ({4A03706F-666A-4037-7777-5F2748764D10})
version: 33554437
version (major): 2
estimated size: 1226
install date: 20110705
install source: C:\Users\tony\AppData\LocalLow\Sun\Java\AU\
publisher: Sun Microsystems, Inc.
AVG PC Tuneup 10.0.0.27 ({50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1)
estimated size: 43462
install date: 20120403
install location: C:\Program Files (x86)\AVG\AVG PC Tuneup\
uninstall cmd: "C:\Program Files (x86)\AVG\AVG PC Tuneup\unins000.exe"
publisher: AVG
contact: [email protected]
help link: http://www.avg.com/support
Messenger Companion 15.4.3502.0922 ({50816F92-1652-4A7C-B9BC-48F682742C4B})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 104
install date: 20120424
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\abfe622a1cd11bf11\
uninstall cmd: MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
publisher: Microsoft Corporation
Windows Live UX Platform Language Pack 15.4.3508.1109 ({579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4})
version: 251923892
version (major): 15
version (minor): 4
estimated size: 164
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d6057f101cbe02931\
uninstall cmd: MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
publisher: Microsoft Corporation
({582876EC-A178-44D4-9823-C10D6C62EAFF})
uninstall cmd: MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
CCC Help Spanish 2012.0309.0042.976 ({5BAC4DE5-4062-EE34-3337-5F92FE5D5032})
version (major): 2012
version (minor): 309
estimated size: 475
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\es\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
BearShare 9.0.0.94309 ({5F624839-947D-46EA-BD63-FD847C1AC6F1})
version: 150994944
version (major): 9
estimated size: 44181
install date: 20101115
publisher: Musiclab, LLC
Windows Live SOXE 15.4.3502.0922 ({682B3E4F-696A-42DE-A41C-4C07EA1678B4})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 892
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d35513691cbe02817\
uninstall cmd: MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
publisher: Microsoft Corporation
Apple Application Support 2.0.1 ({6A3F9D74-BB80-4451-8CA1-4B3A857F1359})
version: 33554433
version (major): 2
estimated size: 61603
install date: 20110807
install location: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\
install source: C:\Users\tony\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Hewlett-Packard ACLM.NET v1.1.1.0 1.00.0000 ({6F340107-F9AA-47C6-B54C-C3A19F11553F})
version: 16777216
version (major): 1
estimated size: 1931
install date: 20110927
install location: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\
install source: C:\Users\tony\AppData\Local\Temp\
uninstall cmd: MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
publisher: Hewlett-Packard
calibre 0.8.43 ({6F3DFFAB-6DDA-42DA-A22C-F45C697B7812})
version: 524331
version (minor): 8
estimated size: 126532
install date: 20120406
install source: C:\Users\tony\Desktop\
uninstall cmd: MsiExec.exe /I{6F3DFFAB-6DDA-42DA-A22C-F45C697B7812}
publisher: Kovid Goyal
LWS Gallery 13.31.1038.0 ({6F76EC3C-34B1-436E-97FB-48C58D7BEDCD})
version: 220136462
version (major): 13
version (minor): 31
estimated size: 4304
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
publisher: Logitech
Microsoft Visual C++ 2005 Redistributable 8.0.61001 ({710f4c1c-cc18-4c49-8cbf-51240c89a1a2})
version: 134278729
version (major): 8
estimated size: 300
install date: 20110614
uninstall cmd: MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
publisher: Microsoft Corporation
LWS Motion Detection 13.30.1395.0 ({71E66D3F-A009-44AB-8784-75E2819BA4BA})
version: 220071283
version (major): 13
version (minor): 30
estimated size: 13472
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
publisher: Logitech
({741CFE3A-1C0B-4A7D-8E08-5D78C911C09D})
Samsung Kies 2.0.0.11044_11 ({758C8301-2696-4855-AF45-534B1200980A})
version: 33554432
version (major): 2
estimated size: 185652
install date: 20111012
install location: C:\Program Files (x86)\Samsung\Kies\
install source: C:\Users\tony\AppData\Local\Downloaded Installations\{3EC8F441-7A39-4DCB-AA0F-7B9D44C55530}\
uninstall cmd: MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
publisher: Samsung Electronics Co., Ltd.
Battlefield 3 1.0.0.0 ({77033683-0816-4D7D-8BF1-3949B4E9823D})
install location: C:\Program Files (x86)\Electronic Arts\Battlefield 3\
uninstall cmd: "C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging
publisher: Electronic Arts
help link: C:\Program Files (x86)\Electronic Arts\Battlefield 3\Support\EA Help\Electronic_Arts_Technical_Support.htm
readme: C:\Program Files (x86)\Electronic Arts\Battlefield 3\Support\Read Me.lnk
RealNetworks - Microsoft Visual C++ 2008 Runtime 9.0 ({7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA})
version: 150994944
version (major): 9
estimated size: 1380
install date: 20111204
uninstall cmd: MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
publisher: RealNetworks, Inc
comments: Copyright (C) Microsoft Corporation, All rights reserved.
contact: Microsoft Corporation
Acrobat.com 0.0.0 ({77DCDCE3-2DED-62F3-8154-05E745472D07})
estimated size: 1621
install date: 20100511
uninstall cmd: MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
publisher: Adobe Systems Incorporated
Windows Live Messenger Companion Core 15.4.3502.0922 ({78A96B4C-A643-4D0F-98C2-A8E16A6669F9})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 8248
install date: 20120424
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\3e778e1e1cd11bf0c\
uninstall cmd: MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
publisher: Microsoft Corporation
CCC Help Korean 2012.0309.0042.976 ({7ADCABE0-E651-6EA5-5128-26E203DAA5E1})
version (major): 2012
version (minor): 309
estimated size: 503
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\ko\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
HP Photosmart Plus B210 series Help 140.0.54.54 ({7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40})
version (major): 140
estimated size: 10400
install date: 20110822
install source: E:\Required\
uninstall cmd: MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}
publisher: Hewlett Packard
Microsoft Visual C++ 2005 Redistributable 8.0.59193 ({837b34e3-7c30-493c-8f6a-2b0f04e2912c})
version: 134276921
version (major): 8
estimated size: 2682
install date: 20120416
install source: E:\Redistributable\x86\
uninstall cmd: MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
publisher: Microsoft Corporation
Windows Live PIMT Platform 15.4.3508.1109 ({83C292B7-38A5-440B-A731-07070E81A64F})
version: 251923892
version (major): 15
version (minor): 4
estimated size: 7832
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\e48402641cbe0281b\
uninstall cmd: MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
publisher: Microsoft Corporation
LWS Launcher 13.31.1038.0 ({83C8FA3C-F4EA-46C4-8392-D3CE353738D6})
version: 220136462
version (major): 13
version (minor): 31
estimated size: 3084
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
publisher: Logitech
HPDiagnosticAlert 1.00.0000 ({846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE})
version: 16777216
version (major): 1
estimated size: 421
install date: 20110823
uninstall cmd: MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
publisher: Microsoft
MSXML 4.0 SP2 (KB954430) 4.20.9870.0 ({86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
version: 68429454
version (major): 4
version (minor): 20
estimated size: 1307
install date: 20100320
uninstall cmd: MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/954430
LWS Webcam Software 13.31.1038.0 ({8937D274-C281-42E4-8CDB-A0B2DF979189})
version: 220136462
version (major): 13
version (minor): 31
estimated size: 32268
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
publisher: Logitech
Microsoft Silverlight 5.0.61118.0 ({89F4137D-6C26-4A84-BDB8-2E5A4BB71E00})
version: 83947198
version (major): 5
estimated size: 215443
install date: 20120423
install location: c:\Program Files (x86)\Microsoft Silverlight\
install source: c:\f96a48fe31a43b31878e\
uninstall cmd: MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkID=91955
The Lord of the Rings FREE Trial 1.00.0000 ({8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3})
version: 16777216
version (major): 1
estimated size: 715
install date: 20100325
install location: C:\Program Files (x86)\ATI\CustomerCare\Turbine\
install source: C:\ATI\Support\10-3_vista64_win7_64_dd_ccc_wdm_enu\Packages\Apps\Turbine\
uninstall cmd: MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
publisher: ATI Technologies Inc.
contact: From online registration through personal assistance, ATI Customer Care is focused on delivering accurate, up-to-date product support for optimum usability and performance.
help link: http://www.ati.com/support
Mesh Runtime 15.4.5722.2 ({8C6D6116-B724-4810-8F2D-D047E6B7D68E})
version: 251926106
version (major): 15
version (minor): 4
estimated size: 29776
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\2ebbee3e1cd11bf0a\
uninstall cmd: MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
publisher: Microsoft Corporation
MSVCRT 15.4.2862.0708 ({8DD46C6A-0056-4FEC-B70A-28BB16A1F11F})
version: 251923246
version (major): 15
version (minor): 4
estimated size: 4572
install date: 20110311
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\c8b1ed301cbe02814\
uninstall cmd: MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
publisher: Microsoft
CCC Help French 2012.0309.0042.976 ({8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4})
version (major): 2012
version (minor): 309
estimated size: 483
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\fr\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Compatibility Pack for the 2007 Office system 12.0.6425.1000 ({90120000-0020-0409-0000-0000000FF1CE})
version: 201333017
version (major): 12
estimated size: 168338
install date: 20110614
uninstall cmd: MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
REACTOR 1.00.0000 ({901DC58A-5C1B-4315-BA40-5AD3D3A463B9})
version: 16777216
install date: 20120103
install location: C:\Program Files (x86)\ijji\ijji REACTOR
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: ijji
Windows Live Movie Maker 15.4.3502.0922 ({92EA4134-10D1-418A-91E1-5A0453131A38})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 30644
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\4d3ed2a11ccfae812\
uninstall cmd: MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
publisher: Microsoft Corporation
Microsoft Office PowerPoint Viewer 2007 (English) 12.0.6425.1000 ({95120000-00AF-0409-0000-0000000FF1CE})
version: 201333017
version (major): 12
estimated size: 128240
install date: 20110614
uninstall cmd: MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
publisher: Microsoft Corporation
help link: http://support.microsoft.com
Silent Hunter III 1.00.0000 ({9720C029-0C2C-4D1E-9DE0-E89971C4C8C7})
version: 16777216
version (major): 1
estimated size: 2556966
install date: 20101017
install location: C:\Program Files (x86)\Ubisoft\SilentHunterIII\
install source: E:\
publisher: Ubisoft
comments: 
contact: Customer Support Department
help link: http://support.ubi.com/
help telephone: 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 ({9A25302D-30C0-39D9-BD6F-21E6EC160475})
version: 151025673
version (major): 9
estimated size: 596
install date: 20100107
uninstall cmd: MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
publisher: Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 ({9BE518E6-ECC6-35A9-88E4-87755C07200F})
version: 151025673
version (major): 9
estimated size: 600
install date: 20110614
uninstall cmd: MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
publisher: Microsoft Corporation
Internet TV for Windows Media Center 4.2.2.0 ({9D318C86-AF4C-409F-A6AC-7183FF4CF424})
version: 67239938
version (major): 4
version (minor): 2
estimated size: 14009
install date: 20100711
uninstall cmd: MsiExec.exe /X{9D318C86-AF4C-409F-A6AC-7183FF4CF424}
publisher: Microsoft Corporation
Windows Live Mail 15.4.3502.0922 ({9D56775A-93F3-44A3-8092-840E3826DE30})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 55605
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\348be63a1cbe02922\
uninstall cmd: MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
publisher: Microsoft Corporation
LWS WLM Plugin 1.30.1201.0 ({9DAEA76B-E50F-4272-A595-0124E826553D})
version: 18744497
version (major): 1
version (minor): 30
estimated size: 144
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
publisher: Logitech
System Requirements Lab 4.1.71.0 ({9E1BAB75-EB78-440D-94C0-A3857BE2E733})
version: 67174471
version (major): 4
version (minor): 1
estimated size: 619
install date: 20100602
uninstall cmd: MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
publisher: Husdawg, LLC
Windows Live Mesh 15.4.3502.0922 ({A0C91188-C88F-4E86-93E6-CD7C9A266649})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 136
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\dc8eff591ccfae81d\
uninstall cmd: MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
publisher: Microsoft Corporation
Adobe AIR 1.5.3.9130 ({A2BCA9F1-566C-4805-97D1-7FDC93386723})
version: 17104899
version (major): 1
version (minor): 5
estimated size: 31403
install date: 20100325
install location: c:\Program Files (x86)\Common Files\Adobe AIR\
uninstall cmd: MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
publisher: Adobe Systems Inc.
RunAlyzer 1.6.1.24 ({A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1)
install date: 20120407
install location: C:\desktop\RunAlyzer\
uninstall cmd: "C:\desktop\RunAlyzer\unins000.exe"
publisher: Safer Networking Limited
help link: http://forums.spybot.info/forumdisplay.php?f=8
Windows Live Writer 15.4.3502.0922 ({A726AE06-AAA3-43D1-87E3-70F510314F04})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 1920
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a70e38881cbe0292a\
uninstall cmd: MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
publisher: Microsoft Corporation
Google Update Helper 1.3.21.111 ({A92DAB39-4E2C-4304-9AB6-BC44E68B55E2})
version: 16973845
version (major): 1
version (minor): 3
estimated size: 29
install date: 20120327
install source: C:\Program Files (x86)\Google\Update\1.3.21.111\
uninstall cmd: MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
publisher: Google Inc.
Windows Live Photo Common 15.4.3502.0922 ({A9BDCA6B-3653-467B-AC83-94367DA3BFE3})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 33372
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ed6081c91cbe0281c\
uninstall cmd: MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
publisher: Microsoft Corporation
Windows Live Writer 15.4.3502.0922 ({AAAFC670-569B-4A2F-82B4-42945E0DE3EF})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 32344
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\4b9ffda21cbe02924\
uninstall cmd: MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
publisher: Microsoft Corporation
Windows Live Writer 15.4.3502.0922 ({AAF454FC-82CA-4F29-AB31-6A109485E76E})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 124
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\2d090c541cbe02a40\
uninstall cmd: MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
publisher: Microsoft Corporation
Adobe Reader 9.5.1 9.5.1 ({AC76BA86-7AD7-1033-7B44-A95000000001})
version: 151322625
version (major): 9
version (minor): 5
estimated size: 105779
install date: 20120414
install source: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}
publisher: Adobe Systems Incorporated
comments: 
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: C:\Program Files (x86)\Adobe\Reader 9.0\Readme.htm
ABBYY FineReader 6.0 Sprint 6.00.2201.41622 ({ACF60000-22B9-4CE9-98D6-2CCF359BAC07})
version: 100665497
version (major): 6
estimated size: 118962
install date: 20100318
install location: C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\
install source: E:\OCR\Abbyy\
uninstall cmd: MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
publisher: ABBYY Software House
contact: [email protected]
help link: http://www.abbyy.com/support
CCC Help German 2012.0309.0042.976 ({AFC71277-DE19-6505-8CBC-71D29163F44A})
version (major): 2012
version (minor): 309
estimated size: 491
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\de\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
HP Update 5.002.006.003 ({B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE})
version: 84017158
version (major): 5
version (minor): 2
estimated size: 2571
install date: 20110822
install location: C:\Program Files (x86)\HP\HP Software Update
install source: E:\Optional\
uninstall cmd: MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
publisher: Hewlett-Packard
contact: http://www.hp.com/support
HP MediaSmart Music/Photo/Video 3.1.3601 ({B2EE25B9-5B00-4ACF-94F0-92433C28C39E})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 321976
install date: 20100320
install location: c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
publisher: Hewlett-Packard
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
CCC Help English 2012.0309.0042.976 ({B3406262-5701-E9CC-D6B3-BA38C34125A9})
version (major): 2012
version (minor): 309
estimated size: 463
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\en-us\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Spybot - Search & Destroy 1.6.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20120407
install location: C:\Program Files (x86)\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support
HP MAINSTREAM KEYBOARD 1.4.3.0 ({B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D})
version: 16973824
install date: 20100107
install location: C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD
uninstall cmd: C:\Program Files (x86)\InstallShield Installation Information\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Hewlett-Packard
({B60DCA15-56A3-4D2D-8747-22CF7D7B588B})
Skype Click to Call 5.9.9216 ({B6CF2967-C81E-40C0-9815-C05774FEF120})
version: 84485120
version (major): 5
version (minor): 9
estimated size: 10268
install date: 20120422
install source: C:\ProgramData\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\
uninstall cmd: MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
publisher: Skype Technologies S.A.
help link: https://support.skype.com/category/SKYPE_TOOLBARS/
HP Odometer 2.10.0000 ({B8AC1A89-FFD1-4F97-8051-E505A160F562})
version: 34209792
version (major): 2
version (minor): 10
estimated size: 48
install date: 20100107
install location: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\
publisher: Hewlett-Packard
contact: Hewlett-Packard Company
HP Support Information 10.1.0002 ({B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA})
version: 167837698
version (major): 10
version (minor): 1
estimated size: 160
install date: 20100107
publisher: Hewlett-Packard
contact: Hewlett-Packard Company
exPressit SE 3.10.0000 ({BB42C935-456E-4A6C-B357-FDEE7A59FE21})
version: 50987008
version (major): 3
version (minor): 10
estimated size: 99637
install date: 20120401
install location: C:\Program Files (x86)\Medea International Ltd\exPressitSE3.1\
install source: C:\Users\tony\AppData\Local\Temp\_isB864\
uninstall cmd: MsiExec.exe /I{BB42C935-456E-4A6C-B357-FDEE7A59FE21}
publisher: Medea International Ltd
({BB8B979E-E336-47E7-96BC-1031C1B94561})
Catalyst Control Center - Branding 1.00.0000 ({BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5})
version: 16777216
version (major): 1
estimated size: 849
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Branding\
uninstall cmd: MsiExec.exe /I{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Catalyst Control Center InstallProxy 2009.1201.2247.40849 ({C3DF1C57-780A-DB9C-F30A-68EB45526761})
version (major): 2009
version (minor): 1201
estimated size: 33
install date: 20100107
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\HP\DRIVERS\ATI_GRAPHICS_EVORA\PACKAGES\APPS\CCC\MOM-InstallProxy\
publisher: ATI Technologies, Inc.
LabelPrint 2.5.2017 ({C59C179C-668D-49A9-B6EA-0121CCFC1243})
version: 36831232
version (major): 2
version (minor): 5
estimated size: 236168
install date: 20100107
install location: c:\Program Files (x86)\CyberLink\LabelPrint\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
CCC Help Czech 2012.0309.0042.976 ({C5B6078F-5D37-A122-2E6E-EDC623E8C787})
version (major): 2012
version (minor): 309
estimated size: 495
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\cs\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
({C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B})
HP Remote Solution 1.1.12.0 ({C611CF88-969D-43E6-A877-D6D6439DD081})
version: 16842764
version (major): 1
version (minor): 1
estimated size: 1279
install date: 20100107
install location: C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution
uninstall cmd: C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}\HP_Remote_Solution_Install.exe
publisher: Hewlett-Packard
Windows Live Mail 15.4.3502.0922 ({C66824E4-CBB3-4851-BB3F-E8CFD6350923})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 13044
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\11d1b0921cbe02a3a\
uninstall cmd: MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
publisher: Microsoft Corporation
CCC Help Finnish 2012.0309.0042.976 ({C7068E1F-22C6-9408-7B24-584F32F66D70})
version (major): 2012
version (minor): 309
estimated size: 459
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\fi\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
CCC Help Greek 2012.0309.0042.976 ({C87B855D-DD8F-E419-C640-34936E813EA9})
version (major): 2012
version (minor): 309
estimated size: 607
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\el\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
QuickTime 7.70.80.34 ({C9E14402-3631-4182-B377-6B0DFB1C0339})
version: 122028112
version (major): 7
version (minor): 70
estimated size: 74770
install date: 20110925
install location: C:\Program Files (x86)\QuickTime\
install source: C:\Users\tony\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{C9E14402-3631-4182-B377-6B0DFB1C0339}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
HP Support Assistant 6.0.5.4 ({CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226})
version: 100663301
version (major): 6
estimated size: 69138
install date: 20110927
install location: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\
install source: C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\
publisher: Hewlett-Packard Company
HP Product Detection 9.7.3 ({CAE7D1D9-3794-4169-B4DD-964ADBC534EE})
version: 151453699
version (major): 9
version (minor): 7
estimated size: 911
install date: 20100411
install location: C:\Program Files (x86)\HP\Common\
install source: C:\Windows\Downloaded Installations\{6E57C195-FF3C-4651-A776-1E9185B1D0FE}\
uninstall cmd: MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
publisher: Hewlett-Packard Company
PowerDirector 7.0.3405 ({CB099890-1D5F-11D5-9EA9-0050BAE317E1})
version: 117440512
version (major): 7
estimated size: 534920
install date: 20100107
install location: c:\Program Files (x86)\CyberLink\PowerDirector\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
HydraVision 4.2.128.0 ({CBAB2393-4F5F-CBC3-80E0-167B8B7C5437})
version: 67240064
version (major): 4
version (minor): 2
estimated size: 5319
install date: 20100107
install location: C:\Program Files (x86)\ATI Technologies\HydraVision\
install source: C:\HP\DRIVERS\ATI_GRAPHICS_EVORA\PACKAGES\APPS\HydraVision\
uninstall cmd: MsiExec.exe /X{CBAB2393-4F5F-CBC3-80E0-167B8B7C5437}
publisher: ATI Technologies Inc.
contact: From online registration through personal assistance, ATI Customer Care is focused on delivering accurate, up-to-date product support for optimum usability and performance.
help link: http://www.ati.com/support
Catalyst Control Center InstallProxy 2012.0309.43.976 ({CC2BAF9A-926F-791D-772C-F582CD8A47B0})
version (major): 2012
version (minor): 309
estimated size: 281
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\MOM-InstallProxy\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
LightScribe System Software 1.18.8.1 ({CC8E94A2-55C7-4460-953C-2A790180578C})
version: 17956872
version (major): 1
version (minor): 18
estimated size: 24565
install date: 20100107
install location: c:\Program Files (x86)\Common Files\LightScribe\
install source: c:\hp\bin\LSS\
uninstall cmd: MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}
publisher: LightScribe
comments: LightScribe System Software
CCC Help Norwegian 2012.0309.0042.976 ({CE1CA06F-0AD8-CA2A-3A3A-872E8191C198})
version (major): 2012
version (minor): 309
estimated size: 459
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\no\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Windows Live UX Platform 15.4.3502.0922 ({CE95A79E-E4FC-4FFF-8A75-29F04B942FF2})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 40332
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a161b3291cbe02810\
uninstall cmd: MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
publisher: Microsoft Corporation
CCC Help Chinese Standard 2012.0309.0042.976 ({CECECCED-B7F3-B1A3-3241-0C5D775F8E70})
version (major): 2012
version (minor): 309
estimated size: 475
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\zh-CHS\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
MSVCRT_amd64 15.4.2862.0708 ({D0B44725-3666-492D-BEF6-587A14BD9BD9})
version: 251923246
version (major): 15
version (minor): 4
estimated size: 3648
install date: 20110311
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\272365ef1cbe02921\
uninstall cmd: MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
publisher: Microsoft
CCC Help Hungarian 2012.0309.0042.976 ({D3CEF909-78DC-9D3D-37BD-52F5324C01DA})
version (major): 2012
version (minor): 309
estimated size: 499
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\hu\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Logitech Webcam Software 2.31 ({D40EB009-0499-459c-A8AF-C9C110766215})
uninstall cmd: "C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=ENU /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"
publisher: Logitech Inc.
Windows Live Photo Common 15.4.3502.0922 ({D436F577-1695-4D2F-8B44-AC76C99E0002})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 4416
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\e2a3aa641cbe02934\
uninstall cmd: MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
publisher: Microsoft Corporation
Windows Live Communications Platform 15.4.3502.0922 ({D45240D3-B6B3-4FF9-B243-54ECE3E10066})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 14188
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\db4d0eb41cbe02819\
uninstall cmd: MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
publisher: Microsoft Corporation
({D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47})
install location: C:\Program Files (x86)\Samsung\Kies\
SkyPlayer for Windows Media Center 4.4.2.0 ({D7B31233-EE2B-4911-AA3F-2A8C28843D3B})
version: 67371010
version (major): 4
version (minor): 4
estimated size: 15125
install date: 20100711
uninstall cmd: MsiExec.exe /X{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}
publisher: Microsoft Corporation
GoToAssist Corporate 9.0.570 ({DAB5C521-80B2-48C3-B0DA-326A1B331F55})
version: 150995514
version (major): 9
estimated size: 1460
install date: 20110901
install source: E:\GoToAssist\
uninstall cmd: MsiExec.exe /I{DAB5C521-80B2-48C3-B0DA-326A1B331F55}
publisher: Citrix
contact: Citrix Online, LLC
HP MediaSmart DVD 3.1.3317 ({DCCAD079-F92C-44DA-B258-624FC6517A5A})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 99068
install date: 20100107
install location: c:\Program Files (x86)\Hewlett-Packard\Media\DVD\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
publisher: Hewlett-Packard
 help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
Windows Live Writer Resources 15.4.3502.0922 ({DDC8BDEE-DCAC-404D-8257-3E8D4B782467})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 11724
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\80bea521cbe02a38\
uninstall cmd: MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
publisher: Microsoft Corporation
Windows Live Mesh 15.4.3502.0922 ({DECDCB7C-58CC-4865-91AF-627F9798FE48})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 17516
install date: 20120403
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\7ee0b7701ccfae816\
uninstall cmd: MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
publisher: Microsoft Corporation
D3DX10 15.4.2368.0902 ({E09C4DB7-630C-4F06-A631-8EA7239923AF})
version: 251922752
version (major): 15
version (minor): 4
estimated size: 2232
install date: 20110311
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\cd3468951cbe02815\
uninstall cmd: MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
publisher: Microsoft
NVIDIA PhysX 9.09.1112 ({E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6})
version: 151585880
version (major): 9
version (minor): 9
estimated size: 91810
install date: 20111216
install location: C:\Users\tony\AppData\Local\Temp\
install source: C:\Program Files (x86)\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
publisher: NVIDIA Corporation
comments: PhysX Driver & Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1/3/4; 2.6.0/1/2/3/4; 2.7.0/1/2/3/4/5/6; 2.8.0/1/2/3/3
help link: www.NVIDIA.com
Windows Live Messenger 15.4.3538.0513 ({E5B21F11-6933-4E0B-A25C-7963E3C07D11})
version: 251923922
version (major): 15
version (minor): 4
estimated size: 52448
install date: 20120424
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\b07e1cc01cd11be08\
uninstall cmd: MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
publisher: Microsoft Corporation
DirectX for Managed Code Update (Summer 2004) 9.02.2904 ({E9E34215-82EF-4909-BE2F-F581F0DC9062})
version: 151128920
version (major): 9
version (minor): 2
estimated size: 9310
install date: 20100107
publisher: Microsoft
Skype 5.8 5.8.158 ({EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8})
version: 84410526
version (major): 5
version (minor): 8
estimated size: 19488
install date: 20120422
install location: C:\Program Files (x86)\Skype\
install source: C:\ProgramData\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\
uninstall cmd: MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/5.8.0.158/en/help
LWS Video Mask Maker 13.30.1379.0 ({EED027B7-0DB6-404B-8F45-6DFEE34A0441})
version: 220071267
version (major): 13
version (minor): 30
estimated size: 16853
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{EED027B7-0DB6-404B-8F45-6DFEE34A0441}
publisher: Logitech
Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000 ({F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 1740
install date: 20120305
install location: C:\Program Files (x86)\Microsoft SQL Server Compact Edition\
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\f42a8d971ccfae70f\
uninstall cmd: MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/sql/everywhere
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 ({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
version: 167812379
version (major): 10
estimated size: 11394
install date: 20111028
uninstall cmd: MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
publisher: Microsoft Corporation
comments: Caution. Removing this product might prevent some applications from running.
help link: http://go.microsoft.com/fwlink/?LinkId=146008
Realtek High Definition Audio Driver 6.0.1.5938 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 39190528
install date: 20100107
install location: C:\Program Files\Realtek\Audio\HDA
install source: c:\hp\drivers\Realtek_HDAudio\
uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
publisher: Realtek Semiconductor Corp.
CCC Help Japanese 2012.0309.0042.976 ({F1EA61A2-B88F-44AD-3143-419ECB6C7E9A})
version (major): 2012
version (minor): 309
estimated size: 523
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Help\ja\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2160841.
help link: http://support.microsoft.com/kb/2160841
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2446708.
help link: http://support.microsoft.com/kb/2446708
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2461678)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B6E073B9-F238-379A-AA45-D323CD308DAE} /parameterfolder Client
publisher: Microsoft Corporation
comments: This hotfix is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this hotfix will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2461678.
help link: http://support.microsoft.com/kb/2461678
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2468871.
help link: http://support.microsoft.com/kb/2468871
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2478663.
help link: http://support.microsoft.com/kb/2478663
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2518870.
help link: http://support.microsoft.com/kb/2518870
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2533523.
help link: http://support.microsoft.com/kb/2533523
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2572078.
help link: http://support.microsoft.com/kb/2572078
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2600217.
help link: http://support.microsoft.com/kb/2600217
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2633870.
help link: http://support.microsoft.com/kb/2633870
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2656351.
help link: http://support.microsoft.com/kb/2656351
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.microsoft.com/kb/2656368.
help link: http://support.microsoft.com/kb/2656368
Catalyst Control Center 2012.0309.43.976 ({F6567C5A-C3EA-2E05-E89E-C8C52E33150D})
version (major): 2012
version (minor): 309
estimated size: 46137
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Core-Static\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
MSXML 4.0 SP2 (KB973688) 4.20.9876.0 ({F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
version: 68429460
version (major): 4
version (minor): 20
estimated size: 1367
install date: 20100320
uninstall cmd: MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/973688
DVD Menu Pack for HP MediaSmart Video 3.1.3224 ({FB4BB287-37F9-4E27-9C4D-2D3882E08EFF})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 102904
install date: 20100107
install location: c:\Program Files (x86)\Hewlett-Packard\TouchSmart\DVD Menu Pack\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe" /z-uninstall
publisher: Hewlett-Packard
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
Visual Studio 2008 x64 Redistributables 10.0.0.2 ({FCDBEA60-79F0-4FAE-BBA8-55A26C609A49})
version: 167772160
version (major): 10
estimated size: 8344
install date: 20120126
install source: C:\ProgramData\MFAData\pack\
uninstall cmd: MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
publisher: AVG Technologies
Catalyst Control Center Localization All 2012.0309.43.976 ({FE54AF33-9364-7053-670F-A15AD658214C})
version (major): 2012
version (minor): 309
estimated size: 3483
install date: 20120416
install location: C:\Program Files (x86)\ATI Technologies\
install source: C:\AMD\Support\12-3_vista_win7_64_dd_ccc\Packages\Apps\CCC2\Localisation\All\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
LWS Facebook 13.31.1038.0 ({FF167195-9EE4-46C0-8CD7-FBA3457E88AB})
version: 220136462
version (major): 13
version (minor): 31
estimated size: 1568
install date: 20120221
install source: C:\Users\tony\AppData\Local\Temp\Logitech_Webcam_2.31.1044.0\LWS\
uninstall cmd: MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
publisher: Logitech
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 9.0.21022 ({FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4})
version: 151015966
version (major): 9
estimated size: 1452
install date: 20111216
uninstall cmd: MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
publisher: Microsoft Corporation

--- System Services ---
Service (registry key): !SASCORE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SAS Core Service
Description: SUPERAntiSpyware Core Service
Object name: LocalSystem
Image path: "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
Image size: 140672
Image MD5: 7D9D615201A483D6FA99491C2E655A5A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): 1394ohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller
Image path: \SystemRoot\system32\drivers\1394ohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\drivers\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): AcpiPmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ACPI Power Meter Driver
Image path: \SystemRoot\system32\drivers\acpipmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AdobeFlashPlayerUpdateSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adobe Flash Player Update Service
Description: This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
Object name: LocalSystem
Image path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Image size: 253088
Image MD5: 459AC130C6AB892B1CD5D7544626EFC5
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\afd.sys,-1000
Description: @%systemroot%\system32\drivers\afd.sys,-1000
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): AMD External Events Utility
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\system32\atiesrxx.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdkmdag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\atikmdag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): amdkmdap
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\atikmpag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): AmdPPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdsata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdsbs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdxata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\amdxata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): AppID
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-102
Description: @%systemroot%\system32\appidsvc.dll,-103
Image path: \SystemRoot\system32\drivers\appid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: FltMgr,DisCache
Service (registry key): AppIDSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-100
Description: @%systemroot%\system32\appidsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,AppID,CryptSvc
Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc
Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Image size: 37664
Image MD5: 20F6F19FE9E753F2780DC2FA083AD597
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): aswFW
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! TDI Firewall driver
Description: avast! TDI Firewall driver
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: tcpip
Service (registry key): aswNdis
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Firewall NDIS Filter Service
Image path: system32\DRIVERS\aswNdis.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): aswNdis2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avast! Firewall Core Firewall Service
Description: avast! Firewall Core Firewall Service
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32000
Description: @%systemroot%\system32\rascfg.dll,-32000
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE Channel
Image path: \SystemRoot\system32\drivers\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): Atierecord
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): AtiHdmiService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ATI Function Driver for High Definition Audio Service
Image path: system32\drivers\AtiHdmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atikmdag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\atikmdag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS
Service (registry key): AVER_H193
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVerMedia H193 Video Capture
Image path: system32\drivers\AVer888RC_64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Avg
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Avgfwfd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG network filter service
Description: AVG network filter driver
Image path: system32\DRIVERS\avgfwd6a.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): avgfws
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Firewall
Description: AVG Firewall Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe"
Image size: 2316624
Image MD5: C0B5A964C1C329ED19E5A4B6E49EA1FE
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AVGIDSAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVGIDSAgent
Description: Provides Identity Protection Against Cyber Crime.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe"
Image size: 5104992
Image MD5: F5689FBA4360BE50839999882E0A9D99
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: AVGIDSDriver
Service (registry key): AVGIDSDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVGIDSDriver
Description: AVG Technologies IDS Application Activity Monitor Driver
Image path: system32\DRIVERS\avgidsdrivera.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: AVGIDSFilter
Service (registry key): AVGIDSEH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVGIDSEH
Description: AVG Technologies IDS Application Activity Monitor Helper Driver
Image path: system32\DRIVERS\avgidseha.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): AVGIDSFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVGIDSFilter
Description: AVG Technologies IDS Application Activity Monitor Filter Driver
Image path: system32\DRIVERS\avgidsfiltera.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Avgldx64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG AVI Loader Driver
Image path: system32\DRIVERS\avgldx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avgmfx64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Mini-Filter Resident Anti-Virus Shield
Image path: system32\DRIVERS\avgmfx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): Avgrkx64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Anti-Rootkit Driver
Image path: system32\DRIVERS\avgrkx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): Avgtdia
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG TDI Driver
Image path: system32\DRIVERS\avgtdia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): avgwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG WatchDog
Description: AVG Watchdog Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
Image size: 193288
Image MD5: EA1145DEBCD508FD25BD1E95C4346929
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AxInstSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\AxInstSV.dll,-103
Description: @%SystemRoot%\system32\AxInstSV.dll,-104
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): b06bdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II VBD
Image path: \SystemRoot\system32\DRIVERS\bxvbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): b57nd60a
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Image path: system32\DRIVERS\b57nd60a.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Bandoo Coordinator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bandoo Coordinator
Description: Coordinates Bandoo plugins work
Object name: LocalSystem
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,TERMSERVICE
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): BBSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bing Bar Update Service
Description: Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE"
Image size: 183560
Image MD5: 0D1EA7509F394D8B705B239EE71F5118
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): BDESVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bdesvc.dll,-100
Description: @%SystemRoot%\system32\bdesvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem
Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
Image size: 387944
Image MD5: 1C87705CCB2F60172B0FC86B5D82F00D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-102
Description: @%systemroot%\system32\browser.dll,-103
Image path: system32\DRIVERS\bowser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BridgeMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bridgeres.dll,-1
Image path: system32\DRIVERS\bridge.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer


----------



## obxtony (Aug 17, 2008)

whew this is neber ending!!
part 2

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\System32\Drivers\Brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): bthserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\bthserv.dll,-101
Description: @%SystemRoot%\System32\bthserv.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): catchme
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): CDMA Device Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CDMA Device Service
Description: High speed data connection on CDMA 3G/4G network
Object name: LocalSystem
Image path: C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
Image size: 159232
Image MD5: D6696435EEFD7BBDB4226C60A5B343DC
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: \SystemRoot\system32\drivers\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\DRIVERS\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\clfs.sys,-100
Description: @%SystemRoot%\system32\clfs.sys,-101
Image path: System32\CLFS.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66384
Image MD5: D88040F816FDA31C3B466F0FA0918F29
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v2.0.50727_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
Image size: 89920
Image MD5: D1CEEA2B47CB998321C579651CE3E4F8
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v4.0.30319_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Image size: 130384
Image MD5: C5A75EB48E2344ABDC162BDA79E16841
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v4.0.30319_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Image size: 138576
Image MD5: C6F9AF94DCD58122A4D7E89DB6BED29D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Control Method Battery Driver
Image path: \SystemRoot\system32\DRIVERS\CmBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): CNG
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\cng.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): CompositeBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Composite Bus Enumerator Driver
Image path: \SystemRoot\system32\drivers\CompositeBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS
Service (registry key): cpuz132
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cpuz132
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
 Type: 1
Error Control: 1
Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): CXCIR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVerMedia Consumer Infrared Receiver
Image path: system32\DRIVERS\AVer888RCIR_64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): dc3d
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Hardware Device Detection Driver (USB)
Image path: system32\DRIVERS\dc3d.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): defragsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\defragsvc.dll,-101
Description: @%SystemRoot%\system32\defragsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup
Service (registry key): dgderdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dgderdrv
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcore.dll,-100
Description: @%SystemRoot%\system32\dhcpcore.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
 Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd
Service (registry key): discache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\discache.sys,-102
Description: @%systemroot%\system32\drivers\discache.sys,-101
Image path: System32\drivers\discache.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx,nsi
Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost
Service (registry key): DPS
 Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Trusted Audio Drivers
Image path: system32\drivers\drmkaud.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): dump_wmimmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: dump_wmimmc
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso
Service (registry key): ebdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II 10 GigE VBD
Image path: \SystemRoot\system32\DRIVERS\evbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): EFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\efssvc.dll,-100
Description: @%SystemRoot%\system32\efssvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 696832
Image MD5: C4002B6B41975F057D98C439030CEA07
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 127488
Image MD5: 4705E8EF9934482C5BB488CE28AFC681
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ErrDev
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Hardware Error Device Driver
Image path: \SystemRoot\system32\drivers\errdev.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): ezSharedSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Easybits Shared Services for Windows
Description: Provides various services to Magic Desktop and other Easybits applications.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fxsresm.dll,-118
Description: @%systemroot%\system32\fxsresm.dll,-122
Object name: NT AUTHORITY\NetworkService
Image path: %systemroot%\system32\fxssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler
Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: \SystemRoot\system32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http
Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http
Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
Image path: system32\drivers\fileinfo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr
Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
Image path: system32\drivers\filetrace.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
Image path: system32\drivers\fltmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3
Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\FntCache.dll,-100
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Image size: 42856
Image MD5: A8B7F3818AB65695E3A0BB3279F6DCE6
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): FsDepends
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
Image path: System32\drivers\FsDepends.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 3
Depends On services: fltmgr
Service (registry key): fssfltr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FssFltr
Image path: system32\DRIVERS\fssfltr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip
Service (registry key): fsssvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live Family Safety Service
Description: This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.
Object name: LocalSystem
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 8
Error Control: 0
Service (registry key): fvevol
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Image path: System32\DRIVERS\fvevol.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): GameConsoleService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GameConsoleService
Description: GameConsole management services
Object name: LocalSystem
Image path: "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe"
Image size: 250616
Image MD5: C1BBCE4B30B45410178EE674C818D10C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,EVENTLOG
Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: system32\DRIVERS\GEARAspiWDM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): GoToAssist
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GoToAssist
Description: Citrix GoToAssist provides remote help to this PC.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe" Start=service
Image size: 16680
Image MD5: 5CC2B1D06AC1962AF5FBBCF88D781DD8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Mup
Service (registry key): gupdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update Service (gupdate)
Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
Image size: 135664
Image MD5: 8F0DE4FEF8201E306F9938B0905AC96A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): gupdatem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update Service (gupdatem)
Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
Image size: 135664
Image MD5: 8F0DE4FEF8201E306F9938B0905AC96A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): gusvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Software Updater
Description: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 182768
Image MD5: CC839E8D766CC31A7710C9F38CF3E375
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): hcw85cir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Hauppauge Consumer Infrared Receiver
Image path: \SystemRoot\system32\drivers\hcw85cir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: \SystemRoot\system32\drivers\HDAudBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HECIx64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) Management Engine Interface
Image path: \SystemRoot\system32\DRIVERS\HECIx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HidBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID UPS Battery Driver
Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\DRIVERS\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: \SystemRoot\system32\drivers\hidusb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): HomeGroupListener
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\ListSvc.dll,-100
Description: @%SystemRoot%\System32\ListSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanServer
Service (registry key): HomeGroupProvider
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\provsvc.dll,-100
Description: @%SystemRoot%\System32\provsvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: netprofm,fdrespub,fdphost
Service (registry key): HP Support Assistant Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Support Assistant Service
Description: HP Support Assistant Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
Image size: 85560
Image MD5: 170233B8D743EFE35F462A5D516B93E3
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): HPDrvMntSvc.exe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Quick Synchronization Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
Image size: 94264
Image MD5: BCC4A8B2E2E902F52E7F2E7D8E125765
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): hpqwmiex
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Software Framework Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
Image size: 799800
Image MD5: EC9739A46F1F83C6E52A7A4697F44A65
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): HpSAMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\HpSAMD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\http.sys,-1
Description: @%SystemRoot%\system32\drivers\http.sys,-2
Image path: system32\drivers\HTTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): hwpolicy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
Image path: System32\drivers\hwpolicy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: \SystemRoot\system32\drivers\i8042prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): iaStor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller
Image path: system32\DRIVERS\iaStor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): IAStorDataMgrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) Rapid Storage Technology
Description: Provides storage event notification and manages communication between the storage driver and user space applications.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
Image size: 13336
Image MD5: 7493EA4DE41348F7D3EDBF9DB298F56A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: winmgmt
Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller Windows 7
Image path: \SystemRoot\system32\drivers\iaStorV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 856400
Image MD5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE
Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RTKVHD64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: \SystemRoot\system32\DRIVERS\intelppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost
Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi
Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\IPMIDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Image path: System32\drivers\ipnat.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 934760
Image MD5: B7CB0B121962CD89F98C0DD89331B0C0
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
Image path: system32\drivers\irenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort Driver
Image path: \SystemRoot\system32\drivers\msiscsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: \SystemRoot\system32\drivers\kbdclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: \SystemRoot\system32\drivers\kbdhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): KSecPkg
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecpkg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): ksthunk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Streaming Thunks
Image path: \SystemRoot\system32\drivers\ksthunk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv
Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI
Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LightScribeService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LightScribeService Direct Disc Labeling Service
Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
Object name: LocalSystem
Image path: "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
Image size: 73728
Image MD5: 2238B91AC1A12CC6CC4C4FED41258B2A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio
Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SAS2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\luafv.sys,-100
Description: @%systemroot%\system32\drivers\luafv.sys,-101
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): LVPr2M64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech LVPr2M64 Driver
Image path: system32\DRIVERS\LVPr2M64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
 Type: 1
Error Control: 1
Service (registry key): LVRS64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech RightSound Filter Driver
Image path: system32\DRIVERS\lvrs64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LVUVC64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Logitech Webcam 120(UVC)
Image path: system32\DRIVERS\lvuvc64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): McciCMService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McciCMService
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe"
Image size: 319488
Image MD5: F8B823414A22DBF3BEC10DCAA5F93CD8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): McciCMService64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: McciCMService64
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Motive\McciCMService.exe"
Image size: 523136
Image MD5: 28EF4CCCD101155290FF77582F95428B
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost
Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MegaSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor Class Function Driver Service
Image path: system32\DRIVERS\monitor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: \SystemRoot\system32\drivers\mouclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): mountmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
Image path: System32\drivers\mountmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Bus Driver
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe
Service (registry key): MREMP50
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MREMP50 NDIS Protocol Driver
Image path: \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MREMP50a64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MREMP50a64 NDIS Protocol Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MREMPR5
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MREMPR5 NDIS Protocol Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MRENDIS5
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRENDIS5 NDIS Protocol Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MRESP50
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRESP50 NDIS Protocol Driver
Image path: \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MRESP50a64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MRESP50a64 NDIS Protocol Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-104
Description: @%systemroot%\system32\webclnt.dll,-105
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss
Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1002
Description: @%systemroot%\system32\wkssvc.dll,-1003
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss
Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1004
Description: @%systemroot%\system32\wkssvc.dll,-1005
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb
Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1006
Description: @%systemroot%\system32\wkssvc.dll,-1007
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb
Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\msahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Device Specific Module
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): MSDTC Bridge 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): mshidkmdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msisadrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec.exe /V
Image size: 73216
Image MD5: EEE470F2A771FC0B543BDEEF74FCECA0
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: \SystemRoot\system32\drivers\mssmbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MTConfig
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Input Configuration Driver
Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\mup.sys,-101
Description: @%systemroot%\system32\drivers\mup.sys,-102
Image path: System32\Drivers\mup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
Image path: system32\drivers\ndis.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): NdisCap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Capture LightWeight Filter
Description: NDIS Capture LightWeight Filter
Image path: system32\DRIVERS\ndiscap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
Image path: System32\DRIVERS\netbt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip
Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi
Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprofm.dll,-202
Description: @%SystemRoot%\system32\netprofm.dll,-203
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc
Service (registry key): netr28x
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ralink 802.11n Extensible Wireless Driver
Image path: system32\DRIVERS\netr28x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 116560
Image MD5: 3E5A36127E201DDF663176B66828FAFE
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp
Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): npggsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: nProtect GameGuard Service
Description: nProtect GameGuard Service
Object name: LocalSystem
Image path: C:\Windows\system32\GameMon.des -service
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Service (registry key): NPPTNT2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NPPTNT2
Image path: \??\C:\Windows\system32\npptNT2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy
Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
Image path: system32\drivers\nsiproxy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller (Legacy)
Image path: \SystemRoot\system32\drivers\ohci1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc
Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\DRIVERS\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
Image path: System32\drivers\partmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): PCDSRVC{F36B3A4C-F95654BD-06000000}_0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver
Image path: \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\drivers\pci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): pcw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Counters for Windows Driver
Image path: System32\drivers\pcw.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\sysWow64\perfhost.exe,-2
Description: @%systemroot%\SysWow64\perfhost.exe,-1
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\SysWow64\perfhost.exe
Image size: 20992
Image MD5: E495E408C93141E8FC72DC0C6046DDFA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): PnkBstrA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnkBstrA
Description: PunkBuster Service Component [v1036] http://www.evenbalance.com
Object name: LocalSystem
Image path: C:\Windows\system32\PnkBstrA.exe
Image size: 76888
Image MD5: 205E1B699FD3F2F9B036EEA2EC30C620
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): PnkBstrB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnkBstrB
Description: PunkBuster Service Component [v2.292 BF3] http://www.evenbalance.com
Object name: LocalSystem
Image path: C:\Windows\system32\PnkBstrB.exe
Image size: 283304
Image MD5: 45089850320FC3B5E1466EED409C8CD6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002
Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc
Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc
Service (registry key): Point64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IntelliPoint Filter Driver
Image path: system32\DRIVERS\point64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe
Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Power
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpo.dll,-100
Description: @%SystemRoot%\system32\umpo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32006
Description: @%systemroot%\system32\rascfg.dll,-32006
Image path: system32\DRIVERS\raspptp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\DRIVERS\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): prodrv06
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: StarForce Protection Environment Driver v6
Image path: \SystemRoot\System32\drivers\prodrv06.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): prohlp02
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: StarForce Protection Helper Driver v2
Image path: System32\drivers\prohlp02.sys
Image size: 70400
Image MD5: D9D5CC53E73D7796FFC6266D52DE80DA
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): prosync1
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: StarForce Protection Synchronization Driver v1
Image path: System32\drivers\prosync1.sys
Image size: 6944
Image MD5: F3471E7971EE62420451D958DA635064
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Psched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO
Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RapportCerberus_34302
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RapportCerberus_34302
Image path: \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Depends On services: FltMgr
Service (registry key): RapportEI64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RapportEI64
Image path: \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RapportKE64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RapportKE64
Image path: System32\Drivers\RapportKE64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): RapportMgmtService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Rapport Management Service
Description: Central Rapport Management and Monitoring Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
Image size: 976696
Image MD5: AD517940055F9F4C009658BBCD78045F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): RapportPG64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RapportPG64
Image path: \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Depends On services: FltMgr
Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAgileVpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Image path: system32\DRIVERS\AgileVpn.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,TapiSrv,RasAcd
Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32005
Description: @%systemroot%\system32\rascfg.dll,-32005
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc
Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1000
Description: @%systemroot%\system32\wkssvc.dll,-1001
Image path: system32\DRIVERS\rdbss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup
Service (registry key): rdpbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Device Redirector Bus Driver
Image path: \SystemRoot\system32\DRIVERS\rdpbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
Image path: system32\drivers\rdpencdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPREFMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
Image path: system32\drivers\rdprefmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): rdyboost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost
Description: ReadyBoost
Image path: System32\drivers\rdyboost.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,Bfe,RasMan,Http
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): RpcEptMapper
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%windir%\system32\RpcEpMap.dll,-1001
Description: @%windir%\system32\RpcEpMap.dll,-1002
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcEptMapper,DcomLaunch
Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): RTL8167
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek 8167 NT Driver
Image path: system32\DRIVERS\Rt64win7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): SASDIFSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASDIFSV
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): SASKUTIL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SASKUTIL
Image path: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
Image size: 1153368
Image MD5: 794D4B48DFB6E999537C7C3947863463
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: wscsvc
Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): scfilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
Image path: System32\DRIVERS\scfilter.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog
Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): SeaPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SeaPort
Description: Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
Image size: 249648
Image MD5: 78779EE07231C658B483B1F38B5088DF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): SensrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\sensrsvc.dll,-1000
Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\DRIVERS\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation
Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sfhlp01
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: StarForce Protection Helper Driver
Image path: System32\drivers\sfhlp01.sys
Image size: 4832
Image MD5: 462AEE0EA0481EA8BD45CAC876A4CCC4
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE
Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SkypeUpdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Skype Updater
Description: Enables the detection, download and installation of updates for Skype.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
Image size: 158856
Image MD5: 6128E98EAAED364ED1A32708D2FD22CB
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SMSvcHost 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): SpiderG3
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DrWeb file system scanner
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\spoolsv.exe,-1
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http
Service (registry key): sppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppsvc.exe,-101
Description: @%SystemRoot%\system32\sppsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\sppsvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): sppuinotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppuinotify.dll,-103
Description: @%SystemRoot%\system32\sppuinotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-102
Description: @%systemroot%\system32\srvsvc.dll,-103
Image path: System32\DRIVERS\srv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2
Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-104
Description: @%systemroot%\system32\srvsvc.dll,-105
Image path: System32\DRIVERS\srv2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet
Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): ssadbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SAMSUNG Android USB Composite Device driver (WDM)
Image path: system32\DRIVERS\ssadbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ssadmdfl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SAMSUNG Android USB Modem (Filter)
Description: SAMSUNG Android USB Modem (Filter)
Image path: system32\DRIVERS\ssadmdfl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ssadmdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SAMSUNG Android USB Modem Drivers
Description: SAMSUNG Android USB Modem Drivers
Image path: system32\DRIVERS\ssadmdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Steam Client Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Steam Client Service
Description: Steam Client Service monitors and updates Steam content
Object name: LocalSystem
Image path: C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
Image size: 407336
Image MD5: FBFE36B870595B771284E0B2199F51C2
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): stexstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): StillCam
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Still Serial Digital Camera Driver
Image path: system32\DRIVERS\serscan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection
Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: \SystemRoot\system32\drivers\swenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo
Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): taphss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Anchorfree HSS Adapter
Image path: system32\DRIVERS\taphss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): TCPIP6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TCPIP6TUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip
Service (registry key): TCPIPTUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: \SystemRoot\system32\drivers\termdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD
Service (registry key): TFsExDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TFsExDisk
Description: TFsExDisk
Image path: \??\C:\Windows\System32\Drivers\TFsExDisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\themeservice.dll,-8192
Description: @%SystemRoot%\System32\themeservice.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 194048
 Image MD5: 773212B2AAA24C1E31F10246B15B276C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TsUsbFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: @%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
Image path: system32\drivers\tsusbflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Tunnel Miniport Adapter Driver
Image path: system32\DRIVERS\tunnel.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBus Enumerator Driver
Image path: \SystemRoot\system32\drivers\umbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): UmPass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UMPass Driver
Image path: \SystemRoot\system32\DRIVERS\umpass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\upnphost.dll,-213
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): usbaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Audio Driver (WDM)
Image path: system32\drivers\usbaudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbehci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: \SystemRoot\system32\drivers\USBSTOR.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbuhci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbvideo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Video Device (WDM)
Image path: \SystemRoot\System32\Drivers\usbvideo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usb_rndisx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB RNDIS Adapter
Image path: system32\DRIVERS\usb8023x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): VaultSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003
Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): vdrvroot
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Virtual Drive Enumerator Driver
Image path: system32\drivers\vdrvroot.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
 Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): vhdmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vhdmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\drivers\volmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
Image path: System32\drivers\volmgrx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Storage volumes
Image path: system32\drivers\volsnap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): vToolbarUpdater11.0.2
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
Image size: 932736
Image MD5: 56E1E4442E4613FB2039A6B7421F4E58
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): vwifibus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Bus Driver
Description: Virtual WiFi Bus Driver
Image path: system32\DRIVERS\vwifibus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): vwififlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Image path: system32\DRIVERS\vwififlt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): vwifimp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Virtual WiFi Miniport Service
Image path: system32\DRIVERS\vwifimp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WajamUpdater
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WajamUpdater
Description: Wajam Updater
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe"
Image size: 109064
Image MD5: 4AA2CC5979AFF984227364F2C23B04F3
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WANARP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32011
Description: @%systemroot%\system32\rascfg.dll,-32011
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32012
Description: @%systemroot%\system32\rascfg.dll,-32012
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): WatAdminSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Wat\WatUX.exe,-601
Description: @%SystemRoot%\system32\Wat\WatUX.exe,-602
Object name: LocalSystem
Image path: %SystemRoot%\system32\Wat\WatAdminSvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): wbengine
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbengine.exe,-104
Description: @%systemroot%\system32\wbengine.exe,-105
Object name: localSystem
Image path: "%systemroot%\system32\wbengine.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WbioSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbiosrvc.dll,-100
Description: @%systemroot%\system32\wbiosrvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,VaultSvc,WUDFSvc
Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Mode Driver Frameworks service
Image path: system32\drivers\Wdf01000.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog
Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Service (registry key): WfpLwf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Image path: system32\DRIVERS\wfplwf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): WIMMount
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WIMMount
Description: WIM Image mount service driver
Image path: system32\drivers\wimmount.sys
Image size: 19008
Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp
Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUsb
Image path: system32\DRIVERS\WinUsb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost
Service (registry key): wlcrasvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live Mesh remote connections service
Object name: LocalSystem
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Service (registry key): wlidsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live ID Sign-in Assistant
Description: Enables Windows Live ID authentication.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Image size: 2292096
Image MD5: 2BACD71123F42CEA603F4E205E1AE337
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: http
Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): WPRO_40_1340
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinPcap Packet Driver (WPRO_40_1340)
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
 Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Search
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 427520
Image MD5: 236F286E103FD44BD85FDD93097FD5DD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: User Mode Driver Frameworks Platform Driver
Image path: system32\drivers\WudfPf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf
Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wwansvc.dll,-257
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): YahooAUService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Yahoo! Updater
Description: Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
Image size: 602392
Image MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {14A415D3-A49B-4310-B7F9-59487581C101}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {15CC91D2-E2F2-455A-BD8A-2C60E42E189A}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {55662437-DA8C-40c0-AADA-2C816A897A49}
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Power Control [2010/01/07 20:24:33]
Image path: \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): {A263F2FC-11C1-4AE0-9E07-FC775B3CC9C8}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {C8BB1216-68BF-461B-AEAC-74DC30A29905}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0


----------



## obxtony (Aug 17, 2008)

OTL Log eddie;

OTL logfile created on: 26/04/2012 13:50:29 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 50.27% Memory free
11.92 Gb Paging File | 8.52 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 978.52 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/17 09:04:02 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/10 21:46:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/27 20:27:57 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/01/27 13:59:12 | 047,658,848 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files (x86)\FixCleaner\FixCleaner.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/29 21:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/12 10:40:12 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2010/08/12 10:40:12 | 000,309,128 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciControlHost.exe
PRC - [2010/08/12 10:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 10:56:21 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/04/25 10:55:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/04/25 10:55:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 10:55:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/04/25 10:55:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/04/25 10:55:18 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/04/25 10:55:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/04/24 22:23:09 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/25 22:10:45 | 000,283,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/17 09:04:20 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/04/17 09:04:20 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={0BF34C...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb118/?search={searchTerms}&loc=IB_DS&a=6PQusNkZzZ&i=26
IE - HKCU\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/15 12:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 10:23:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:*64bit:* - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8BB1216-68BF-461B-AEAC-74DC30A29905}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/09 20:35:07 | 000,206,657 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 00:31:56 | 000,000,106 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2012/04/25 20:22:49 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Yahoo!
[2012/04/25 20:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/25 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/04/25 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PC Cleaners
[2012/04/25 19:44:46 | 004,107,024 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PCPro
[2012/04/25 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/25 19:28:11 | 000,000,000 | ---D | C] -- C:\w
[2012/04/25 19:28:10 | 000,000,000 | ---D | C] -- C:\skins
[2012/04/25 19:28:09 | 000,000,000 | ---D | C] -- C:\e
[2012/04/25 19:28:01 | 000,000,000 | ---D | C] -- C:\Data
[2012/04/25 14:23:50 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\mbam
[2012/04/25 14:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/25 00:11:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/25 00:11:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/25 00:11:15 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/25 00:11:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/25 00:11:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/25 00:11:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/25 00:11:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/25 00:11:14 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/25 00:11:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/25 00:11:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/25 00:11:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/25 00:09:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/25 00:09:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/25 00:09:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/25 00:05:22 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/25 00:05:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/25 00:05:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 23:59:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/04/24 23:16:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/24 23:16:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/24 23:16:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/24 23:16:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/24 23:13:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/04/24 23:13:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/04/24 23:13:34 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/04/24 23:13:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/04/24 23:13:33 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/04/24 23:13:31 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/04/24 23:13:31 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/04/24 23:12:26 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/24 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\AVG Secure Search
[2012/04/24 22:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/04/24 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/04/24 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/04/24 22:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/24 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\IObit
[2012/04/24 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/04/24 20:26:28 | 000,031,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wldlog.dll
[2012/04/24 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{BD589828-AE04-4117-9D69-FF683D5260FF}
[2012/04/24 19:47:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/24 19:47:27 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/24 19:47:16 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/24 19:47:16 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/24 19:47:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/24 19:47:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/24 19:47:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/24 19:47:15 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/24 19:47:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/24 19:47:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/24 19:47:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/24 19:47:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/24 19:47:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 19:47:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 19:47:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 19:47:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 19:47:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 19:47:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/04/24 19:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/04/24 15:35:44 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AA7C9779-ADD3-45C2-B671-95E0FBECBD2D}
[2012/04/24 13:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/04/23 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{528E58D0-C36B-4A6F-B29F-CB303B6D12E9}
[2012/04/23 15:25:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{854E8797-43D3-4D07-AFBC-5E2D9FF8A4A2}
[2012/04/23 15:13:32 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{7A0C5E06-D08F-4B38-91C1-ECD1DD112EEB}
[2012/04/23 15:05:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6EC5DB70-5F8F-4164-BE84-5AFF2BBB9634}
[2012/04/23 15:05:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{66438BF7-2006-499B-8F09-B62CB9397661}
[2012/04/23 15:04:21 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D48E8083-2053-4A05-9467-B641C3552C5E}
[2012/04/23 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE504197-2ECF-4932-A5E5-D2D029F37073}
[2012/04/23 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A95CAA33-CB33-4894-A1B5-7E36171821CE}
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/22 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\F7
[2012/04/22 13:27:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{18F44574-F541-4DDA-B5F1-0EBB57DA14E3}
[2012/04/22 13:26:59 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{11AAA05F-4BCA-46F0-ADC6-4DB959308822}
[2012/04/22 11:38:39 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/22 11:38:39 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/22 11:38:39 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/04/22 11:38:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/04/22 11:38:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/04/22 11:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\HanPurple
[2012/04/19 21:06:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/19 20:47:31 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/04/19 19:56:55 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{063A5750-D12C-4B73-AF1A-26FC58706C2A}
[2012/04/19 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{1EE05C67-83EE-44A2-BE92-8BAC5A8AC9E0}
[2012/04/17 22:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/17 17:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/17 17:43:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 16:21:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 16:21:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 16:21:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/16 20:48:13 | 035,859,328 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\tony\Desktop\OriginSetup.exe
[2012/04/16 20:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/16 20:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/16 20:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/04/15 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212}
[2012/04/15 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3B990DC9-EA51-4864-B87C-6377D261C81F}
[2012/04/15 12:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/04/14 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D0C320BA-AF65-47CD-AC17-D3EEE86B441C}
[2012/04/14 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AC38A120-D29E-485F-97B1-67C9565F99A6}
[2012/04/14 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/04/14 12:43:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Wajam
[2012/04/14 12:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/04/13 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE2575D4-938B-463C-BF48-D19364A6D836}
[2012/04/13 23:06:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8A4A0784-0F59-418C-8478-2D275E9C6465}
[2012/04/13 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\BFBC2
[2012/04/12 15:46:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/11 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{09197206-9038-4C87-8DB7-80297CE57D43}
[2012/04/11 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE623F98-DE60-479A-9B82-70F06740601D}
[2012/04/10 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28}
[2012/04/10 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1}
[2012/04/10 16:05:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 16:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4}
[2012/04/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37}
[2012/04/08 19:19:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C}
[2012/04/08 19:19:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7}
[2012/04/07 21:58:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115}
[2012/04/07 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2}
[2012/04/07 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\MigWiz
[2012/04/07 09:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/04/07 09:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/04/07 09:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/06 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF}
[2012/04/06 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F}
[2012/04/06 14:42:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\calibre
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/04/06 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\calibre
[2012/04/06 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\dds
[2012/04/05 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
[2012/04/05 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
[2012/04/05 20:51:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
[2012/04/05 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\anti virus progs
[2012/04/05 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
[2012/04/05 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\tony\Doctor Web
[2012/04/05 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012/04/05 11:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/04/04 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/04 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/04 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2012/04/04 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
[2012/04/04 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
[2012/04/03 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\FileTypeAssistant
[2012/04/03 20:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/04/03 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
[2012/04/03 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
[2012/04/03 18:31:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/03 18:27:06 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/04/03 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/04/03 17:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/04/03 14:07:27 | 000,000,000 | ---D | C] -- C:\Users\tony\DoctorWeb
[2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/04/03 13:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/04/02 15:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/02 15:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/04/02 14:51:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
[2012/04/02 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avast
[2012/04/02 12:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/04/01 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
[2012/04/01 20:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/04/01 20:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1
[2012/04/01 20:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medea International Ltd
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy CD & DVD Cover Creator
[2012/04/01 13:17:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
[2012/04/01 09:22:24 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 08:45:22 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
[2012/03/30 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21}
[2012/03/29 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254}
[2012/03/28 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158}
[2012/03/27 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681}
[2012/03/27 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F}

========== Files - Modified Within 30 Days ==========

[2012/04/26 13:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 13:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 12:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/26 11:30:45 | 096,299,657 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/25 22:09:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/25 21:19:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 21:19:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 21:11:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 21:07:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/25 21:06:59 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 20:22:31 | 000,001,167 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/25 20:22:31 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/25 19:44:33 | 004,107,024 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:28:14 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | M] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | M] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/25 11:44:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/25 11:44:24 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/25 11:44:24 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 10:49:02 | 000,348,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/25 00:03:33 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/04/25 00:03:32 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/04/24 22:46:31 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | M] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/24 20:26:28 | 000,031,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wldlog.dll
[2012/04/24 11:30:39 | 000,286,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/22 18:57:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/22 11:38:28 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/22 11:38:28 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/22 11:38:28 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/04/22 11:38:28 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/04/22 11:38:28 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/04/22 10:23:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/18 13:57:10 | 000,000,222 | ---- | M] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/04/16 21:30:59 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/04/16 20:49:47 | 035,859,328 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\tony\Desktop\OriginSetup.exe
[2012/04/16 19:30:43 | 000,624,083 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/15 12:38:34 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/13 21:22:54 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 21:22:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 21:22:50 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/10 19:05:30 | 000,017,407 | ---- | M] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | M] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | M] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | M] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:04:08 | 000,150,880 | ---- | M] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | M] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 17:22:48 | 000,008,409 | ---- | M] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/02 14:58:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/02 13:14:05 | 000,001,256 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2012/04/26 11:30:45 | 096,299,657 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/25 20:22:31 | 000,001,167 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/25 20:22:31 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/25 19:28:14 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | C] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | C] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/24 22:22:19 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | C] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/24 21:45:08 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/24 20:43:16 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/04/24 20:43:16 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/24 20:22:14 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/24 11:30:39 | 000,286,919 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/18 13:57:10 | 000,000,222 | ---- | C] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 16:21:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 16:21:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 16:21:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 16:21:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 16:21:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/16 19:30:43 | 000,624,083 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/15 12:38:33 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/10 19:05:30 | 000,017,407 | ---- | C] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | C] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | C] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:36:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/04/04 20:04:08 | 000,150,880 | ---- | C] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | C] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/03 17:22:48 | 000,008,409 | ---- | C] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/01 08:45:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/11 21:39:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 18:59:11 | 000,001,854 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml
[2011/07/15 12:25:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/07/15 12:25:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2011/07/15 12:25:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/07/15 12:25:23 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/07/07 18:40:34 | 000,145,704 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/14 19:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/02 17:23:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/02 17:23:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/18 12:59:49 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/06 10:11:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/20 13:31:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/23 18:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/09 18:03:08 | 001,957,672 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/09 18:03:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/27 18:40:00 | 000,000,620 | ---- | C] () -- C:\Users\tony\AppData\Roaming\wklnhst.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
< End of report >


----------



## obxtony (Aug 17, 2008)

Hells Bells !!
OTL in 2 parts also!

Part 1;

OTL logfile created on: 26/04/2012 13:50:29 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 50.27% Memory free
11.92 Gb Paging File | 8.52 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 978.52 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/17 09:04:02 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/10 21:46:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/27 20:27:57 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/01/27 13:59:12 | 047,658,848 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files (x86)\FixCleaner\FixCleaner.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/29 21:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/12 10:40:12 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2010/08/12 10:40:12 | 000,309,128 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciControlHost.exe
PRC - [2010/08/12 10:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 10:56:21 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/04/25 10:55:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/04/25 10:55:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 10:55:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/04/25 10:55:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/04/25 10:55:18 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/04/25 10:55:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/04/24 22:23:09 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/25 22:10:45 | 000,283,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek  ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/17 09:04:20 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/04/17 09:04:20 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={0BF34C...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb118/?search={searchTerms}&loc=IB_DS&a=6PQusNkZzZ&i=26
IE - HKCU\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/15 12:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 10:23:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:*64bit:* - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8BB1216-68BF-461B-AEAC-74DC30A29905}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/09 20:35:07 | 000,206,657 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 00:31:56 | 000,000,106 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2012/04/25 20:22:49 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Yahoo!
[2012/04/25 20:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/25 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/04/25 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PC Cleaners
[2012/04/25 19:44:46 | 004,107,024 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PCPro
[2012/04/25 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/25 19:28:11 | 000,000,000 | ---D | C] -- C:\w
[2012/04/25 19:28:10 | 000,000,000 | ---D | C] -- C:\skins
[2012/04/25 19:28:09 | 000,000,000 | ---D | C] -- C:\e
[2012/04/25 19:28:01 | 000,000,000 | ---D | C] -- C:\Data
[2012/04/25 14:23:50 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\mbam
[2012/04/25 14:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/25 00:11:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/25 00:11:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/25 00:11:15 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/25 00:11:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/25 00:11:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/25 00:11:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/25 00:11:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/25 00:11:14 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/25 00:11:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/25 00:11:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/25 00:11:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/25 00:09:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/25 00:09:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/25 00:09:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/25 00:05:22 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/25 00:05:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/25 00:05:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 23:59:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/04/24 23:16:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/24 23:16:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/24 23:16:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/24 23:16:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/24 23:13:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/04/24 23:13:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/04/24 23:13:34 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/04/24 23:13:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/04/24 23:13:33 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/04/24 23:13:31 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/04/24 23:13:31 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/04/24 23:12:26 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/24 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\AVG Secure Search
[2012/04/24 22:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/04/24 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/04/24 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/04/24 22:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/24 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\IObit
[2012/04/24 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/04/24 20:26:28 | 000,031,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wldlog.dll
[2012/04/24 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{BD589828-AE04-4117-9D69-FF683D5260FF}
[2012/04/24 19:47:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/24 19:47:27 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/24 19:47:16 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/24 19:47:16 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/24 19:47:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/24 19:47:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/24 19:47:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/24 19:47:15 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/24 19:47:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/24 19:47:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/24 19:47:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/24 19:47:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/24 19:47:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 19:47:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 19:47:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 19:47:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 19:47:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 19:47:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/04/24 19:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/04/24 15:35:44 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AA7C9779-ADD3-45C2-B671-95E0FBECBD2D}
[2012/04/24 13:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/04/23 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{528E58D0-C36B-4A6F-B29F-CB303B6D12E9}
[2012/04/23 15:25:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{854E8797-43D3-4D07-AFBC-5E2D9FF8A4A2}
[2012/04/23 15:13:32 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{7A0C5E06-D08F-4B38-91C1-ECD1DD112EEB}
[2012/04/23 15:05:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6EC5DB70-5F8F-4164-BE84-5AFF2BBB9634}
[2012/04/23 15:05:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{66438BF7-2006-499B-8F09-B62CB9397661}
[2012/04/23 15:04:21 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D48E8083-2053-4A05-9467-B641C3552C5E}
[2012/04/23 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE504197-2ECF-4932-A5E5-D2D029F37073}
[2012/04/23 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A95CAA33-CB33-4894-A1B5-7E36171821CE}
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/22 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\F7
[2012/04/22 13:27:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{18F44574-F541-4DDA-B5F1-0EBB57DA14E3}
[2012/04/22 13:26:59 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{11AAA05F-4BCA-46F0-ADC6-4DB959308822}
[2012/04/22 11:38:39 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/22 11:38:39 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/22 11:38:39 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/04/22 11:38:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/04/22 11:38:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/04/22 11:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\HanPurple
[2012/04/19 21:06:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/19 20:47:31 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/04/19 19:56:55 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{063A5750-D12C-4B73-AF1A-26FC58706C2A}
[2012/04/19 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{1EE05C67-83EE-44A2-BE92-8BAC5A8AC9E0}
[2012/04/17 22:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/17 17:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/17 17:43:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 16:21:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 16:21:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 16:21:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/16 20:48:13 | 035,859,328 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\tony\Desktop\OriginSetup.exe
[2012/04/16 20:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/16 20:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/16 20:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/04/15 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212}
[2012/04/15 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3B990DC9-EA51-4864-B87C-6377D261C81F}
[2012/04/15 12:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/04/14 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D0C320BA-AF65-47CD-AC17-D3EEE86B441C}
[2012/04/14 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AC38A120-D29E-485F-97B1-67C9565F99A6}
[2012/04/14 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/04/14 12:43:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Wajam
[2012/04/14 12:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/04/13 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE2575D4-938B-463C-BF48-D19364A6D836}
[2012/04/13 23:06:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8A4A0784-0F59-418C-8478-2D275E9C6465}
[2012/04/13 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\BFBC2
[2012/04/12 15:46:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/11 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{09197206-9038-4C87-8DB7-80297CE57D43}
[2012/04/11 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE623F98-DE60-479A-9B82-70F06740601D}
[2012/04/10 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28}
[2012/04/10 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1}
[2012/04/10 16:05:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 16:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4}
[2012/04/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37}
[2012/04/08 19:19:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C}
[2012/04/08 19:19:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7}
[2012/04/07 21:58:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115}
[2012/04/07 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2}
[2012/04/07 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\MigWiz
[2012/04/07 09:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/04/07 09:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/04/07 09:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/06 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF}
[2012/04/06 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F}
[2012/04/06 14:42:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\calibre
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/04/06 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\calibre
[2012/04/06 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\dds
[2012/04/05 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
[2012/04/05 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
[2012/04/05 20:51:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
[2012/04/05 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\anti virus progs
[2012/04/05 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
[2012/04/05 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\tony\Doctor Web
[2012/04/05 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012/04/05 11:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/04/04 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/04 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/04 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2012/04/04 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
[2012/04/04 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
[2012/04/03 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\FileTypeAssistant
[2012/04/03 20:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/04/03 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
[2012/04/03 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
[2012/04/03 18:31:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/03 18:27:06 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/04/03 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/04/03 17:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/04/03 14:07:27 | 000,000,000 | ---D | C] -- C:\Users\tony\DoctorWeb
[2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/04/03 13:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/04/02 15:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/02 15:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/04/02 14:51:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
[2012/04/02 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avast
[2012/04/02 12:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/04/01 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
[2012/04/01 20:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/04/01 20:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1
[2012/04/01 20:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medea International Ltd
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy CD & DVD Cover Creator
[2012/04/01 13:17:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
[2012/04/01 09:22:24 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 08:45:22 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
[2012/03/30 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21}
[2012/03/29 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254}
[2012/03/28 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158}
[2012/03/27 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681}
[2012/03/27 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F}


----------



## obxtony (Aug 17, 2008)

OTL part 2 ( I have read shrter Novels!!)

========== Files - Modified Within 30 Days ==========

[2012/04/26 13:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 13:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 12:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/26 11:30:45 | 096,299,657 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/25 22:09:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/25 21:19:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 21:19:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 21:11:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 21:07:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/25 21:06:59 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 20:22:31 | 000,001,167 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/25 20:22:31 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/25 19:44:33 | 004,107,024 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:28:14 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | M] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | M] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/25 11:44:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/25 11:44:24 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/25 11:44:24 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 10:49:02 | 000,348,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/25 00:03:33 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/04/25 00:03:32 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/04/24 22:46:31 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | M] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/24 20:26:28 | 000,031,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wldlog.dll
[2012/04/24 11:30:39 | 000,286,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/22 18:57:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/22 11:38:28 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/22 11:38:28 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/22 11:38:28 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/04/22 11:38:28 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/04/22 11:38:28 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/04/22 10:23:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/18 13:57:10 | 000,000,222 | ---- | M] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/04/16 21:30:59 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/04/16 20:49:47 | 035,859,328 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\tony\Desktop\OriginSetup.exe
[2012/04/16 19:30:43 | 000,624,083 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/15 12:38:34 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/13 21:22:54 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 21:22:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 21:22:50 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/10 19:05:30 | 000,017,407 | ---- | M] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | M] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | M] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | M] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:04:08 | 000,150,880 | ---- | M] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | M] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 17:22:48 | 000,008,409 | ---- | M] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/02 14:58:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/02 13:14:05 | 000,001,256 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2012/04/26 11:30:45 | 096,299,657 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/25 20:22:31 | 000,001,167 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/25 20:22:31 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/25 19:28:14 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | C] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | C] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/24 22:22:19 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | C] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/24 21:45:08 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/24 20:43:16 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/04/24 20:43:16 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/24 20:22:14 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/24 11:30:39 | 000,286,919 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/18 13:57:10 | 000,000,222 | ---- | C] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 16:21:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 16:21:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 16:21:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 16:21:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 16:21:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/16 19:30:43 | 000,624,083 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/15 12:38:33 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/10 19:05:30 | 000,017,407 | ---- | C] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | C] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | C] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:36:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/04/04 20:04:08 | 000,150,880 | ---- | C] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | C] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/03 17:22:48 | 000,008,409 | ---- | C] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/01 08:45:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/11 21:39:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 18:59:11 | 000,001,854 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml
[2011/07/15 12:25:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/07/15 12:25:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2011/07/15 12:25:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/07/15 12:25:23 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/07/07 18:40:34 | 000,145,704 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/14 19:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/02 17:23:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/02 17:23:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/18 12:59:49 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/06 10:11:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/20 13:31:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/23 18:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/09 18:03:08 | 001,957,672 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/09 18:03:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/04/27 18:40:00 | 000,000,620 | ---- | C] () -- C:\Users\tony\AppData\Roaming\wklnhst.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
< End of report >


----------



## obxtony (Aug 17, 2008)

I thought I would do a spybot check again as I have been dropped from my game.
guess what
bloody hundreds again
perhaps I shoould do a reformat?
solve all the probs !!


----------



## obxtony (Aug 17, 2008)

OTL again!!

OTL logfile created on: 26/04/2012 21:22:48 - Run 5
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.27 Gb Available Physical Memory | 54.95% Memory free
11.92 Gb Paging File | 8.76 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 978.52 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/17 09:04:02 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/15 10:37:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/04/12 15:39:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL (1).exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/03/21 02:52:28 | 000,211,256 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/29 21:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/12 10:40:12 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2010/08/12 10:40:12 | 000,309,128 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciControlHost.exe
PRC - [2010/08/12 10:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/26 15:25:56 | 000,115,137 | ---- | M] () -- C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/25 10:56:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012/04/25 10:56:21 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/04/25 10:55:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/04/25 10:55:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 10:55:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/04/25 10:55:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/04/25 10:55:18 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/04/25 10:55:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/04/25 00:18:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/04/25 00:17:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 00:17:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/04/25 00:09:08 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll
MOD - [2012/04/25 00:08:58 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll
MOD - [2012/04/25 00:08:55 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll
MOD - [2012/04/25 00:08:51 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll
MOD - [2012/04/25 00:08:49 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll
MOD - [2012/04/24 23:57:32 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/04/24 23:57:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/04/24 23:57:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/04/24 23:57:25 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/04/24 23:57:20 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/04/24 22:23:09 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/04/20 20:34:22 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/04/20 20:34:22 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/04/20 20:34:22 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/04/20 20:34:22 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/04/20 20:34:22 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/17 09:04:20 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/04/17 09:04:20 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.uk.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/15 12:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 10:23:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9:*64bit:* - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8BB1216-68BF-461B-AEAC-74DC30A29905}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/09 20:35:07 | 000,206,657 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 00:31:56 | 000,000,106 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 18:17:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{F481A6B3-385D-44C3-AD02-86D2F1D0B0AF}
[2012/04/25 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2012/04/25 20:22:49 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Yahoo!
[2012/04/25 20:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/25 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/04/25 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PC Cleaners
[2012/04/25 19:44:46 | 004,107,024 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PCPro
[2012/04/25 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/25 19:28:11 | 000,000,000 | ---D | C] -- C:\w
[2012/04/25 19:28:10 | 000,000,000 | ---D | C] -- C:\skins
[2012/04/25 19:28:09 | 000,000,000 | ---D | C] -- C:\e
[2012/04/25 19:28:01 | 000,000,000 | ---D | C] -- C:\Data
[2012/04/25 14:23:50 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\mbam
[2012/04/25 14:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/25 00:11:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/25 00:11:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/25 00:11:15 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/25 00:11:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/25 00:11:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/25 00:11:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/25 00:11:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/25 00:11:14 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/25 00:11:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/25 00:11:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/25 00:11:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/25 00:09:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/25 00:09:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/25 00:09:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/25 00:05:22 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/25 00:05:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/25 00:05:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 23:59:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/04/24 23:16:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/24 23:16:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/24 23:16:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/24 23:16:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/24 23:13:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/04/24 23:13:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/04/24 23:13:34 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/04/24 23:13:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/04/24 23:13:33 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/04/24 23:13:31 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/04/24 23:13:31 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/04/24 23:12:26 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/24 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\AVG Secure Search
[2012/04/24 22:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/04/24 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/04/24 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/04/24 22:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/24 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\IObit
[2012/04/24 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/04/24 20:26:28 | 000,031,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wldlog.dll
[2012/04/24 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{BD589828-AE04-4117-9D69-FF683D5260FF}
[2012/04/24 19:47:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/24 19:47:27 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/24 19:47:16 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/24 19:47:16 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/24 19:47:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/24 19:47:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/24 19:47:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/24 19:47:15 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/24 19:47:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/24 19:47:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/24 19:47:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/24 19:47:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/24 19:47:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 19:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/04/24 19:47:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 19:47:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/04/24 19:47:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 19:47:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/04/24 19:47:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/04/24 19:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/04/24 15:35:44 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AA7C9779-ADD3-45C2-B671-95E0FBECBD2D}
[2012/04/24 13:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/04/23 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{528E58D0-C36B-4A6F-B29F-CB303B6D12E9}
[2012/04/23 15:25:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{854E8797-43D3-4D07-AFBC-5E2D9FF8A4A2}
[2012/04/23 15:13:32 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{7A0C5E06-D08F-4B38-91C1-ECD1DD112EEB}
[2012/04/23 15:05:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6EC5DB70-5F8F-4164-BE84-5AFF2BBB9634}
[2012/04/23 15:05:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{66438BF7-2006-499B-8F09-B62CB9397661}
[2012/04/23 15:04:21 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D48E8083-2053-4A05-9467-B641C3552C5E}
[2012/04/23 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE504197-2ECF-4932-A5E5-D2D029F37073}
[2012/04/23 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A95CAA33-CB33-4894-A1B5-7E36171821CE}
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/22 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\F7
[2012/04/22 13:27:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{18F44574-F541-4DDA-B5F1-0EBB57DA14E3}
[2012/04/22 13:26:59 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{11AAA05F-4BCA-46F0-ADC6-4DB959308822}
[2012/04/22 11:38:39 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/22 11:38:39 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/22 11:38:39 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/04/22 11:38:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/04/22 11:38:39 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/04/22 11:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\HanPurple
[2012/04/19 21:06:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/19 20:47:31 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/04/19 19:56:55 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{063A5750-D12C-4B73-AF1A-26FC58706C2A}
[2012/04/19 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{1EE05C67-83EE-44A2-BE92-8BAC5A8AC9E0}
[2012/04/17 22:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/17 17:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/17 17:43:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 16:21:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 16:21:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 16:21:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/16 20:48:13 | 035,859,328 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\tony\Desktop\OriginSetup.exe
[2012/04/16 20:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/16 20:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/16 20:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/04/15 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212}
[2012/04/15 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3B990DC9-EA51-4864-B87C-6377D261C81F}
[2012/04/15 12:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/04/14 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D0C320BA-AF65-47CD-AC17-D3EEE86B441C}
[2012/04/14 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AC38A120-D29E-485F-97B1-67C9565F99A6}
[2012/04/14 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/04/14 12:43:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Wajam
[2012/04/14 12:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/04/13 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE2575D4-938B-463C-BF48-D19364A6D836}
[2012/04/13 23:06:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8A4A0784-0F59-418C-8478-2D275E9C6465}
[2012/04/13 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\BFBC2
[2012/04/12 15:46:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/11 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{09197206-9038-4C87-8DB7-80297CE57D43}
[2012/04/11 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE623F98-DE60-479A-9B82-70F06740601D}
[2012/04/10 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28}
[2012/04/10 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1}
[2012/04/10 16:05:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 16:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4}
[2012/04/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37}
[2012/04/08 19:19:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C}
[2012/04/08 19:19:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7}
[2012/04/07 21:58:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115}
[2012/04/07 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2}
[2012/04/07 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\MigWiz
[2012/04/07 09:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/04/07 09:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/04/07 09:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/06 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF}
[2012/04/06 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F}
[2012/04/06 14:42:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\calibre
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/04/06 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\calibre
[2012/04/06 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\dds
[2012/04/05 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
[2012/04/05 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
[2012/04/05 20:51:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
[2012/04/05 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\anti virus progs
[2012/04/05 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
[2012/04/05 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\tony\Doctor Web
[2012/04/05 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012/04/05 11:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/04/04 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/04 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/04 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2012/04/04 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
[2012/04/04 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
[2012/04/03 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\FileTypeAssistant
[2012/04/03 20:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/04/03 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
[2012/04/03 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
[2012/04/03 18:31:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/03 18:27:06 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/04/03 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/04/03 17:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/04/03 14:07:27 | 000,000,000 | ---D | C] -- C:\Users\tony\DoctorWeb
[2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/04/03 13:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/04/02 15:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/02 15:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/04/02 14:51:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
[2012/04/02 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avast
[2012/04/02 12:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/04/01 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
[2012/04/01 20:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/04/01 20:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1
[2012/04/01 20:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medea International Ltd
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy CD & DVD Cover Creator
[2012/04/01 13:17:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
[2012/04/01 09:22:24 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 08:45:22 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
[2012/03/30 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21}
[2012/03/29 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254}
[2012/03/28 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/26 21:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 21:01:46 | 000,000,226 | ---- | M] () -- C:\Users\tony\Desktop\BT Yahoo!.url
[2012/04/26 20:49:59 | 000,624,451 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/26 20:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 15:34:45 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:34:45 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:31:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 15:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 15:20:51 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 12:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/26 11:30:45 | 096,299,657 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/25 22:10:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/25 22:09:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/25 20:22:31 | 000,001,167 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/25 20:22:31 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/25 19:44:33 | 004,107,024 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:28:14 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | M] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | M] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/25 11:44:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/25 11:44:24 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/25 11:44:24 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 10:49:02 | 000,348,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/25 00:03:33 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/04/25 00:03:32 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012/04/24 22:46:31 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | M] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/24 20:26:28 | 000,031,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wldlog.dll
[2012/04/24 11:30:39 | 000,286,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/22 18:57:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/22 11:38:28 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/22 11:38:28 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/22 11:38:28 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/04/22 11:38:28 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/04/22 11:38:28 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/04/22 10:23:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/18 13:57:10 | 000,000,222 | ---- | M] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/04/16 21:30:59 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/04/16 20:49:47 | 035,859,328 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\tony\Desktop\OriginSetup.exe
[2012/04/15 12:38:34 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/13 21:22:54 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 21:22:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 21:22:50 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/10 19:05:30 | 000,017,407 | ---- | M] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | M] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | M] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | M] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:04:08 | 000,150,880 | ---- | M] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | M] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 17:22:48 | 000,008,409 | ---- | M] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/02 14:58:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/02 13:14:05 | 000,001,256 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/26 21:01:46 | 000,000,226 | ---- | C] () -- C:\Users\tony\Desktop\BT Yahoo!.url
[2012/04/26 20:49:59 | 000,624,451 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/26 11:30:45 | 096,299,657 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/25 20:22:31 | 000,001,167 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/25 20:22:31 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/25 19:28:14 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | C] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | C] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/24 22:22:19 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | C] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/24 21:45:08 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/24 20:43:16 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/04/24 20:43:16 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/04/24 20:22:14 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/24 11:30:39 | 000,286,919 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/18 13:57:10 | 000,000,222 | ---- | C] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 16:21:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 16:21:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 16:21:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 16:21:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 16:21:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/15 12:38:33 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/10 19:05:30 | 000,017,407 | ---- | C] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | C] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | C] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:36:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/04/04 20:04:08 | 000,150,880 | ---- | C] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | C] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/03 17:22:48 | 000,008,409 | ---- | C] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/01 08:45:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/11 21:39:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 18:59:11 | 000,001,854 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml
[2011/07/15 12:25:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/07/15 12:25:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2011/07/15 12:25:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/07/15 12:25:23 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/07/07 18:40:34 | 000,145,704 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/14 19:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/02 17:23:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/02 17:23:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/18 12:59:49 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/06 10:11:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/20 13:31:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/23 18:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/09 18:03:08 | 001,957,672 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/09 18:03:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
< End of report >


----------



## obxtony (Aug 17, 2008)

OTL pOTL logfile created on: 26/04/2012 21:22:48 - Run 5
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.27 Gb Available Physical Memory | 54.95% Memory free
11.92 Gb Paging File | 8.76 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 978.52 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/17 09:04:02 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/15 10:37:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/04/12 15:39:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL (1).exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/03/21 02:52:28 | 000,211,256 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/29 21:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/12 10:40:12 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2010/08/12 10:40:12 | 000,309,128 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciControlHost.exe
PRC - [2010/08/12 10:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/26 15:25:56 | 000,115,137 | ---- | M] () -- C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/25 10:56:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012/04/25 10:56:21 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/04/25 10:55:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/04/25 10:55:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 10:55:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/04/25 10:55:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/04/25 10:55:18 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/04/25 10:55:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/04/25 00:18:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/04/25 00:17:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 00:17:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/04/25 00:09:08 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll
MOD - [2012/04/25 00:08:58 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll
MOD - [2012/04/25 00:08:55 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll
MOD - [2012/04/25 00:08:51 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll
MOD - [2012/04/25 00:08:49 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll
MOD - [2012/04/24 23:57:32 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/04/24 23:57:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/04/24 23:57:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/04/24 23:57:25 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/04/24 23:57:20 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/04/24 22:23:09 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/04/20 20:34:22 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/04/20 20:34:22 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/04/20 20:34:22 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/04/20 20:34:22 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/04/20 20:34:22 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/17 09:04:20 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/04/17 09:04:20 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.uk.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/15 12:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 10:23:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9:*64bit:* - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8BB1216-68BF-461B-AEAC-74DC30A29905}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/09 20:35:07 | 000,206,657 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 00:31:56 | 000,000,106 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 18:17:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{F481A6B3-385D-44C3-AD02-86D2F1D0B0AF}
[2012/04/25 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2012/04/25 20:22:49 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Yahoo!
[2012/04/25 20:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/25 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/04/25 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PC Cleaners
[2012/04/25 19:44:46 | 004,107,024 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PCPro
[2012/04/25 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/25 19:28:11 | 000,000,000 | ---D | C] -- C:\w
[2012/04/25 19:28:10 | 000,000,000 | ---D | C] -- C:\skins
[2012/04/25 19:28:09 | 000,000,000 | ---D | C] -- C:\e
[2012/04/25 19:28:01 | 000,000,000 | ---D | C] -- C:\Data
[2012/04/25 14:23:50 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\mbam
[2012/04/25 14:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/25 00:11:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/25 00:11:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/25 00:11:15 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/25 00:11:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/25 00:11:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/25 00:11:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/25 00:11:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/25 00:11:14 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/25 00:11:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/25 00:11:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/25 00:11:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/25 00:09:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/25 00:09:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/25 00:09:44 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/25 00:05:22 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/25 00:05:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/25 00:05:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 23:59:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/04/24 23:16:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/24 23:16:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/24 23:16:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/24 23:16:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/24 23:13:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/04/24 23:13:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/04/24 23:13:34 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/04/24 23:13:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/04/24 23:13:33 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/04/24 23:13:31 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/04/24 23:13:31 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/04/24 23:12:26 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/24 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\AVG Secure Search
[2012/04/24 22:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/04/24 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/04/24 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/04/24 22:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/24 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\IObit
[2012/04/24 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/04/24 20:26:28 | 000,031,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wldlog.dll
[2012/04/24 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{BD589828-AE04-4117-9D69-FF683D5260FF}
[2012/04/24 19:47:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/24 19:47:27 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/24 19:47:16 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/04/24 19:47:16 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/04/24 19:47:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/04/24 19:47:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/04/24 19:47:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/04/24 19:47:15 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/04/24 19:47:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/04/24 19:47:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/04/24 19:47:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/04/24 19:47:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/04/24 19:47:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/04/24 19:47:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/04/24 19:47:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dllart 1 2130 hrs 26/04/2012!!!!!


----------



## obxtony (Aug 17, 2008)

OTL ( the nevOTL logfile created on: 26/04/2012 21:22:48 - Run 5
OTL by OldTimer - Version 3.2.39.2  Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.27 Gb Available Physical Memory | 54.95% Memory free
11.92 Gb Paging File | 8.76 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 978.52 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 2.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/17 09:04:02 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/15 10:37:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/04/12 15:39:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL (1).exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/29 09:34:42 | 003,402,376 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/03/21 02:52:28 | 000,211,256 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/29 21:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/12 10:40:12 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2010/08/12 10:40:12 | 000,309,128 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciControlHost.exe
PRC - [2010/08/12 10:40:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/26 15:25:56 | 000,115,137 | ---- | M] () -- C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/25 10:56:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012/04/25 10:56:21 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/04/25 10:55:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/04/25 10:55:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 10:55:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/04/25 10:55:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/04/25 10:55:18 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/04/25 10:55:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/04/25 00:18:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/04/25 00:17:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 00:17:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/04/25 00:09:08 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll
MOD - [2012/04/25 00:08:58 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll
MOD - [2012/04/25 00:08:55 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll
MOD - [2012/04/25 00:08:51 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll
MOD - [2012/04/25 00:08:49 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll
MOD - [2012/04/24 23:57:32 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/04/24 23:57:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/04/24 23:57:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/04/24 23:57:25 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/04/24 23:57:20 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/04/24 22:23:09 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/04/20 20:34:22 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/04/20 20:34:22 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/04/20 20:34:22 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/04/20 20:34:22 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/04/20 20:34:22 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/29 09:34:08 | 018,604,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtWebKit4.dll
MOD - [2012/03/29 09:34:06 | 009,440,256 | ---- | M] () -- C:\Program Files (x86)\Origin\QtGui4.dll
MOD - [2012/03/29 09:34:06 | 003,564,544 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
MOD - [2012/03/29 09:34:06 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\Origin\QtNetwork4.dll
MOD - [2012/03/29 09:34:06 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Origin\QtXml4.dll
MOD - [2012/03/29 09:34:04 | 002,694,144 | ---- | M] () -- C:\Program Files (x86)\Origin\QtCore4.dll
MOD - [2012/03/29 09:34:02 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
MOD - [2012/03/29 09:34:00 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng4.dll
MOD - [2012/03/29 09:34:00 | 000,211,456 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
MOD - [2012/03/29 09:34:00 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico4.dll
MOD - [2012/03/29 09:34:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif4.dll
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/17 09:04:20 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/04/17 09:04:20 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.uk.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/15 12:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 10:23:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9:*64bit:* - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)er ending saga!!) Part 1


----------



## eddie5659 (Mar 19, 2001)

Okay, with regards to Spybot, was that run before or after the MBAM removed the other found files? If it was after, then remove them with Spybot.

Anything that has MyWebSearch can be removed.

It also seems to be finding things we removed a while ago:



> Located: HK_CU:Run, Advanced SystemCare 5
> where: .DEFAULT...
> command: "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
> file: C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
> ...


Many of the entries that it has found are legit, so do not remove them. These are okay to go:



> IncrediBar: [SBI $430C5658] User settings (Registry value, nothing done)
> HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\DisplayName=...MyStart Search...
> IncrediBar: [SBI $6FA574B7] User settings (Registry value, nothing done)
> HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\URL=...http://mystart.incredibar.com/*...
> ...


-

Also, the OTL log you've posted many times is the same one. At the top of the log is this:



> OTL ( the nevOTL logfile created on: 26/04/2012 21:22:48 - *Run 5*
> OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
> 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
> Internet Explorer (Version = 9.0.8112.16421)
> Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy


No problem though.

I can see a few things to help speed the startup, but I just want to make sure nothing is 'hiding', as we keep removing but they keep appearing:

Please download this application to the Desktop, then extract the zip file to the Desktop.

On the Desktop, open the folder called *Preformat*, then double-click on *Preformat.vbs* and follow the prompts.

When completed, copy/paste the contents of the Preformat.txt here.

I'm away for two weeks from tonight, but I'm letting other's know so someone else will reply whilst I'm away.

eddie


----------



## obxtony (Aug 17, 2008)

wont let me download eddie I dont have permission!! Just like the other one!!
Have a good hol!!


----------



## eddie5659 (Mar 19, 2001)

Getting ready as I type, plus on the phone at the same time 

Can you run this with the OTL that you have, as it will show me (or the other helper that replies) the same results 

Only one log will be produced 


Open OTL
Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## flavallee (May 12, 2002)

Tony:

Eddie is going to be gone for awhile, so he's asked me to help you with the slowness.

Do the following in the order that I'm listing them.

DON'T use the computer while the scans are in progress.

--------------------------------------------------------------

Click Start - Run, then type in

*%temp%*

and then click OK.

Once that temp folder appears and you can view its contents, select and delete EVERYTHING that's inside it.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

If a massive number of files are being deleted, the computer may appear to "hang". Be patient and wait for the deletion process to finish.

After it's done, restart the computer.

--------------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------------------

Start SUPERAntiSpyware.

Click "Check for Updates".

When the definition files have updated, click "Close".

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears in Notepad, then copy-and-paste it here.

---------------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

BIG Files again so 2 parts!!
Part 1

OTL logfile created on: 29/04/2012 18:59:13 - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.96 Gb Total Physical Memory | 3.43 Gb Available Physical Memory | 57.62% Memory free
11.92 Gb Paging File | 9.09 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 970.77 Gb Free Space | 70.11% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: TONY-PC | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/17 09:04:02 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/04/12 15:39:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Downloads\OTL (1).exe
PRC - [2012/04/08 11:27:14 | 005,158,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/03/21 02:52:28 | 000,211,256 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/29 21:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/03 15:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/26 15:25:56 | 000,115,137 | ---- | M] () -- C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/25 10:56:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012/04/25 10:56:21 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/04/25 10:55:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/04/25 10:55:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 10:55:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/04/25 10:55:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/04/25 10:55:18 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/04/25 10:55:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/04/25 00:18:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/04/25 00:17:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/04/25 00:17:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/04/25 00:09:08 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll
MOD - [2012/04/25 00:08:58 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll
MOD - [2012/04/25 00:08:55 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll
MOD - [2012/04/25 00:08:51 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll
MOD - [2012/04/25 00:08:49 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll
MOD - [2012/04/24 23:57:32 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/04/24 23:57:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/04/24 23:57:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/04/24 23:57:25 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/04/24 23:57:20 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/04/24 22:23:09 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/24 22:23:08 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/20 09:37:24 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt32.dll
MOD - [2009/12/01 21:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/25 22:10:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/24 22:23:09 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/17 09:04:02 | 000,976,696 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/08 11:27:14 | 005,158,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:*64bit:* - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:*64bit:* - [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:*64bit:* - [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:*64bit:* - [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:*64bit:* - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:*64bit:* - [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:*64bit:* - [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -- (CXCIR)
DRV:*64bit:* - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:*64bit:* - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:*64bit:* - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:*64bit:* - [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:*64bit:* - [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/17 09:04:20 | 000,297,008 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/04/17 09:04:20 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/07 20:10:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/07 20:24:33] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43 [binary data]

IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=ie9fr
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{131BA04D-6260-47F0-BA4F-4CA582791AB7}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{48D14A8B-A71C-4488-B15E-49830036293C}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=bt-odbrws
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{51061D72-4DFE-4C6B-9A93-F34109283856}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{5557B96A-97DB-4476-A00A-B97F00E0F23E}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{7F57E540-8C84-45AD-81BF-12F2AE8E300F}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{89EB5B56-0D3A-49CA-8EF5-D7BCCDB0539C}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...e551cc8f6&lang=en&ds=ts025&pr=sa&d=2012-04-24 22:23:10&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{A070AE4C-65B1-4FD1-AA92-AF5C2322F332}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{AB17062C-D0A9-42E0-88A0-D461B02D6142}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{B287D93A-B526-453B-8018-8C262111B9E8}: "URL" = http://uk.local.yahoo.com/search.ht...w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{D59BED57-A5AC-4E1A-A3D8-BEF9E071C1D1}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/27 09:46:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/27 09:46:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 22:23:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/07/21 14:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions
[2010/07/17 07:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/15 12:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 10:23:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:*64bit:* - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:*64bit:* - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe ()
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [SpybotDeletingA5511] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingC8546] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\RunOnce: [SpybotDeletingB5831] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt" File not found
O4 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000..\RunOnce: [SpybotDeletingD8655] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: New Value #1 = 
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1524944666-1662594902-3796366332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:*64bit:* - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8:*64bit:* - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download selected with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download video with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Free Download Manager - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A415D3-A49B-4310-B7F9-59487581C101}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8BB1216-68BF-461B-AEAC-74DC30A29905}: DhcpNameServer = 192.168.42.129
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

ActiveX:*64bit:* {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX:*64bit:* {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:*64bit:* {17BAF705-276F-4435-8DD3-79A6524618C0} - NoIE8Tour
ActiveX:*64bit:* {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:*64bit:* {232A3C55-5C94-4F1E-86BA-03EECB232502} - Yahoo! Search update
ActiveX:*64bit:* {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:*64bit:* {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:*64bit:* {4488F5F2-F989-4C6C-96B3-C5E8A9E4AF5F} - Yahoo! Toolbar
ActiveX:*64bit:* {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:*64bit:* {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:*64bit:* {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:*64bit:* {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:*64bit:* {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:*64bit:* {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:*64bit:* {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:*64bit:* {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:*64bit:* {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:*64bit:* {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:*64bit:* {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:*64bit:* {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX:*64bit:* {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:*64bit:* {D01C6715-DDEA-4D01-A09D-704426950B11} - Yahoo! Search Settings Update
ActiveX:*64bit:* {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:*64bit:* {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:*64bit:* {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:*64bit:* {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:*64bit:* >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:*64bit:* >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:*64bit:* >{B8F39CAB-4663-4506-9F6E-5E2D45E3714A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.


----------



## obxtony (Aug 17, 2008)

part 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 18:44:09 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3252A11C-224B-4A8D-BFD6-418053548E55}
[2012/04/28 20:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/27 22:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2012/04/27 22:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2012/04/27 22:19:54 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Oberon Media
[2012/04/27 22:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2012/04/27 22:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\GamesBar
[2012/04/27 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2012/04/27 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2012/04/27 09:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/26 18:17:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{F481A6B3-385D-44C3-AD02-86D2F1D0B0AF}
[2012/04/25 20:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/04/25 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PC Cleaners
[2012/04/25 19:44:46 | 004,107,024 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:44:46 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\PCPro
[2012/04/25 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/04/25 19:28:11 | 000,000,000 | ---D | C] -- C:\w
[2012/04/25 19:28:10 | 000,000,000 | ---D | C] -- C:\skins
[2012/04/25 19:28:09 | 000,000,000 | ---D | C] -- C:\e
[2012/04/25 19:28:01 | 000,000,000 | ---D | C] -- C:\Data
[2012/04/25 14:23:50 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\mbam
[2012/04/25 14:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/04/24 23:59:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/04/24 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\AVG Secure Search
[2012/04/24 22:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/04/24 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixCleaner
[2012/04/24 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/04/24 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/04/24 22:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/04/24 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\IObit
[2012/04/24 22:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/04/24 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{BD589828-AE04-4117-9D69-FF683D5260FF}
[2012/04/24 19:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/04/24 15:35:44 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AA7C9779-ADD3-45C2-B671-95E0FBECBD2D}
[2012/04/24 13:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/04/23 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{528E58D0-C36B-4A6F-B29F-CB303B6D12E9}
[2012/04/23 15:25:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{854E8797-43D3-4D07-AFBC-5E2D9FF8A4A2}
[2012/04/23 15:13:32 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{7A0C5E06-D08F-4B38-91C1-ECD1DD112EEB}
[2012/04/23 15:05:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6EC5DB70-5F8F-4164-BE84-5AFF2BBB9634}
[2012/04/23 15:05:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{66438BF7-2006-499B-8F09-B62CB9397661}
[2012/04/23 15:04:21 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D48E8083-2053-4A05-9467-B641C3552C5E}
[2012/04/23 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE504197-2ECF-4932-A5E5-D2D029F37073}
[2012/04/23 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A95CAA33-CB33-4894-A1B5-7E36171821CE}
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/22 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/22 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\F7
[2012/04/22 13:27:20 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{18F44574-F541-4DDA-B5F1-0EBB57DA14E3}
[2012/04/22 13:26:59 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{11AAA05F-4BCA-46F0-ADC6-4DB959308822}
[2012/04/22 11:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 20:10:02 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\HanPurple
[2012/04/19 21:06:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/19 20:47:31 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/04/19 19:56:55 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{063A5750-D12C-4B73-AF1A-26FC58706C2A}
[2012/04/19 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{1EE05C67-83EE-44A2-BE92-8BAC5A8AC9E0}
[2012/04/19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/17 22:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/17 17:54:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/17 17:43:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 16:21:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 16:21:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 16:21:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/16 20:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/16 20:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/16 20:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/04/15 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212}
[2012/04/15 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3B990DC9-EA51-4864-B87C-6377D261C81F}
[2012/04/15 12:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/04/15 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/04/14 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D0C320BA-AF65-47CD-AC17-D3EEE86B441C}
[2012/04/14 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AC38A120-D29E-485F-97B1-67C9565F99A6}
[2012/04/14 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/04/14 12:43:26 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\Wajam
[2012/04/14 12:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/04/13 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{FE2575D4-938B-463C-BF48-D19364A6D836}
[2012/04/13 23:06:35 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8A4A0784-0F59-418C-8478-2D275E9C6465}
[2012/04/13 21:50:26 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\BFBC2
[2012/04/12 15:46:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/11 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{09197206-9038-4C87-8DB7-80297CE57D43}
[2012/04/11 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE623F98-DE60-479A-9B82-70F06740601D}
[2012/04/10 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28}
[2012/04/10 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1}
[2012/04/10 16:05:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 16:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4}
[2012/04/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37}
[2012/04/08 19:19:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C}
[2012/04/08 19:19:08 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7}
[2012/04/07 21:58:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115}
[2012/04/07 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2}
[2012/04/07 19:26:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\MigWiz
[2012/04/07 09:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/04/07 09:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/04/07 09:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/07 09:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/06 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF}
[2012/04/06 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F}
[2012/04/06 14:42:45 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\calibre
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/04/06 14:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/04/06 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\calibre
[2012/04/06 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\tony\Documents\dds
[2012/04/05 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7}
[2012/04/05 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538}
[2012/04/05 20:51:23 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB}
[2012/04/05 20:50:09 | 000,000,000 | ---D | C] -- C:\Users\tony\Desktop\anti virus progs
[2012/04/05 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684}
[2012/04/05 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\tony\Doctor Web
[2012/04/05 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012/04/05 11:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/05 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/04/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/04 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2012/04/04 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010}
[2012/04/04 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443}
[2012/04/03 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\FileTypeAssistant
[2012/04/03 20:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/04/03 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9}
[2012/04/03 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4}
[2012/04/03 18:31:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/03 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/04/03 17:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/04/03 14:07:27 | 000,000,000 | ---D | C] -- C:\Users\tony\DoctorWeb
[2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/04/03 13:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/04/02 15:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/02 15:34:16 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/04/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/02 14:51:43 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB}
[2012/04/02 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avast
[2012/04/02 12:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/04/01 21:30:41 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992}
[2012/04/01 20:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/04/01 20:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1
[2012/04/01 20:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medea International Ltd
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator
[2012/04/01 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy CD & DVD Cover Creator
[2012/04/01 13:17:12 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B}
[2012/03/31 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/29 18:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 18:30:22 | 000,000,158 | ---- | M] () -- C:\Windows\wininit.ini
[2012/04/29 18:25:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 18:25:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 18:23:27 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/29 18:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/29 18:10:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 18:09:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 18:08:46 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 12:26:12 | 096,579,315 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/28 20:53:05 | 000,001,167 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/28 20:53:05 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/28 14:43:12 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/28 11:30:58 | 000,287,051 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/27 15:30:55 | 000,624,914 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/27 14:13:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/27 14:13:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/27 14:13:06 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/26 21:46:47 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 21:46:47 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 21:46:47 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 21:01:46 | 000,000,226 | ---- | M] () -- C:\Users\tony\Desktop\BT Yahoo!.url
[2012/04/25 22:10:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/25 19:44:33 | 004,107,024 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/04/25 19:28:14 | 000,000,166 | ---- | M] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | M] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | M] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | M] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | M] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | M] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | M] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/25 10:49:02 | 000,348,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/24 22:46:31 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | M] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/22 18:57:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/22 10:23:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/04/18 13:57:10 | 000,000,222 | ---- | M] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 09:04:20 | 000,101,360 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/04/16 21:30:59 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/04/15 12:38:34 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/10 19:05:30 | 000,017,407 | ---- | M] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | M] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | M] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | M] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:04:08 | 000,150,880 | ---- | M] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | M] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 17:22:48 | 000,008,409 | ---- | M] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/02 14:58:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/02 13:14:05 | 000,001,256 | ---- | M] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/29 12:26:12 | 096,579,315 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/28 20:53:05 | 000,001,167 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/28 20:53:05 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/28 20:40:40 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/28 11:30:58 | 000,287,051 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/27 15:30:55 | 000,624,914 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/26 21:01:46 | 000,000,226 | ---- | C] () -- C:\Users\tony\Desktop\BT Yahoo!.url
[2012/04/25 19:28:14 | 000,000,166 | ---- | C] () -- C:\bmfol_1_s0.gif
[2012/04/25 19:28:13 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2012/04/25 19:28:13 | 000,000,370 | ---- | C] () -- C:\bmrc_1.gif
[2012/04/25 19:28:13 | 000,000,367 | ---- | C] () -- C:\bmfav_1.gif
[2012/04/25 19:28:13 | 000,000,355 | ---- | C] () -- C:\bmpref_1.gif
[2012/04/25 19:28:13 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2012/04/25 19:28:13 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2012/04/25 19:28:13 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2012/04/25 19:28:13 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2012/04/25 19:28:13 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2012/04/25 19:28:13 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2012/04/25 19:28:13 | 000,000,235 | ---- | C] () -- C:\bmsearch_1.gif
[2012/04/25 19:28:13 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2012/04/25 19:28:13 | 000,000,103 | ---- | C] () -- C:\del_1.gif
[2012/04/25 19:28:12 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2012/04/25 19:28:12 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2012/04/25 19:28:12 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2012/04/25 19:28:12 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2012/04/25 19:28:12 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2012/04/25 19:28:12 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2012/04/25 19:28:12 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2012/04/25 19:28:12 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2012/04/25 19:28:12 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2012/04/25 19:28:10 | 000,000,634 | ---- | C] () -- C:\22x22-amazon.png
[2012/04/25 14:02:34 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/04/24 22:22:19 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/04/24 22:21:56 | 000,002,465 | ---- | C] () -- C:\Users\Public\Desktop\FixCleaner.lnk
[2012/04/24 21:45:08 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFortony.job
[2012/04/18 13:57:10 | 000,000,222 | ---- | C] () -- C:\Users\tony\Desktop\Men of War Condemned Heroes.url
[2012/04/17 16:21:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 16:21:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 16:21:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 16:21:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 16:21:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/15 12:38:33 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/04/15 09:47:59 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/10 19:05:30 | 000,017,407 | ---- | C] () -- C:\Users\tony\AppData\Local\dt.dat
[2012/04/09 19:12:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 09:12:31 | 000,001,288 | ---- | C] () -- C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/07 09:12:31 | 000,001,264 | ---- | C] () -- C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk
[2012/04/06 14:42:36 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/04/04 20:39:39 | 000,000,691 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GetValue.vbs
[2012/04/04 20:39:39 | 000,000,035 | ---- | C] () -- C:\Users\tony\AppData\Roaming\SetValue.bat
[2012/04/04 20:36:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/04/04 20:04:08 | 000,150,880 | ---- | C] () -- C:\Users\tony\AppData\Local\ars.cache
[2012/04/04 18:56:35 | 000,000,036 | ---- | C] () -- C:\Users\tony\AppData\Local\housecall.guid.cache
[2012/04/03 17:22:48 | 000,008,409 | ---- | C] () -- C:\Users\tony\ia_remove.sh
[2012/04/02 15:59:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/04/02 15:34:48 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/02 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/01 08:45:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/11 21:39:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 18:59:11 | 000,001,854 | ---- | C] () -- C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml
[2011/07/15 12:25:23 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/07/15 12:25:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2011/07/15 12:25:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/07/15 12:25:23 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/07/07 18:40:34 | 000,145,704 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/14 19:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/02 17:23:54 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/02 17:23:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/18 12:59:49 | 000,000,158 | ---- | C] () -- C:\Windows\wininit.ini
[2010/09/06 10:11:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/20 13:31:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/23 18:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/09 18:03:08 | 001,957,672 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/09 18:03:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== LOP Check ==========

[2011/03/07 21:28:39 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\acccore
[2012/03/03 14:42:12 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\AVG
[2012/04/14 21:09:22 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\AVG2012
[2012/04/24 22:39:31 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Azureus
[2012/04/06 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\calibre
[2010/03/26 00:08:27 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/29 11:38:23 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\DriverCure
[2012/04/28 14:19:16 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\FixCleaner
[2012/04/10 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Free Download Manager
[2010/06/16 06:45:46 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\GetRightToGo
[2012/03/12 22:00:53 | 000,000,000 | -H-D | M] -- C:\Users\tony\AppData\Roaming\ijjigame
[2012/04/25 11:25:13 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\IObit
[2010/03/26 21:12:17 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Leadertech
[2011/07/30 21:06:58 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Lexmark Productivity Studio
[2010/07/04 22:15:13 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\NeoSoftTools
[2012/04/27 22:19:54 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Oberon Media
[2012/03/03 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Origin
[2012/04/10 15:10:08 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Paltalk
[2012/04/25 19:44:56 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\PC Cleaners
[2012/04/25 19:44:57 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\PCPro
[2010/10/17 18:31:03 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Raptr
[2011/09/02 19:54:18 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\RegistryKeys
[2012/02/03 21:43:41 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Samsung
[2011/09/04 13:50:08 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Shareaza
[2012/02/03 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Simply Super Software
[2010/04/07 14:12:37 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Systweak
[2010/04/27 18:40:01 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Template
[2010/03/21 21:24:38 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\The Creative Assembly
[2012/02/03 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Trusteer
[2012/02/14 18:20:02 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\TS3Client
[2011/11/29 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\ts3overlay
[2010/09/15 18:03:55 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\W
[2010/12/23 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\wargaming.net
[2012/03/15 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\WildTangent
[2010/03/20 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\WinBatch
[2012/03/10 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Windows Live Writer
[2011/04/12 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\X5400 Series
[2010/03/25 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\_MDLogs
[2010/07/11 18:28:39 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\Chameleon Monitor-startup-tony.job
[2012/04/28 14:43:12 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Scan.job
[2011/06/30 10:33:04 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/03/19 12:15:36 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/04/02 15:34:16 | 000,000,000 | -H-D | M] -- C:\$AVG
[2012/04/17 17:54:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/02/03 21:40:24 | 000,000,000 | ---D | M] -- C:\AMD
[2012/02/03 21:40:25 | 000,000,000 | ---D | M] -- C:\ATI
[2012/04/17 18:03:08 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/04/28 20:52:42 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012/04/25 19:28:01 | 000,000,000 | ---D | M] -- C:\Data
[2012/04/07 09:36:51 | 000,000,000 | ---D | M] -- C:\desktop
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/04/26 21:39:13 | 000,000,000 | ---D | M] -- C:\Downloads
[2012/04/25 19:28:13 | 000,000,000 | ---D | M] -- C:\e
[2010/07/14 17:45:00 | 000,000,000 | ---D | M] -- C:\found.000
[2012/02/03 21:40:27 | 000,000,000 | ---D | M] -- C:\found.001
[2012/03/23 21:37:28 | 000,000,000 | ---D | M] -- C:\Games
[2010/12/05 20:43:46 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2012/02/03 21:40:29 | 000,000,000 | ---D | M] -- C:\hp
[2012/04/13 22:29:04 | 000,000,000 | ---D | M] -- C:\ijji
[2012/02/03 21:40:29 | 000,000,000 | ---D | M] -- C:\lexmark
[2010/03/18 23:44:12 | 000,000,000 | ---D | M] -- C:\logs
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/04/26 18:05:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/04/29 18:30:22 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/04/27 22:19:59 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/04/17 18:03:08 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/04/25 19:28:11 | 000,000,000 | ---D | M] -- C:\skins
[2010/12/27 20:05:43 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/04/29 19:02:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/02/03 21:42:20 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2012/01/03 21:34:58 | 000,000,000 | ---D | M] -- C:\Temp
[2012/02/03 21:42:26 | 000,000,000 | R--D | M] -- C:\Users
[2012/04/25 19:28:11 | 000,000,000 | ---D | M] -- C:\w
[2012/04/28 20:37:14 | 000,000,000 | ---D | M] -- C:\Windows
[2012/04/12 15:46:11 | 000,000,000 | ---D | M] -- C:\_OTL
[2012/04/19 21:06:56 | 000,000,000 | ---D | M] -- C:\_OTM
[2012/04/19 20:47:31 | 000,000,000 | ---D | M] -- C:\_OTS

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\system32\tasks\*.* /64 >
[2012/04/13 21:22:55 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
[2011/07/14 20:20:36 | 000,003,090 | ---- | M] () -- C:\Windows\SysNative\tasks\ASC4_PerformanceMonitor
[2010/07/04 22:15:03 | 000,002,996 | ---- | M] () -- C:\Windows\SysNative\tasks\Chameleon Monitor-startup-tony
[2010/07/04 22:15:04 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\tasks\Chameleon Monitor-tony
[2010/07/04 22:15:02 | 000,002,912 | ---- | M] () -- C:\Windows\SysNative\tasks\Chameleon Startup Manager-tony
[2010/03/20 21:22:56 | 000,003,200 | ---- | M] () -- C:\Windows\SysNative\tasks\CLMLSvc
[2010/03/24 17:51:18 | 000,003,532 | ---- | M] () -- C:\Windows\SysNative\tasks\CreateChoiceProcessTask
[2010/01/07 21:24:33 | 000,003,164 | ---- | M] () -- C:\Windows\SysNative\tasks\DVDAgent
[2012/04/28 14:21:32 | 000,003,186 | ---- | M] () -- C:\Windows\SysNative\tasks\FixCleaner Scan
[2012/03/27 15:26:58 | 000,003,642 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/03/27 15:26:58 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2012/04/24 21:45:10 | 000,003,180 | ---- | M] () -- C:\Windows\SysNative\tasks\HPCeeScheduleFortony
[2011/08/22 14:33:13 | 000,003,622 | ---- | M] () -- C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart Plus B210 series
[2010/01/07 21:14:56 | 000,003,184 | ---- | M] () -- C:\Windows\SysNative\tasks\HPOSIAPP64
[2011/06/11 19:14:53 | 000,003,040 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_IPoint_exe
[2011/11/01 17:10:06 | 000,003,050 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_IType_exe
[2010/03/26 20:17:37 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_rundll32_exe
[2010/03/19 07:14:17 | 000,004,988 | ---- | M] () -- C:\Windows\SysNative\tasks\PCDRScheduledMaintenance
[2012/04/03 20:42:07 | 000,003,908 | ---- | M] () -- C:\Windows\SysNative\tasks\ProgramUpdateCheck
[2012/04/09 10:52:25 | 000,003,094 | ---- | M] () -- C:\Windows\SysNative\tasks\RealCreateProcessScheduledTask12917569S-1-5-21-1524944666-1662594902-3796366332-1000
[2012/04/29 18:12:26 | 000,003,200 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-1524944666-1662594902-3796366332-1000
[2012/04/29 18:12:23 | 000,003,336 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-1524944666-1662594902-3796366332-1000
[2010/05/18 20:15:53 | 000,003,814 | ---- | M] () -- C:\Windows\SysNative\tasks\Scheduled Update for Ask Toolbar
[2012/04/02 15:35:31 | 000,003,230 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute
[2012/04/29 18:29:19 | 000,003,918 | ---- | M] () -- C:\Windows\SysNative\tasks\User_Feed_Synchronization-{467D1212-BAEA-405D-BB17-0098DDA80A30}
[2010/07/21 23:15:03 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{028FC33F-35E5-4128-AD5D-ED1280775A92}
[2010/07/21 23:15:08 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{04EF6F07-8E9E-4EE2-826C-B4E8B51B509A}
[2010/03/19 22:31:21 | 000,003,276 | ---- | M] () -- C:\Windows\SysNative\tasks\{05B77FA7-3A49-41D8-A6C7-1FFF87CAF0C9}
[2010/07/21 23:16:34 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{19BEBA23-BC13-4CB3-8BF6-8D95ABBB824C}
[2010/07/21 15:28:24 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{1AD2BC8A-1982-4BAC-8D1F-84838E226879}
[2010/08/03 19:47:28 | 000,003,024 | ---- | M] () -- C:\Windows\SysNative\tasks\{2FE97F43-9BFC-40F5-9D6B-CE147AA99306}
[2012/04/14 16:23:54 | 000,002,938 | ---- | M] () -- C:\Windows\SysNative\tasks\{3B7B1DB9-F511-476F-B37A-7549798D2D97}
[2010/08/23 19:53:22 | 000,003,024 | ---- | M] () -- C:\Windows\SysNative\tasks\{4666B8B9-FB55-4594-BC23-A7771E57240C}
[2010/07/21 20:42:25 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{477BD706-0C88-4C4A-B950-E8E75B59E9D7}
[2010/07/20 07:01:09 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{4C80F8D5-869C-4D63-A0DA-017DCDCCB7E2}
[2010/03/29 12:00:26 | 000,003,112 | ---- | M] () -- C:\Windows\SysNative\tasks\{536CADA4-CB3F-41AA-B63D-0CB423F188C8}
[2010/03/31 21:13:29 | 000,002,938 | ---- | M] () -- C:\Windows\SysNative\tasks\{57A16FDB-C18D-47B3-A1BE-85663ED9CCBB}
[2010/08/03 19:47:17 | 000,003,024 | ---- | M] () -- C:\Windows\SysNative\tasks\{620B3D2D-9A01-4EFB-9E13-6BEA30EDCA17}
[2010/12/02 20:30:06 | 000,003,156 | ---- | M] () -- C:\Windows\SysNative\tasks\{697CAD27-7BCA-4F72-B74B-A7A90B36B4AF}
[2010/07/19 18:38:33 | 000,003,034 | ---- | M] () -- C:\Windows\SysNative\tasks\{73307D13-AD82-4418-9425-C87926593197}
[2012/04/14 16:22:09 | 000,002,938 | ---- | M] () -- C:\Windows\SysNative\tasks\{76DFA803-E4DB-4AB6-B062-41E89A779061}
[2011/03/08 20:24:27 | 000,002,878 | ---- | M] () -- C:\Windows\SysNative\tasks\{89E79D6E-CFFB-44F6-92CC-DBD4BBED1301}
[2010/07/20 07:00:55 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{91F92752-7063-4015-99F3-F1E6592C86E4}
[2010/10/16 21:49:40 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{B61C7AE6-79D7-48BF-B33C-B1024B0EF419}
[2010/07/21 15:29:12 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{B98F61CD-9B27-4F55-9333-82D89B557C29}
[2010/07/26 19:56:07 | 000,003,030 | ---- | M] () -- C:\Windows\SysNative\tasks\{CF4E0A2C-C454-4EF2-A7CB-180B27D6E376}
[2010/10/16 21:50:41 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{D81B4492-7141-4FB6-88C4-F2517A02E6B3}
[2010/10/16 21:51:14 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{D9BE3E93-D1CA-429A-9BB6-D01B367D6990}
[2012/04/24 21:28:31 | 000,003,260 | ---- | M] () -- C:\Windows\SysNative\tasks\{DC5C2363-AE1A-4A2F-8D87-828C37DDB0F9}
[2010/07/21 13:52:43 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{ECE4827D-6766-47D8-9A19-EB2FDA03B2EB}
[2010/09/11 10:04:07 | 000,003,028 | ---- | M] () -- C:\Windows\SysNative\tasks\{F6740354-501B-4206-884B-A898C7BAF9AD}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\SoftwareDistribution\Download\4c9630d89e2dfab14045d5686ead983a\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: TONY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media 
Volume 1 SYSTEM NTFS Partition 100 MB Healthy System 
Volume 2 C HP NTFS Partition 1384 GB Healthy Boot 
Volume 3 D FACTORY_IMA NTFS Partition 12 GB Healthy 
Volume 4 H Removable 0 B No Media 
Volume 5 I Removable 0 B No Media 
Volume 6 J Removable 0 B No Media 
Volume 7 K Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >


----------



## obxtony (Aug 17, 2008)

oops sorry was I not supposed to do this?
ok
Ill do the bits you have said
and thank you!


----------



## obxtony (Aug 17, 2008)

oops!! Did a FULL MWB scan (sorry) I had done one previously and deleted the infections. here is the last file

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.29.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-PC [administrator]
29/04/2012 19:32:55
mbam-log-2012-04-29 (19-32-55).txt
Scan type: Full scan
Scan options enabled: Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | P2P
Objects scanned: 513428
Time elapsed: 1 hour(s), 25 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## obxtony (Aug 17, 2008)

per anti Spy log!!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/29/2012 at 09:22 PM
Application Version : 5.0.1148
Core Rules Database Version : 8528
Trace Rules Database Version: 6340
Scan type : Quick Scan
Total Scan Time : 00:04:46
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 645
Memory threats detected : 0
Registry items scanned : 55122
Registry threats detected : 0
File items scanned : 19253
File threats detected : 53
Adware.Tracking Cookie
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\IH8G18I1.txt [ /account.live.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\0EZA2OBN.txt [ /advertising.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\7RLFR85J.txt [ /h.atdmt.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\DHZOPP6K.txt [ /c1.atdmt.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\LSMNJXD2.txt [ /media6degrees.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\C10OY13X.txt [ /microsoftwllivemkt.112.2o7.net ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\ZWVN03FO.txt [ /ad2.adfarm1.adition.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\9YDLCRSP.txt [ /invitemedia.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\UT4DCRXG.txt [ /kontera.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\RSV83P7X.txt [ /www.googleadservices.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\AKRLVO3G.txt [ /247realmedia.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\ADA6N8O5.txt [ /questionmarket.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\69UMOSAN.txt [ /atdmt.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\J57FWDVM.txt [ /ad.yieldmanager.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\D99NAE1V.txt [ /c.atdmt.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\55XJTGXA.txt [ /eaeacom.112.2o7.net ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\5HZ6B8MC.txt [ /doubleclick.net ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\0LABOYW4.txt [ /revsci.net ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\OUVT5M4Y.txt [ /specificclick.net ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\VX0KIBME.txt [ /legolas-media.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\AKLDBWFT.txt [ /virginmedia.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\RC9EATFP.txt [ /fr.sitestat.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\QL98Y01L.txt [ /imrworldwide.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\XUJARQ0I.txt [ /adfarm1.adition.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\JJ61R7TW.txt [ /serving-sys.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\2WL2YBI2.txt [ /fr.sitestat.com ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\58QSW6ID.txt [ /adtech.de ]
C:\Users\tony\AppData\Roaming\Microsoft\Windows\Cookies\9FHK20FW.txt [ /bs.serving-sys.com ]
C:\USERS\TONY\Cookies\IH8G18I1.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\0EZA2OBN.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\7RLFR85J.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\DHZOPP6K.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\LSMNJXD2.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\C10OY13X.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\ZWVN03FO.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\9YDLCRSP.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\AKRLVO3G.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\69UMOSAN.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\J57FWDVM.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\D99NAE1V.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\55XJTGXA.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\5HZ6B8MC.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\0LABOYW4.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\OUVT5M4Y.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\VX0KIBME.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\AKLDBWFT.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\RC9EATFP.txt [ Cookie:[email protected]/eurosport/yahoouk/ ]
C:\USERS\TONY\Cookies\QL98Y01L.txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\TONY\Cookies\XUJARQ0I.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\JJ61R7TW.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\2WL2YBI2.txt [ Cookie:[email protected]/eurosport/ ]
C:\USERS\TONY\Cookies\58QSW6ID.txt [ Cookie:[email protected]/ ]
C:\USERS\TONY\Cookies\9FHK20FW.txt [ Cookie:[email protected]/ ]


----------



## obxtony (Aug 17, 2008)

Is this right for Hijack this??
seems a bit small!!
Ah ok got !!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:44:28, on 29/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=ie9fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe /startup
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - 
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - 
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Windows Live Family Safety Service (fsssvc) - Unknown owner - (no file)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 18589 bytes


----------



## obxtony (Aug 17, 2008)

I HOPE this is all ok??
I am in need of my meds now I am afraid, please forgive my absence.
Hopefully we are on the right track??
Oh btw
Istill can't get msn messenger nor yahoo messenger to work correctly
windows messenger says I have some.dll files missing and Yahoo just will not run in direct mode as it useed to do before!
Wonder how much a new pc costs lol
thank you so VERY VERY much for your assistance.
Tony


----------



## flavallee (May 12, 2002)

Did you complete the first part of my instructions in page #9 - post #128 which concerns the removal of temp files?

----------------------------------------------------------

Do the following so I can get a better idea of what's currently installed in your computer and what needs to be uninstalled.

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button. 

Save the "uninstall_list.txt" file somewhere. 

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here. 

-----------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

Hijack list here, darn it I just dont seem to be able to get anything right, I am so sorry if I keep messing up.

A.V.A
ABBYY FineReader 6.0 Sprint
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Reader 9.5.1
Amazon Kindle
Anti-phishing Domain Advisor
Apple Application Support
Application Profiles
AVG PC Tuneup
AVG Security Toolbar
AVS DVD Copy version 4.1.1
AVS Image Converter 1.3.1.136
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Bing Bar
BT Broadband Desktop Help
BTHomeHub
calibre
CameraHelperMsi
Catalyst Control Center - Branding
Compatibility Pack for the 2007 Office system
Cross Fire En
CyberLink DVD Suite Deluxe
CyberLink DVD Suite Deluxe
D3DX10
Disketch CD Label Software
Download Manager 2.3.10
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
DVD Menu Pack for HP MediaSmart Video
Easy CD and DVD Cover Creator 4.13
erLT
ESET Online Scanner v3
ESN Sonar
Express Burn Disc Burning Software
exPressit SE
File Type Assistant
FixCleaner
Free Download Manager 3.0
GamesBar 2.0.1.82
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToAssist Corporate
Hardware Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart DVD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart Music/Photo/Video
HP Photo Creations
HP Photosmart Plus B210 series Help
HP Product Detection
HP Remote Solution
HP Remote Solution
HP Setup
HP Update
HPDiagnosticAlert
HydraVision
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
JoneSoft MD5Mate v1.1.0
Junk Mail filter update
LabelPrint
LabelPrint
LightScribe System Software
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Desktop
Malwarebytes Anti-Malware version 1.61.0.1400
Men of War (Remove Only)
Men of War: Assault Squad
Men of War: Condemned Heroes
Men of War: Vietnam
Mesh Runtime
Messenger Companion
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NoteWorthy Composer 2 Viewer
NVIDIA PhysX
OpenAL
Origin
PowerDirector
PowerDirector
PunkBuster Services
QuickTime
Rapport
Rapport
REACTOR
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Revo Uninstaller 1.92
RunAlyzer
Samsung Kies
Samsung Kies
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Silent Hunter 4 Wolves of the Pacific
Silent Hunter III
Skype Click to Call
Skype™ 5.8
SkyPlayer for Windows Media Center
Spybot - Search & Destroy
Steam
System Requirements Lab
The Lord of the Rings FREE Trial 
TVUPlayer 2.5.2.2
Update 1.11.3.1 for "Men of War"
Update 1.17.5.1 for "Men of War"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver


----------



## obxtony (Aug 17, 2008)

Oh ..I did indeed do the %temp% thing and removed all that I could, very few left that would not allow me to uninstall.
That ok??


----------



## flavallee (May 12, 2002)

obxtony said:


> Oh ..I did indeed do the %temp% thing and removed all that I could, very few left that would not allow me to uninstall.
> That ok??


Yes, that's fine.

A few files will usually resist being deleted.

---------------------------------------------------------


----------



## flavallee (May 12, 2002)

Go to Control Panel - Programs And Features.

Uninstall these programs and extras:

*Acrobat.com

Adobe AIR

AVG PC Tuneup

AVG Security Toolbar

Bing Bar* (unless you actually need and use it)

*FixCleaner

Free Downloads Manager 3.0

GamesBar 2.0.1.82

Google Toolbar* (unless you actually need and use it)

*Google Update Helper

HP Advisor

HP Customer Experience Enhancements

HP Update

Spybot - Search & Destroy

System Requirements Lab*

If you're prompted to restart the computer to complete the uninstall of any of them, do so.

After you're completely done, restart the computer again.

---------------------------------------------------


----------



## obxtony (Aug 17, 2008)

all done!


----------



## obxtony (Aug 17, 2008)

any ideas about the missing .dll files?


----------



## flavallee (May 12, 2002)

obxtony said:


> any ideas about the missing .dll files?


I don't know anything about missing DLL files. It must be something that you and Eddie are dealing with.

Start HiJackThis and click "Do a system scan and save a log file", then save the new log that appears, then copy-and-paste it here.

------------------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:25:40, on 30/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=ie9fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ÿþ1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Chameleon System Monitor] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - 
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - 
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bandoo Coordinator - Unknown owner - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Windows Live Family Safety Service (fsssvc) - Unknown owner - (no file)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15839 bytes


----------



## obxtony (Aug 17, 2008)

hope thats opk??
Sorry btw thought eddie might havepassed on I cant get into msn(windows essentials) because it keeps telling me I have missing WLDLG.dll file
same with some other progs
sorry I expect you have more than enough to worry abnout than this.


----------



## flavallee (May 12, 2002)

Click Start - Run, then type in *MSCONFIG* and then click OK - "Startup" tab.

Write down only the names in the "Startup Item" that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list, and make sure to spell them EXACTLY as you see them there.

----------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

DAMN!! Sorry but almost finished and windows Collapsed and now have to start again


----------



## obxtony (Aug 17, 2008)

ok
Hope you just want the NAMES in the first column??
wish I could copy paste !!
Need to eat right now bb soon


----------



## obxtony (Aug 17, 2008)

here is the list!!

1....Microsoft Intellipoint
2....Microsoft Intellitype Pro
3....HP Media Smart Smart Menu
4....Hardware Diagnostic tools Localizer
5....Kies TrayAgent
6....btbb_McciTrayapp
7....Kies PDLR
8....Kies
9....Origin
10...Chameleon System Monitor
11...Steam
12...hpsysdrvApplication
13...BATINDICATOR
14...LaunchHPOSIAPP
15...IAStorIcon
16...AVG Internet Security
17...Adobe Acrobat
18...Adobe Read and Acrobat Manager
19...Microsoft(r)Windows(r)Operating System
20...Java(TM)Platform SE Auto Updater 2.0
21...Anti Phishing Domain Advisor
22...ITunes
23...HP Remote Solution

sorry I didnt know if you wanted all the locations?
Kept getting timed out when I tried before!!
If that IS what you need then I shall copy to notepad may take mesome time though !!
Tony


----------



## flavallee (May 12, 2002)

You can uncheck these entries in the "Startup Item" column:

*Steam

Adobe Acrobat

Adobe Reader and Acrobat Manager

Java(TM) Platform SE Auto Updater 2 0

iTunesHelper*

After you're done, click Apply - OK/Close - Restart.

-------------------------------------------------------

This thread has become a marathon and is in its 10th page, and you're still having issues with that computer.

To be honest with you, doing a clean reinstall of Windows and getting a fresh start may be your best option.

-------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

I agree but where do I get the WIN7 from?
is that in the rescue disc?


----------



## obxtony (Aug 17, 2008)

OK I found the disc marked Repair disc win7 64 bit
Im going to reformat with that 
(I think) !!


----------



## obxtony (Aug 17, 2008)

Hi Flavalee and Eddie.
I think you are indeed right this pc has HADIT!! I am therefore going to reformat and start again. I will leave a note here when all is well again!! I HOPE!!
tc and many thanks foer both of your endevours.
Tony


----------



## flavallee (May 12, 2002)

And make sure your grandson keeps his hands off of it from now on. 

----------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

Hi again!!
Well after many attempts to recover my hard drive I had finaly to give in. I Bought a new one. Used the recovery discs and finally reloaded everything!! No one had to help me either lol !
I just want to thank you both so much for your efforts in helping me, it took a lot of your time and probably most of your patience also!
I took the hard drive down to my local College just to se if it could be rescued and was told that it appeared that some of the disc was totally unreadable so Igave up then!!
Again thank you so very much and especially for keeping at it even after all my blunders!
Yours Aye
Tony Cahill

May I just add as a post script? 
When I bought the new disc I also bought the win7 pro edition to upgrade from my home edition.
It just would not accept it and kept coming up with incorrect key.
Looked on the net and also asked Microsoft ( still waiting for an answer from them!) and it appeared that this was quite a common issue, however, no one seemed able to give a good solution.
Anyway to cut a long story short, I kept trying the same number maybe 5 or 6 times, rebooting after each one, after the last reboot I looked at the start page and there was win7 pro!!
Weird or what?
Tony


----------



## flavallee (May 12, 2002)

Glad to hear your computer is up-and-running again. :up:

The refurbished *Dell OptiPlex 755 Mini Tower* desktop that I order from www.newegg.com arrived yesterday, so I spent most of the day getting it up-to-date and tweaked and with more RAM. It's the new "speedster" of my desktops. 

------------------------------------------------------------


----------



## obxtony (Aug 17, 2008)

Must have money then !!!
Enjoy, Ill send my nephew over he will fix it up proper for you !!!
Thanks again !


----------



## eddie5659 (Mar 19, 2001)

Hi

Back from my holiday 

Sorry to hear that after all we did, it still wouldn't work 

I must admit, we did remove loads of stuff, so it was infected a lot, so something may have become screwey in the background 

eddie


----------



## obxtony (Aug 17, 2008)

Thanks for your help anyway Eddie, I trust you had a good holliday.
I shall be back on the BF3 anytime soon!! so keep an eye out for me?
Oh did you add me?
Tony


----------



## eddie5659 (Mar 19, 2001)

I did, thanks Tony, it was a great time 

I think I added you, let me check....

I don't think it will show until you accept me as a friend, but just in case its not there, add me when you're up and running:

kronenbourg73

I'll mark this thread as Solved, as it is in a way


----------



## obxtony (Aug 17, 2008)

Ok solved it is Sherlock!
Ill try and get on tonight if I can having probs getting travel insurance having cancer, last quote was 
£9,745 for states!!
Thanks again team for all your help!


----------



## eddie5659 (Mar 19, 2001)

Good grief, that's expensive 

Hopefully you can find a bit cheaper 

I'll see you on BF3 sometime. My main nights are Fridays, as our clan play in our server for most of the night. I do play other nights, but malware removal is a busy area, and I have to make sure I'm okay there before I go online gaming


----------

