# AVG Secure Search Must Go



## Verylost (Jul 15, 2010)

Ok getting fed up with AVG secure search hi jacking every thing in sight; and no matter what i try; Ccleaner or malwearbytes or superantispywear or the AVG removal tool listed in another post nothing can toiuch it yet. Was hoping to post a Hi Jack log here but it doesn t creata a log for for so whats with that ?

I need you guys to work your magic and tell me how to delete A V G 100% get it off my windo 7 ie 9.0 set up avg came with the lap top and thought i delete all AVG items but no ! !

So what now need some fast help please - hugs / later . . hope this helps . .


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4028 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1790 Mb
Hard Drives: C: Total - 115711 MB, Free - 28065 MB; D: Total - 170497 MB, Free - 155057 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., RV410/RV510/S3510/E3510
Antivirus: Rising Antivirus, Updated and Enabled


----------



## eddie5659 (Mar 19, 2001)

Hiya

Lets see if we can remove it for you, and see if anything is blocking the removal 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

------------------------

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


eddie


----------



## Verylost (Jul 15, 2010)

Eddie 5696 -

Ok just had a huge break maybe; AVG seems attach it self to everything in sight quickly after i boot up because if i try to delete that bugger its in common files all i get is that its running and somehow needs to be turned off; never tells be how only then can the folder be delete.

This time i was bloody fast at start up; got to c drive; then programs(64) then common files and their sits AVG so tried right clicking on it then delete and amazing the folder deleted then raced to the recycling bin and then deleted it their;hopefully AVG didn t know work hit it because i was so fast didn t have a chance to open and spread.

So is AVG finally gone? Not sure what to do now; it might pop back at any time or at next startup i am sure i had it to easy ; guess i ll run combo fix i find that easy to use and see what that says -

later . .


----------



## eddie5659 (Mar 19, 2001)

It may be gone, but remains may still be there. Was it just AVG that you're having problems with, and nothing else? If so, leave ComboFix, and just run the OTL tool instead, and we'll go from there 

Also, can you do this:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:folderfind
*AVG*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## Verylost (Jul 15, 2010)

Ok heres the combo log i always find it a snap to run; and would love to speed up the pc a bit; get pages and sites to open/close faster always seems so slow; AVG is the only issue . .

ComboFix 12-05-24.03 - pestyone 05/24/2012 16:30:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.263.1033.18.4029.2714 [GMT -4:00]
Running from: c:\users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QH1JYK7S\ComboFix.exe
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section not completed
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 13:39 . 2012-05-24 13:39 -------- d-----w- c:\users\pestyone\AppData\Local\VS Revo Group
2012-05-24 13:39 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-24 13:39 . 2012-05-24 13:39 -------- d-----w- c:\program files\VS Revo Group
2012-05-24 12:19 . 2012-05-24 12:19 388096 ----a-r- c:\users\pestyone\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-24 12:19 . 2012-05-24 12:19 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-22 09:35 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48963EE0-48DC-47A1-9C45-4BC95690C7CB}\mpengine.dll
2012-05-21 17:24 . 2012-05-21 17:24 -------- d-----w- c:\users\pestyone\AppData\Roaming\TeamViewer
2012-05-20 23:24 . 2012-05-20 23:24 -------- d-----w- c:\program files\Elantech
2012-05-20 23:20 . 2012-05-20 23:20 4633992 ----a-w- c:\windows\system32\ETDUI.cpl
2012-05-20 23:17 . 2012-05-20 23:18 -------- d-----w- c:\program files (x86)\BurnAware Free
2012-05-19 11:43 . 2012-05-24 12:48 -------- d-----w- c:\program files (x86)\Files Terminator Free
2012-05-18 18:17 . 2012-04-18 17:49 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-18 18:17 . 2012-03-22 17:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-05-18 18:16 . 2012-05-18 18:17 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-05-18 18:16 . 2012-05-18 18:16 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-05-18 18:16 . 2012-03-06 19:43 80024 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2012-05-18 18:16 . 2012-03-06 19:43 4421272 ----a-w- c:\windows\SysWow64\mfc100u.dll
2012-05-18 18:16 . 2012-03-06 19:43 136344 ----a-w- c:\windows\SysWow64\atl100.dll
2012-05-18 18:15 . 2012-05-24 11:45 -------- d-----w- c:\users\pestyone\AppData\Roaming\DVDVideoSoft
2012-05-17 20:01 . 2012-05-17 20:05 -------- d-----w- c:\program files (x86)\Eusing Free Video Converter
2012-05-17 19:34 . 2012-05-17 19:45 -------- d-----w- c:\program files (x86)\Kastor Free Video Converter
2012-05-17 19:34 . 2012-05-17 19:34 -------- d-----w- c:\users\pestyone\AppData\Roaming\KastorVideoConverter
2012-05-17 19:14 . 2012-05-17 19:14 -------- d-----w- c:\users\pestyone\AppData\Roaming\XMedia Recode
2012-05-17 06:47 . 2010-08-05 18:47 249736 ----a-w- c:\windows\ETDUninst.dll
2012-05-16 18:08 . 2012-05-16 18:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-16 18:08 . 2012-05-16 18:07 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-16 18:07 . 2012-05-16 18:07 -------- d-----w- c:\program files (x86)\Java
2012-05-16 04:24 . 2012-05-16 04:24 -------- d-----w- c:\users\pestyone\AppData\Roaming\OpenOffice.org
2012-05-16 04:22 . 2012-05-16 04:22 -------- d-----w- c:\program files (x86)\JRE
2012-05-16 04:22 . 2012-05-16 04:22 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-15 23:59 . 2012-05-15 23:59 -------- d-----w- c:\users\pestyone\AppData\Roaming\OfficeSuiteX
2012-05-15 23:54 . 2012-05-16 00:12 -------- d-----w- c:\program files (x86)\Office Suite X 3
2012-05-15 23:52 . 2012-05-16 18:07 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-15 06:11 . 2012-05-15 06:30 -------- d-----w- c:\users\pestyone\AppData\Roaming\AbiSuite
2012-05-15 03:04 . 2012-05-15 03:04 -------- d-----w- c:\windows\SSuite Office Installations
2012-05-15 02:49 . 2012-05-15 02:49 -------- d-----w- c:\users\pestyone\AppData\Local\Windows Live Writer
2012-05-10 17:55 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 17:55 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 17:55 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 17:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 17:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 17:55 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 17:54 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 17:54 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 17:54 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 17:54 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 17:54 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:54 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 17:54 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:31 . 2012-05-10 09:31 -------- d-----w- c:\program files (x86)\NoVirusThanks
2012-05-10 09:04 . 2008-10-27 14:04 518480 ----a-w- c:\windows\system32\XAudio2_3.dll
2012-05-10 08:08 . 2012-05-10 08:08 -------- d-----w- c:\users\pestyone\AppData\Roaming\mkvtoolnix
2012-05-10 05:12 . 2012-05-17 19:47 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-05-09 23:07 . 2012-05-09 23:07 -------- d-----w- c:\users\pestyone\AppData\Roaming\QuickZip
2012-05-08 04:35 . 2012-05-08 04:35 -------- d-----w- c:\programdata\vsosdk
2012-05-08 03:50 . 2012-05-24 12:01 -------- d-----w- c:\users\pestyone\AppData\Roaming\Vso
2012-05-08 03:35 . 2012-05-11 13:57 -------- d-----w- c:\users\pestyone\AppData\Local\Conduit
2012-05-07 17:04 . 2012-05-07 17:05 -------- d-----w- c:\users\pestyone\AppData\Roaming\Free Media Converter
2012-05-07 01:29 . 2012-05-07 01:32 -------- d-----w- c:\users\pestyone\AppData\Local\SupportSoft
2012-05-07 01:28 . 2012-05-07 01:28 -------- d-----w- c:\programdata\SupportSoft
2012-05-07 01:28 . 2012-05-07 01:28 -------- d-----w- c:\program files (x86)\VERIZONDM
2012-05-07 01:28 . 2012-05-07 01:28 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft
2012-05-07 01:28 . 2012-05-07 01:28 -------- d-----w- c:\program files (x86)\Verizon
2012-05-06 09:25 . 2012-05-06 09:55 -------- d-----w- c:\users\pestyone\AppData\Local\Microsoft Games
2012-05-06 08:24 . 2012-05-13 07:15 -------- d-----w- c:\programdata\VirtualizedApplications
2012-05-06 06:13 . 2012-05-15 02:45 -------- d-----w- c:\users\pestyone\AppData\Roaming\SoftGrid Client
2012-05-06 06:13 . 2012-05-06 06:13 -------- d-----w- c:\users\pestyone\AppData\Local\SoftGrid Client
2012-05-06 06:12 . 2012-05-06 06:13 -------- d-----w- c:\users\pestyone\AppData\Roaming\TP
2012-05-03 03:42 . 2012-05-24 11:36 -------- d-----w- c:\users\pestyone\AppData\Roaming\dvdcss
2012-05-02 11:32 . 2012-05-24 11:36 -------- d-----w- c:\users\pestyone\AppData\Roaming\vlc
2012-05-02 11:31 . 2012-05-02 11:31 -------- d-----w- c:\program files (x86)\VideoLAN
2012-05-02 04:35 . 2012-05-02 04:35 -------- d-----w- c:\users\pestyone\AppData\Local\Spiggle
2012-05-02 02:16 . 2009-09-02 17:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-05-02 02:16 . 2009-09-02 17:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-05-02 02:16 . 2009-09-02 17:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-05-02 02:16 . 2009-09-02 17:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-05-02 02:16 . 2009-09-02 17:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-05-02 02:16 . 2009-09-02 17:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-05-02 02:16 . 2009-09-02 17:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-04-30 02:53 . 2012-05-11 14:04 -------- d-----w- c:\programdata\IObit
2012-04-30 02:53 . 2012-05-11 14:03 -------- d-----w- c:\program files (x86)\IObit
2012-04-28 04:51 . 2012-04-28 04:52 -------- d-----w- c:\users\pestyone\Desktop x
2012-04-27 22:54 . 2011-06-16 21:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2012-04-27 22:54 . 2012-04-27 22:54 -------- d-----w- c:\windows\system32\kodak
2012-04-27 22:48 . 2012-04-27 22:52 -------- d-----w- c:\users\pestyone\AppData\Local\Eastman_Kodak_Company
2012-04-27 22:42 . 2012-04-27 22:42 -------- d-----w- c:\users\pestyone\AppData\Local\Eastman Kodak Company
2012-04-27 22:39 . 2012-04-27 22:41 -------- d-----w- c:\windows\SysWow64\kodak
2012-04-27 22:34 . 2012-04-27 22:34 -------- d-----w- c:\windows\SysWow64\spool
2012-04-27 22:25 . 2012-04-27 22:34 -------- d-----w- c:\program files (x86)\Kodak
2012-04-27 22:24 . 2012-05-24 19:54 -------- d-----w- c:\programdata\Kodak
2012-04-27 09:25 . 2012-05-17 04:34 -------- d-----w- c:\users\pestyone\AppData\Local\ElevatedDiagnostics
2012-04-26 10:05 . 2012-04-26 10:05 -------- d-----w- c:\users\pestyone\AppData\Local\Google
2012-04-26 10:04 . 2012-05-10 02:23 -------- d-----w- c:\users\pestyone\AppData\Local\CRE
2012-04-25 12:17 . 2012-04-25 12:17 -------- d-----w- c:\program files\WinPcap
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 23:24 . 2011-04-18 23:57 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-05-20 23:23 . 2011-04-18 23:57 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-05-04 11:33 . 2012-04-22 01:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 11:33 . 2011-12-10 23:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46 . 2012-04-21 12:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-21 12:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-21 12:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-21 12:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-21 12:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-21 12:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-21 12:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-21 12:38 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-21 12:38 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-21 12:38 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-21 12:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-21 12:38 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-21 12:38 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-21 12:38 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-21 12:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
.
c:\users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [x]
S1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [x]
S1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 ASRservice;ASRservice;c:\program files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [2009-12-10 697104]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-06 8704]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [2011-12-06 150168]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\RavMonD.exe [2011-11-26 264448]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-25 11895400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Free YouTube Download - c:\users\pestyone\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\pestyone\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
Trusted Zone: extratorrent.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\02\03\01\010?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-24 16:33:27
ComboFix-quarantined-files.txt 2012-05-24 20:33
.
Pre-Run: 29,059,239,936 bytes free
Post-Run: 28,926,570,496 bytes free
.
- - End Of File - - 982EE73C9865579531BADA0604C72FFF


----------



## Verylost (Jul 15, 2010)

Dang it OTL won t download for me so moving on to system look see what that finds


----------



## eddie5659 (Mar 19, 2001)

Just glancing through the ComboFix log, it appears you have some remains of malware, so if you can run the OTL next, we'll get them removed for you 

*edit* It won't download. What is the message that comes up?


----------



## Verylost (Jul 15, 2010)

Ok getting a pop up asking me to choose a program from the list to open up sys look with; what the heck is with that and what to do ?

What about trying to run malwearbytes next see what that finds; the long and deep scan - later


----------



## eddie5659 (Mar 19, 2001)

Its not supposed to be doing that, I assume all other programs work okay.

Can you see if disabling the antivirus will alow it to download okay.

If you just click on the link for OTL, it should ask to Save, just save it to the desktop. If it still doesn't work, can you try renaming to football.exe and see if that will work.

Yep, update MBAM and run a deep scan:

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*


----------



## Verylost (Jul 15, 2010)

Ok tryed again and all i get is - OTL_exe(1) couldn t be downloaded - so what now guess i ll peek back in common files make sure it hasn t popped back in AVG . . .


----------



## Verylost (Jul 15, 2010)

Just tryed OTL again with my anti virus off and same error moving on to malwearbytes -


----------



## eddie5659 (Mar 19, 2001)

Its not downloading correctly 

Can you right-click on the link, and select Save Link As.. and see if that works.

I'll wait for the MBAM log in the meantime


----------



## Verylost (Jul 15, 2010)

Ok will try that and can t get malwearbytes to download for me just freezes up then nothing might have to re boot but not for now in the mean time running Rising Ant-Virus scanner so far nothing found 45 minutes to go for that; loves this virus scanner highly rated ; doesn't miss a thing and bloat free and i have a different malwear scanner on the desk top i'll run that hopefully it will find what ever you see on the combo fix log . .

What exactly do you see their would love to know; see it for myself . . . waiting on a finished virus scan then the other mal scanner will post in a bit . .


----------



## Verylost (Jul 15, 2010)

Dang tryed right click to save target as and doesn t work just wonderful so whats with that ?


----------



## Verylost (Jul 15, 2010)

Ok are you out their some good news just ran OTL from another link and bingo i got it whoopy will run after the virus scan and post that log here . .


----------



## Verylost (Jul 15, 2010)

Ok no virus's found whoopy and was running OTL and frooze up on me so guess i ll run a quick scan again . . .


----------



## Verylost (Jul 15, 2010)

Ok where are you OTL found nothing and couldn t print up a log and malwearbytes i can t get yet guess i ll have to try other links and No Virus Malwear found nothing so how do i remove what you saw of the combo fix log. ?

Lastly i have a purl-mbam file on my desktop place their from malwear failed download that says its running in internet explorer but doesn t show up in task manger so what now; need your help i am here waiting on you . .


----------



## Verylost (Jul 15, 2010)

Ok wheres my helper; finally got malwearbytes working and enclosed is the log; but it found nothing dang it didn t find what you saw on the combo fix log; so i assume its still their sooo how do i get rid of the malware that you said you saw on the combo log ? ?

Waiting on you for more help . . .

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pestyone :: PESTYONE-PC [administrator]
5/25/2012 12:05:22 AM
mbam-log-2012-05-25 (00-33-08).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 310240
Time elapsed: 27 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## eddie5659 (Mar 19, 2001)

I'm in the UK, so my time difference is about 5 hours infront of you, so I was asleep when you replied, and Fridays I'm always out, so I'll look thru it fully now, and see where we are. Back in a bit


----------



## Verylost (Jul 15, 2010)

ops ok just trying to figure things out like why do they add junk like norton and avg to computers before one buys one; and why so much bloat in them and why is it when you delete software its never 100% deletion and whats left hides 5/6 months before it pops up and bites ya in the tushie ! ?

Go figure


----------



## Verylost (Jul 15, 2010)

Ok good news some progress after much hair pulling i got this to print out . . . a lot of missing and unknown stuff in the list beats me and what did you see in combo fix log thats malware . .

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:33 PM, on 5/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3OOSRZ5

\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: ASRservice - IObit - C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
O23 - Service: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RAV\RavMonD.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7240 bytes


----------



## eddie5659 (Mar 19, 2001)

Okay, had a look and you have these installed, which is not a recommended tool, as they give false readings and can slow systems down. So, can you uninstall these:

*Advanced Spyware Remover
Advanced SystemCare 5*

Reboot and then see if you can run OTL again.

Don't worry about the missing entries, hijackthis isn't updated to Windows 7 fully yet, which is why the OTL log is important.

Can you run any other programs, or is it just the OTL/SystemLook etc that have problems?

If so, rename OTL to football.exe and try and run it again.

eddie


----------



## Verylost (Jul 15, 2010)

Can try running OTL again wouldn t print up a log first time around; you have the combo log and now the Hijack and they spot no malware but its still their on Combo correct ? tired need a nap was working on 2 other pc problems - later


----------



## eddie5659 (Mar 19, 2001)

Well, HijackThis isn't very thorough, most just use it as a guide to see if anything is showing before getting different tools to run 

On the ComboFix log, you have folders that are Conduit, well known malware. Plus you have a proxy that is installed, and its actually related to malware. The OTL log would be better, as it tells me a lot of what we can look at.

Try this instead, and leave the other copy of OTL alone, and use the one in the below link:

_Note: If using Firefox right-click on any download links and choose Save As_

Please download *OTH* to your desktop
Please download *OTL* to your desktop
Please download the attached file *Scan.txt* to your desktop

Double click the OTH file to run it and click *Kill All Processes*, your desktop will go blank.










Then select *Start OTL*. OTL will now run


Double-click on the *Custom Scans* box and a message box will popup asking if you want to load a custom scan from a file
Select *Scan.txt* that you downloaded

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Click the *Internet Explorer* button, post these logs in your Virus Removal topic.


----------



## Verylost (Jul 15, 2010)

OK i am back but think i just made some progress but AVG is finally deleted;maybe- every time i try to add or delete i am locked out and something is grrayed out but with i start up all those defenses are down for a minute or two; so just now at startup i just raced into manage add ons and add yahoo as the default engine and finally i hope delete AVG then i raced into common files and deleted the AVG so maybe all is well just have to wait and see and whoopy battery in lap top is recharging for now.

Posting OTL soon to see what malware is still on the system . . .


----------



## eddie5659 (Mar 19, 2001)

Good to see AVG has gone, and I'll be home at the usual time tomorrow, so will have a look then, or if not, whilst at work


----------



## Macboatmaster (Jan 15, 2010)

eddie5659.
VeryLost has this topic open as well on the same computer.
You may agree that it is best left until you have completed here, or indeed perhaps it may be covered here as you wish.

http://forums.techguy.org/windows-7/1054622-internet-explorer-cannot-display-webpage.html


----------



## eddie5659 (Mar 19, 2001)

Thanks Macboatmaster 

I'll reply there as well 

VeryLost, have you uninstalled these yet?

Advanced Spyware Remover
Advanced SystemCare 5

Also, can you run the OTL as explained above, using the OTH tool.

eddie


----------



## Verylost (Jul 15, 2010)

Ok heres another OTL log and please tell me i am not; repeat not seeing avg on this log ? ? What about a Hi Jack or superantispyware log here would that help . . . and ohhh whats Conime keeps popping up on my tool bar list and won't stay deleted . . . late

OTL logfile created on: 5/31/2012 8:16:32 AM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\pestyone\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.70% Memory free
7.87 Gb Paging File | 5.84 Gb Available in Paging File | 74.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113.00 Gb Total Space | 16.91 Gb Free Space | 14.96% Space Free | Partition Type: NTFS
Drive D: | 166.50 Gb Total Space | 150.04 Gb Free Space | 90.11% Space Free | Partition Type: NTFS

Computer Name: PESTYONE-PC | User Name: pestyone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 18:24:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pestyone\Downloads\OTL.exe
PRC - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/11/26 07:20:56 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RsTray.exe
PRC - [2011/11/26 07:19:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\popwndexe.exe
PRC - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe
PRC - [2011/11/24 03:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/02/07 05:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/08/26 21:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/09 05:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/27 01:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/02/10 10:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/08/03 08:48:54 | 002,756,608 | ---- | M] (Makayama Interactive) -- C:\Program Files (x86)\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/24 03:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/24 03:05:26 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/05/07 10:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005/10/17 13:51:38 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Makayama Interactive\Easy WiFi Radar\wifiInfo_VB.dll
MOD - [2004/02/05 15:53:48 | 000,389,120 | ---- | M] () -- C:\Windows\SysWOW64\actskn43.ocx
MOD - [2001/08/26 04:56:20 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Makayama Interactive\Easy WiFi Radar\dll_simple.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/08/09 15:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe -- (RsRavMon)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/11/26 07:16:30 | 000,041,048 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hvm.sys -- (HyperVM)
DRV:*64bit:* - [2011/11/26 07:16:29 | 000,037,016 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Hooksys.sys -- (hooksys)
DRV:*64bit:* - [2011/11/26 07:16:29 | 000,030,360 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookTdi.sys -- (HookTdi)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 23:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/02/11 17:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:*64bit:* - [2010/11/23 03:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/08/09 22:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:*64bit:* - [2010/07/08 04:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2010/04/27 03:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2011/09/15 07:37:04 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/08/03 01:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf.sys -- (npf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9EE14179-061B-460E-840B-2530D8988107}
IE - HKCU\..\SearchScopes\{9EE14179-061B-460E-840B-2530D8988107}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\

[2012/01/07 17:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions
[2012/05/09 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions
O1 HOSTS File: ([2012/04/21 18:55:50 | 000,000,051 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:*64bit:* - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O15 - HKCU\..Trusted Domains: extratorrent.com ([]https in Trusted sites)
O16:*64bit:* - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C93A6E3F-D3AD-4BC2-A1D8-AFDD6A3DB07C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5874F40-ED48-49D1-97C2-BC417465239C}: DhcpNameServer = 192.168.1.1
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bsmain)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/31 05:15:20 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/05/31 05:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/05/30 22:39:51 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{B8D87C41-3899-4FE5-B381-84E0935193C7}
[2012/05/30 00:25:52 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\PC Cleaners
[2012/05/30 00:25:48 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\PCPro
[2012/05/30 00:25:42 | 004,101,392 | ---- | C] (PC Cleaners) -- C:\windows\uninst.exe
[2012/05/28 06:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy WiFi Radar
[2012/05/28 06:59:01 | 000,061,440 | ---- | C] (CACE Technologies) -- C:\windows\SysWow64\WanPacket.dll
[2012/05/28 06:59:01 | 000,057,344 | ---- | C] (Acrotech Solutions) -- C:\windows\SysWow64\XButton.ocx
[2012/05/28 06:59:01 | 000,032,512 | ---- | C] (CACE Technologies) -- C:\windows\SysWow64\drivers\npf.sys
[2012/05/28 06:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Makayama Interactive
[2012/05/26 11:09:27 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\AVG2012
[2012/05/26 11:06:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/26 10:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/26 06:34:42 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Curiolab
[2012/05/26 00:12:08 | 000,000,000 | R--D | C] -- C:\RAVBIN
[2012/05/24 22:15:59 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Malwarebytes
[2012/05/24 22:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/24 22:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/24 22:15:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/05/24 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/24 18:18:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/24 16:33:45 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/24 16:29:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/05/24 16:29:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/05/24 16:29:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/05/24 16:29:37 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/24 09:55:48 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\advanced_uninstaller_pro_7_5_serial_keygen_by_DBC
[2012/05/24 09:39:17 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\VS Revo Group
[2012/05/24 08:19:29 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/24 08:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/05/21 13:24:50 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\TeamViewer
[2012/05/21 02:32:00 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Desktop\downloads free
[2012/05/20 19:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012/05/20 19:20:09 | 004,633,992 | ---- | C] (ELAN Microelectronics Corp.) -- C:\windows\SysNative\ETDUI.cpl
[2012/05/20 19:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2012/05/20 19:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnAware Free
[2012/05/19 09:28:56 | 001,073,608 | ---- | C] (File Repair) -- C:\Users\pestyone\Desktop\file-repair-setup.exe
[2012/05/19 07:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Files Terminator Free
[2012/05/19 07:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Files Terminator Free
[2012/05/18 14:15:01 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\DVDVideoSoft
[2012/05/17 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Video Converter
[2012/05/17 15:34:09 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\KastorVideoConverter
[2012/05/17 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kastor Free Video Converter
[2012/05/17 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\XMedia Recode
[2012/05/17 02:47:54 | 000,249,736 | ---- | C] (ELAN Microelectronics Corp.) -- C:\windows\ETDUninst.dll
[2012/05/16 14:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/16 14:08:09 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012/05/16 14:08:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/05/16 14:08:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/05/16 14:08:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/05/16 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/16 00:24:41 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\OpenOffice.org
[2012/05/16 00:23:54 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
[2012/05/16 00:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2012/05/16 00:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/05/15 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\OfficeSuiteX
[2012/05/15 19:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Office Suite X 3
[2012/05/15 19:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/15 19:52:52 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/05/15 02:11:17 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\AbiSuite
[2012/05/14 23:04:29 | 000,000,000 | ---D | C] -- C:\windows\SSuite Office Installations
[2012/05/14 22:49:44 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Windows Live Writer
[2012/05/14 22:49:44 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Windows Live Writer
[2012/05/13 21:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2012/05/13 21:21:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\pestyone\AppData\Roaming\pcouffin.sys
[2012/05/13 21:21:39 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\PcSetup
[2012/05/11 21:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/11 21:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/11 21:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/11 10:48:23 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\uTorrent
[2012/05/11 10:04:01 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\IObit
[2012/05/11 10:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/11 10:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/05/11 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{78B1971D-3CA1-4C32-923B-3862CE1A0B36}
[2012/05/11 00:24:07 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\IrfanView
[2012/05/10 23:44:16 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Windows Live
[2012/05/10 23:43:55 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{9544F0B5-E834-4356-B32E-0BABB6D9F365}
[2012/05/10 23:43:55 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{7D9B265E-EE32-44D8-9832-D8EE1DDCAA28}
[2012/05/10 13:55:54 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/10 13:55:52 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/10 13:55:51 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/10 13:55:51 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/05/10 05:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
[2012/05/10 05:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoVirusThanks
[2012/05/10 05:05:18 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2012/05/10 05:05:18 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2012/05/10 05:05:18 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_7.dll
[2012/05/10 05:05:18 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_7.dll
[2012/05/10 05:05:18 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2012/05/10 05:05:18 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2012/05/10 05:05:17 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2012/05/10 05:05:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2012/05/10 05:05:16 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_43.dll
[2012/05/10 05:05:16 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2012/05/10 05:05:16 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2012/05/10 05:05:16 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2012/05/10 05:05:15 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_43.dll
[2012/05/10 05:05:15 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2012/05/10 05:05:15 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_43.dll
[2012/05/10 05:05:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2012/05/10 05:05:14 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2012/05/10 05:05:14 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2012/05/10 05:05:14 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2012/05/10 05:05:14 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2012/05/10 05:05:12 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2012/05/10 05:05:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2012/05/10 05:05:12 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2012/05/10 05:05:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2012/05/10 05:05:11 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2012/05/10 05:05:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2012/05/10 05:05:10 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2012/05/10 05:05:09 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2012/05/10 05:05:09 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2012/05/10 05:05:08 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2012/05/10 05:05:08 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2012/05/10 05:05:08 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2012/05/10 05:05:08 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2012/05/10 05:05:07 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2012/05/10 05:05:07 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2012/05/10 05:05:06 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2012/05/10 05:05:06 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2012/05/10 05:05:05 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2012/05/10 05:05:05 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2012/05/10 05:05:04 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2012/05/10 05:05:04 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2012/05/10 05:05:04 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2012/05/10 05:05:02 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2012/05/10 05:05:02 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2012/05/10 05:05:01 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2012/05/10 05:05:01 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2012/05/10 05:05:01 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2012/05/10 05:05:01 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2012/05/10 05:05:01 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2012/05/10 05:05:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2012/05/10 05:05:00 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2012/05/10 05:05:00 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2012/05/10 05:04:59 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2012/05/10 05:04:59 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2012/05/10 05:04:59 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2012/05/10 05:04:59 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2012/05/10 05:04:58 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2012/05/10 05:04:58 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2012/05/10 05:04:58 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2012/05/10 05:04:58 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2012/05/10 05:04:56 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2012/05/10 05:04:56 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2012/05/10 05:04:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2012/05/10 05:04:56 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2012/05/10 05:04:56 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2012/05/10 05:04:56 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2012/05/10 05:04:55 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2012/05/10 05:04:55 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2012/05/10 05:04:55 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2012/05/10 05:04:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2012/05/10 05:04:54 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2012/05/10 05:04:54 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2012/05/10 05:04:53 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2012/05/10 05:04:53 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2012/05/10 05:04:53 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2012/05/10 05:04:53 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2012/05/10 05:04:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2012/05/10 05:04:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2012/05/10 05:04:52 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2012/05/10 05:04:52 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2012/05/10 05:04:51 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2012/05/10 05:04:51 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2012/05/10 05:04:51 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2012/05/10 05:04:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2012/05/10 05:04:50 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2012/05/10 05:04:50 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2012/05/10 05:04:50 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2012/05/10 05:04:50 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2012/05/10 05:04:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2012/05/10 05:04:49 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2012/05/10 05:04:48 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2012/05/10 05:04:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2012/05/10 05:04:47 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2012/05/10 05:04:47 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2012/05/10 05:04:47 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2012/05/10 05:04:47 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2012/05/10 05:04:46 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2012/05/10 05:04:46 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2012/05/10 05:04:46 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2012/05/10 05:04:46 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2012/05/10 05:04:44 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2012/05/10 05:04:44 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2012/05/10 05:04:44 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2012/05/10 05:04:44 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2012/05/10 05:04:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2012/05/10 05:04:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2012/05/10 05:04:43 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2012/05/10 05:04:43 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2012/05/10 05:04:42 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2012/05/10 05:04:42 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2012/05/10 05:04:42 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2012/05/10 05:04:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2012/05/10 05:04:40 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2012/05/10 05:04:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2012/05/10 05:04:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2012/05/10 05:04:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2012/05/10 05:04:38 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2012/05/10 05:04:38 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2012/05/10 05:04:38 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2012/05/10 05:04:38 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2012/05/10 05:04:37 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2012/05/10 05:04:37 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2012/05/10 05:04:37 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2012/05/10 05:04:37 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2012/05/10 05:04:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2012/05/10 05:04:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2012/05/10 05:04:34 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2012/05/10 05:04:34 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2012/05/10 05:04:34 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2012/05/10 05:04:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2012/05/10 05:04:34 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2012/05/10 05:04:34 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2012/05/10 05:04:33 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2012/05/10 05:04:33 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2012/05/10 05:04:32 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2012/05/10 05:04:32 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2012/05/10 05:04:30 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2012/05/10 05:04:30 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2012/05/10 05:04:30 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2012/05/10 05:04:30 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2012/05/10 05:04:29 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2012/05/10 05:04:29 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2012/05/10 05:04:29 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2012/05/10 05:04:29 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2012/05/10 05:04:28 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2012/05/10 05:04:28 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2012/05/10 05:04:27 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2012/05/10 05:04:27 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2012/05/10 05:04:26 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2012/05/10 05:04:26 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2012/05/10 05:04:25 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2012/05/10 05:04:25 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2012/05/10 05:04:25 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2012/05/10 05:04:25 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2012/05/10 05:04:24 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2012/05/10 05:04:24 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2012/05/10 05:04:20 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2012/05/10 05:04:20 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2012/05/10 05:04:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2012/05/10 05:04:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2012/05/10 05:04:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2012/05/10 05:04:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2012/05/10 05:04:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2012/05/10 05:04:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2012/05/10 05:04:17 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2012/05/10 05:04:17 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2012/05/10 05:04:16 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2012/05/10 05:04:16 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2012/05/10 05:04:15 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2012/05/10 05:04:15 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2012/05/10 05:04:15 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2012/05/10 05:04:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2012/05/10 05:04:13 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2012/05/10 05:04:13 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2012/05/10 04:48:34 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2012/05/10 04:08:57 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\mkvtoolnix
[2012/05/09 23:14:32 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Desktop\ConvertXToDVD
[2012/05/09 19:07:22 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\QuickZip
[2012/05/08 05:38:26 | 000,000,000 | R--D | C] -- C:\Users\pestyone\Desktop\downloads freemake
[2012/05/08 00:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2012/05/07 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Vso
[2012/05/07 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/05/07 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Conduit
[2012/05/07 13:04:20 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\FreeMediaConverter.org
[2012/05/07 13:04:20 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Free Media Converter
[2012/05/07 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMediaConverter.org
[2012/05/06 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\SupportSoft
[2012/05/06 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VERIZONDM
[2012/05/06 21:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2012/05/06 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2012/05/06 21:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2012/05/06 05:25:56 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Microsoft Games
[2012/05/06 04:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/05/06 02:13:44 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\SoftGrid Client
[2012/05/06 02:13:44 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\SoftGrid Client
[2012/05/06 02:12:46 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\TP
[2012/05/02 23:42:05 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\dvdcss
[2012/05/02 07:32:47 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\vlc
[2012/05/02 07:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/05/02 07:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/05/02 07:13:07 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{A915330A-4AE7-48BB-9BE5-4AD1F3029A9B}
[2012/05/02 00:35:58 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Spiggle
[2012/05/01 22:31:11 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\ConvertXToDVD
[2012/05/01 22:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConvertX to DVD 4
[2012/05/01 22:16:05 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\Pncrt.dll
[2012/05/01 22:16:05 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\drv43260.dll
[2012/05/01 22:16:05 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\sipr3260.dll
[2012/05/01 22:16:04 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\drv33260.dll
[2012/05/01 22:16:04 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\drv23260.dll
[2012/05/01 22:16:04 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\cook3260.dll
[2012/05/01 22:16:03 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wvc1dmod.dll
[2012/05/01 22:16:03 | 000,626,688 | ---- | C] (On2.com) -- C:\windows\SysWow64\vp7vfw.dll

========== Files - Modified Within 30 Days ==========

[2012/05/31 05:38:18 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 05:38:18 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 05:14:44 | 001,665,985 | ---- | M] () -- C:\Users\pestyone\Desktop\Unlocker1.9.1.exe
[2012/05/31 04:12:30 | 000,176,918 | ---- | M] () -- C:\Users\pestyone\Documents\bull balls.rtf
[2012/05/31 04:11:02 | 000,076,545 | ---- | M] () -- C:\Users\pestyone\Documents\bull balls.odt
[2012/05/30 22:20:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/30 22:20:14 | 4224,307,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/30 07:27:33 | 000,001,189 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
[2012/05/30 00:25:17 | 004,101,392 | ---- | M] (PC Cleaners) -- C:\windows\uninst.exe
[2012/05/29 05:11:21 | 000,000,392 | ---- | M] () -- C:\Users\pestyone\Documents\red torrents i have.rtf
[2012/05/29 01:24:34 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/29 01:24:34 | 000,628,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/29 01:24:34 | 000,110,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/29 00:03:35 | 000,000,335 | ---- | M] () -- C:\Users\pestyone\Documents\-convert x burn 5 - 29 - 12.rtf
[2012/05/28 06:59:02 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Easy WiFi Radar.lnk
[2012/05/28 06:57:54 | 002,159,071 | ---- | M] () -- C:\Users\pestyone\Documents\easy-wi-fi-radar-1.0.5.zip
[2012/05/26 06:00:14 | 000,003,271 | ---- | M] () -- C:\Users\pestyone\Documents\40 songs.rtf
[2012/05/26 05:52:43 | 000,000,798 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
[2012/05/26 05:52:40 | 000,001,950 | ---- | M] () -- C:\Users\pestyone\Documents\13 tracks audio.m3u
[2012/05/26 05:28:33 | 000,002,734 | ---- | M] () -- C:\Users\pestyone\Documents\17 song list.m3u
[2012/05/24 22:15:52 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/24 09:19:03 | 000,000,042 | ---- | M] () -- C:\windows\SysWow64\AK083E209605E394C.lie
[2012/05/24 08:19:29 | 000,002,991 | ---- | M] () -- C:\Users\pestyone\Desktop\HiJackThis.lnk
[2012/05/24 07:48:57 | 000,073,490 | ---- | M] () -- C:\Users\pestyone\Documents\Future Shock 2_php end.mht
[2012/05/24 07:46:45 | 000,076,364 | ---- | M] () -- C:\Users\pestyone\Documents\- Future Shock 1_php.mht
[2012/05/24 04:27:47 | 000,075,886 | ---- | M] () -- C:\Users\pestyone\Documents\- Debbie's Decision, Part 2_php end.mht
[2012/05/24 04:26:43 | 000,074,353 | ---- | M] () -- C:\Users\pestyone\Documents\- Debbie's Decision, Part 1_php.mht
[2012/05/24 03:12:25 | 000,078,195 | ---- | M] () -- C:\Users\pestyone\Documents\The Eunuch Archive - A Case of Prevention - Revised_php.mht
[2012/05/24 03:11:10 | 000,113,927 | ---- | M] () -- C:\Users\pestyone\Documents\A Case of Prevention - Revised_php.mht
[2012/05/23 23:53:10 | 000,083,508 | ---- | M] () -- C:\Users\pestyone\Documents\Capture of a Grownup_php.mht
[2012/05/23 23:20:08 | 000,071,417 | ---- | M] () -- C:\Users\pestyone\Documents\The Eunuch Archive - A Better Life Afterwards_php.mht
[2012/05/23 04:07:54 | 000,000,244 | ---- | M] () -- C:\Users\pestyone\Documents\Logon and password.rtf
[2012/05/22 10:02:12 | 000,029,048 | ---- | M] () -- C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom - Part 2 Busted_php my story.mht
[2012/05/22 10:00:25 | 000,035,871 | ---- | M] () -- C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom_php.mht
[2012/05/20 19:34:52 | 000,005,931 | ---- | M] () -- C:\windows\HotFixList.ini
[2012/05/20 19:24:17 | 000,345,600 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\windows\SetLCDStretchMode.exe
[2012/05/20 19:23:46 | 000,407,040 | ---- | M] (Samsung Electronics) -- C:\windows\HotfixChecker.exe
[2012/05/20 19:20:09 | 004,633,992 | ---- | M] (ELAN Microelectronics Corp.) -- C:\windows\SysNative\ETDUI.cpl
[2012/05/20 19:18:02 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/05/19 09:28:59 | 001,073,608 | ---- | M] (File Repair) -- C:\Users\pestyone\Desktop\file-repair-setup.exe
[2012/05/19 07:43:10 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Files Terminator Free.lnk
[2012/05/16 19:53:42 | 000,118,068 | ---- | M] () -- C:\Users\pestyone\Documents\log open.odt
[2012/05/16 14:07:53 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012/05/16 14:07:53 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/05/16 14:07:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/05/16 14:07:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/05/16 14:07:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/05/16 13:56:20 | 000,293,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/16 00:23:56 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2012/05/14 13:46:56 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\ConvertXtoDVD 4 english manual.lnk
[2012/05/14 06:38:32 | 000,043,976 | ---- | M] () -- C:\Users\pestyone\AppData\Local\save_en.bmp
[2012/05/14 06:38:08 | 000,043,976 | ---- | M] () -- C:\Users\pestyone\AppData\Local\save_es.bmp
[2012/05/13 21:29:28 | 000,001,184 | ---- | M] () -- C:\Users\pestyone\Desktop\ConvertXtoDVD 4.lnk
[2012/05/13 21:21:39 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\pestyone\AppData\Roaming\pcouffin.sys
[2012/05/13 21:21:39 | 000,007,859 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.cat
[2012/05/13 21:21:39 | 000,001,167 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.inf
[2012/05/11 07:53:01 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/05/11 07:53:01 | 000,001,804 | ---- | M] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/10 05:31:15 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\NoVirusThanks Malware Remover Free.lnk
[2012/05/10 01:27:53 | 043,089,444 | ---- | M] () -- C:\Users\pestyone\Desktop\ConvertXtoDVD_v4_manual.pdf
[2012/05/09 15:41:21 | 000,000,298 | ---- | M] () -- C:\Users\pestyone\Documents\needles.rtf
[2012/05/09 08:08:47 | 000,000,443 | ---- | M] () -- C:\Users\pestyone\Documents\convertx keys 5-9-12.rtf
[2012/05/08 09:13:04 | 000,503,921 | ---- | M] () -- C:\Users\pestyone\Desktop\The_Sayings_Of_Confucius.pdf
[2012/05/07 03:00:39 | 000,735,230 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/04 07:33:28 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 07:33:28 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/03 10:03:22 | 001,066,166 | ---- | M] () -- C:\Users\pestyone\Desktop\WeirdBeliefs-obooko-rel0062.pdf
[2012/05/03 08:36:35 | 000,162,936 | ---- | M] () -- C:\Users\pestyone\Desktop\TaoTeChing-obooko-ph0012.pdf
[2012/05/02 07:32:04 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/05/01 22:16:11 | 000,001,176 | ---- | M] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk

========== Files Created - No Company Name ==========

[2012/05/31 05:14:34 | 001,665,985 | ---- | C] () -- C:\Users\pestyone\Desktop\Unlocker1.9.1.exe
[2012/05/31 04:12:30 | 000,176,918 | ---- | C] () -- C:\Users\pestyone\Documents\bull balls.rtf
[2012/05/31 04:11:02 | 000,076,545 | ---- | C] () -- C:\Users\pestyone\Documents\bull balls.odt
[2012/05/29 05:11:21 | 000,000,392 | ---- | C] () -- C:\Users\pestyone\Documents\red torrents i have.rtf
[2012/05/29 00:03:35 | 000,000,335 | ---- | C] () -- C:\Users\pestyone\Documents\-convert x burn 5 - 29 - 12.rtf
[2012/05/28 23:47:08 | 731,076,608 | ---- | C] () -- C:\Users\pestyone\Documents\japanx-rhj184-cd1.avi
[2012/05/28 23:46:48 | 731,254,784 | ---- | C] () -- C:\Users\pestyone\Documents\japanx-rhj184-cd2.avi
[2012/05/28 23:41:08 | 734,723,984 | ---- | C] () -- C:\Users\pestyone\Documents\apx-red154-a.avi
[2012/05/28 23:40:47 | 729,339,934 | ---- | C] () -- C:\Users\pestyone\Documents\apx-red154-b.avi
[2012/05/28 23:35:43 | 730,338,496 | ---- | C] () -- C:\Users\pestyone\Documents\apx-rhj230-b.avi
[2012/05/28 23:35:22 | 734,753,404 | ---- | C] () -- C:\Users\pestyone\Documents\apx-rhj230-a.avi
[2012/05/28 23:28:29 | 733,663,428 | ---- | C] () -- C:\Users\pestyone\Documents\Red Hot Fetish Collection #84.avi
[2012/05/28 23:28:08 | 733,974,290 | ---- | C] () -- C:\Users\pestyone\Documents\Red Hot Fetish Collection #81.avi
[2012/05/28 23:27:31 | 1339,052,273 | ---- | C] () -- C:\Users\pestyone\Documents\RED153.avi
[2012/05/28 23:26:53 | 1194,065,920 | ---- | C] () -- C:\Users\pestyone\Documents\Red Hot Jam #223.avi
[2012/05/28 23:26:33 | 741,816,320 | ---- | C] () -- C:\Users\pestyone\Documents\Red Hot Jam #15.avi
[2012/05/28 23:26:02 | 1109,954,788 | ---- | C] () -- C:\Users\pestyone\Documents\Red Hot Fetish Collection #99.avi
[2012/05/28 23:12:17 | 1109,886,206 | ---- | C] () -- C:\Users\pestyone\Documents\RED157.avi
[2012/05/28 23:08:56 | 736,072,976 | ---- | C] () -- C:\Users\pestyone\Documents\Red Hot Fetish Collection Vol.25 (RED037).avi
[2012/05/28 23:07:37 | 918,291,528 | ---- | C] () -- C:\Users\pestyone\Documents\RED-105.avi
[2012/05/28 06:59:02 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Easy WiFi Radar.lnk
[2012/05/28 06:59:01 | 000,389,120 | ---- | C] () -- C:\windows\SysWow64\actskn43.ocx
[2012/05/28 06:58:10 | 002,159,071 | ---- | C] () -- C:\Users\pestyone\Documents\easy-wi-fi-radar-1.0.5.zip
[2012/05/27 03:55:05 | 000,001,736 | ---- | C] () -- C:\Users\pestyone\Desktop\PeerBlock.lnk
[2012/05/26 06:00:14 | 000,003,271 | ---- | C] () -- C:\Users\pestyone\Documents\40 songs.rtf
[2012/05/26 05:52:40 | 000,001,950 | ---- | C] () -- C:\Users\pestyone\Documents\13 tracks audio.m3u
[2012/05/26 05:28:33 | 000,002,734 | ---- | C] () -- C:\Users\pestyone\Documents\17 song list.m3u
[2012/05/24 22:15:52 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/24 16:29:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/24 16:29:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/24 16:29:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/24 16:29:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/24 16:29:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/24 09:19:03 | 000,000,042 | ---- | C] () -- C:\windows\SysWow64\AK083E209605E394C.lie
[2012/05/24 08:19:29 | 000,002,991 | ---- | C] () -- C:\Users\pestyone\Desktop\HiJackThis.lnk
[2012/05/24 07:48:56 | 000,073,490 | ---- | C] () -- C:\Users\pestyone\Documents\Future Shock 2_php end.mht
[2012/05/24 07:46:44 | 000,076,364 | ---- | C] () -- C:\Users\pestyone\Documents\- Future Shock 1_php.mht
[2012/05/24 04:27:47 | 000,075,886 | ---- | C] () -- C:\Users\pestyone\Documents\- Debbie's Decision, Part 2_php end.mht
[2012/05/24 04:26:42 | 000,074,353 | ---- | C] () -- C:\Users\pestyone\Documents\- Debbie's Decision, Part 1_php.mht
[2012/05/24 03:12:25 | 000,078,195 | ---- | C] () -- C:\Users\pestyone\Documents\The Eunuch Archive - A Case of Prevention - Revised_php.mht
[2012/05/24 03:11:10 | 000,113,927 | ---- | C] () -- C:\Users\pestyone\Documents\A Case of Prevention - Revised_php.mht
[2012/05/23 23:53:09 | 000,083,508 | ---- | C] () -- C:\Users\pestyone\Documents\Capture of a Grownup_php.mht
[2012/05/23 23:20:07 | 000,071,417 | ---- | C] () -- C:\Users\pestyone\Documents\The Eunuch Archive - A Better Life Afterwards_php.mht
[2012/05/23 04:07:53 | 000,000,244 | ---- | C] () -- C:\Users\pestyone\Documents\Logon and password.rtf
[2012/05/22 10:02:11 | 000,029,048 | ---- | C] () -- C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom - Part 2 Busted_php my story.mht
[2012/05/22 10:00:25 | 000,035,871 | ---- | C] () -- C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom_php.mht
[2012/05/20 19:18:02 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/05/19 07:43:10 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Files Terminator Free.lnk
[2012/05/16 19:49:48 | 000,118,068 | ---- | C] () -- C:\Users\pestyone\Documents\log open.odt
[2012/05/16 00:23:56 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2012/05/14 13:46:56 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\ConvertXtoDVD 4 english manual.lnk
[2012/05/14 06:38:32 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_en.bmp
[2012/05/14 06:38:08 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_es.bmp
[2012/05/13 21:29:28 | 000,001,184 | ---- | C] () -- C:\Users\pestyone\Desktop\ConvertXtoDVD 4.lnk
[2012/05/13 21:21:39 | 000,007,859 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.cat
[2012/05/13 21:21:39 | 000,001,167 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.inf
[2012/05/11 07:53:01 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/05/11 07:53:01 | 000,001,804 | ---- | C] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/11 07:53:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012/05/10 05:31:15 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\NoVirusThanks Malware Remover Free.lnk
[2012/05/10 01:27:51 | 043,089,444 | ---- | C] () -- C:\Users\pestyone\Desktop\ConvertXtoDVD_v4_manual.pdf
[2012/05/10 00:16:52 | 000,000,798 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
[2012/05/09 15:41:21 | 000,000,298 | ---- | C] () -- C:\Users\pestyone\Documents\needles.rtf
[2012/05/09 08:08:47 | 000,000,443 | ---- | C] () -- C:\Users\pestyone\Documents\convertx keys 5-9-12.rtf
[2012/05/08 09:13:03 | 000,503,921 | ---- | C] () -- C:\Users\pestyone\Desktop\The_Sayings_Of_Confucius.pdf
[2012/05/07 23:50:54 | 000,001,189 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
[2012/05/03 10:03:21 | 001,066,166 | ---- | C] () -- C:\Users\pestyone\Desktop\WeirdBeliefs-obooko-rel0062.pdf
[2012/05/03 08:36:35 | 000,162,936 | ---- | C] () -- C:\Users\pestyone\Desktop\TaoTeChing-obooko-ph0012.pdf
[2012/05/02 07:32:04 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/05/01 22:16:11 | 000,001,176 | ---- | C] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/11/26 07:18:11 | 000,000,134 | ---- | C] () -- C:\windows\SysWow64\BsMain.ini
[2011/11/26 03:25:39 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/26 00:13:05 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe
[2011/11/26 00:12:48 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/04/18 21:13:20 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2011/04/18 20:50:28 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/04/18 19:25:03 | 000,005,931 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/02/11 23:15:08 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2011/02/11 23:15:08 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2011/02/11 23:15:08 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2011/02/11 17:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
< End of report >


----------



## Verylost (Jul 15, 2010)

*Ok one would think these are two opposite errors but others think its malware(?) so posting it here this will be fun. Seeing how no new posts i ll run superantispywear and post that log so on a holdinh pattern for now . . later*

*C:\Program Data\Favorites is not Accessible access is denied* 
" C:\Program Data\Favorites is not Accessible access is denied "

Ok if its not one thing going wrong its another just started yesterday getting the above error and it seems to be spreading to other folders so whats with this and whats the fix ! ?

using win 7 [COLOR=green !important]64 bits[/COLOR] and i.e. 9.0 which stinks its awful . .


----------



## Verylost (Jul 15, 2010)

Ok came across what might be a fix for Vista but have no have idea if it works; does this make and sense would it work and does it work for Win 7; with my bad luck it will make things worse so asking here before trying it out and think i have several users should all be deleted just using the main admin user one or what about trying simple user might that work better ? ?

Guess i am the only one here to have these two issues; just wonderful - not. Still on hold hoping others will jumb in and help - will keep trying oh well . . .

Sallie - I am running Windows Vista and I have had a few issues with permissions and trying to gain acess to those stubborn files and folders as well. Hoping you can help.

*Try this:

1. Right click on the Sallie folder located in C:/Users/Sallie then go to properties 
2. Click the [COLOR=#39b54a !important]security tab[/COLOR] 
3. Click advanced
4. Click the owner tab
5. Click edit 
6. Highlight your user name and check the replace owner on subcontainers and objects checkbox, [COLOR=#39b54a !important]click[/COLOR] apply then ok. Then press ok on all of the other windows to exit out of them. *


----------



## eddie5659 (Mar 19, 2001)

This all looks like its malware related, so once we fully remove it, the problems may actually all be solved 

I see that when you ran MBAM you got these. Did you remove them, as they're showing no action taken:



> HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.


Thanks for the OTL log. Do you have the Extras.txt file as well? Should have been saved in the same folder as OTL is - C:\Users\pestyone\Downloads

---------

Am I right in thinking that both Advanced Spyware Remover and Advanced SystemCare 5 are now uninstalled?

If so, you also mentioned that AVG is now fully uninstalled, is that correct? If so, can you run the following fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2012/05/26 11:09:27 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\AVG2012
[2012/05/24 09:55:48 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\advanced_uninstaller_pro_7_5_serial_keygen_by_D BC
[2012/05/07 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Conduit
[2012/05/11 10:04:01 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\IObit
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-------------

Download *CKScanner* from *here*

*Important :* Save it to your desktop. 

Doubleclick CKScanner.exe and click *Search For Files*. 
After a very short time, when the cursor hourglass disappears, click *Save List To File*. 
A message box will verify that the file is saved. 
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

----------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









--------------------

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

eddie


----------



## Verylost (Jul 15, 2010)

Ok heres the OTL fix log and both advanced softwares are un installed/deleted and don t recall any extras text log but i ll look or maybe just re run Combo fix and i didn t delete any files from combo should I and thought i got rid of A V G but its still listed in combo fix log so what now.

Grrrr got pictures of locks on several folders and some files are locked have the arrow on whats with this mess in 1/2 hours in one night what s going on . . Ck log i just posted . . . ok A S W log is here . .

Ok i ll post these just in case i have to reboot . .

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\pestyone\AppData\Roaming\AVG2012 folder moved successfully.
Folder C:\Users\pestyone\Documents\advanced_uninstaller_pro_7_5_serial_keygen_by_D BC\ not found.
C:\Users\pestyone\AppData\Local\Conduit folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\pestyone\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\pestyone\Downloads\cmd.bat deleted successfully.
C:\Users\pestyone\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pestyone
->Temp folder emptied: 154693624 bytes
->Temporary Internet Files folder emptied: 18375506 bytes
->Java cache emptied: 123733 bytes
->Flash cache emptied: 486 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26914 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 165.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: pestyone
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: pestyone
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 06012012_153205
Files\Folders moved on Reboot...
C:\Users\pestyone\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMNR6PO5\forum[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMNR6PO5\iframe[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMNR6PO5\mg4379[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME0J3HRY\5174[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME0J3HRY\fastbutton[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME0J3HRY\likebox[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\052JQ5Q4\1054434-avg-secure-search-must-go-3[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\052JQ5Q4\1[1].htm moved successfully.
Registry entries deleted on Reboot...

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe.config
c:\users\pestyone\documents\advanced_uninstaller_pro_7_5_serial_keygen_by_dbc\dbc.nfo
c:\users\pestyone\documents\advanced_uninstaller_pro_7_5_serial_keygen_by_dbc\file_id.diz
scanner sequence 3.CA.11.KFAACG
----- EOF -----

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-01 15:57:20
-----------------------------
15:57:20.167 OS Version: Windows x64 6.1.7601 Service Pack 1
15:57:20.167 Number of processors: 2 586 0x170A
15:57:20.168 ComputerName: PESTYONE-PC UserName: pestyone
15:57:20.965 Initialize success
15:57:48.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:57:48.755 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
15:57:48.759 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077
15:57:48.763 Disk 1 Vendor: Size: 305245MB BusType: 0
15:57:48.773 Disk 0 MBR read successfully
15:57:48.778 Disk 0 MBR scan
15:57:48.783 Disk 0 unknown MBR code
15:57:48.790 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:57:48.802 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 115712 MB offset 206848
15:57:48.808 Disk 0 Partition - 00 0F Extended LBA 170499 MB offset 237185024
15:57:48.839 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 18933 MB offset 586366976
15:57:48.887 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 170498 MB offset 237187072
15:57:48.919 Disk 0 scanning C:\windows\system32\drivers
15:57:55.324 Service scanning
15:58:15.540 Modules scanning
15:58:15.559 Disk 0 trace - called modules:
15:58:15.607 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:58:15.617 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049973b0]
15:58:15.627 3 CLASSPNP.SYS[fffff88001bc943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047b5050]
15:58:15.637 Scan finished successfully
15:58:30.851 Disk 0 MBR has been saved successfully to "C:\Users\pestyone\Desktop\MBR.dat"
15:58:30.875 The log file has been saved successfully to "C:\Users\pestyone\Desktop\aswMBR.txt"


----------



## Verylost (Jul 15, 2010)

Ok whew the last log TDSS hope this helps amazing how this errors don t have a fix something faster; i am i the first its taking soooo long; the fix why aren t their already fixs ready to go hum . . .

16:03:46.0552 4060 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:03:46.0804 4060 ============================================================
16:03:46.0804 4060 Current date / time: 2012/06/01 16:03:46.0804
16:03:46.0804 4060 SystemInfo:
16:03:46.0804 4060 
16:03:46.0804 4060 OS Version: 6.1.7601 ServicePack: 1.0
16:03:46.0804 4060 Product type: Workstation
16:03:46.0804 4060 ComputerName: PESTYONE-PC
16:03:46.0805 4060 UserName: pestyone
16:03:46.0805 4060 Windows directory: C:\windows
16:03:46.0805 4060 System windows directory: C:\windows
16:03:46.0805 4060 Running under WOW64
16:03:46.0805 4060 Processor architecture: Intel x64
16:03:46.0805 4060 Number of processors: 2
16:03:46.0805 4060 Page size: 0x1000
16:03:46.0805 4060 Boot type: Normal boot
16:03:46.0805 4060 ============================================================
16:03:47.0357 4060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:03:47.0361 4060 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D92650, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
16:03:53.0709 4060 ============================================================
16:03:53.0709 4060 \Device\Harddisk0\DR0:
16:03:53.0709 4060 MBR partitions:
16:03:53.0709 4060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:03:53.0710 4060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE200000
16:03:53.0724 4060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE233000, BlocksNum 0x14D01000
16:03:53.0724 4060 \Device\Harddisk1\DR1:
16:03:53.0763 4060 MBR partitions:
16:03:53.0763 4060 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
16:03:53.0763 4060 ============================================================
16:03:53.0804 4060 C: <-> \Device\Harddisk0\DR0\Partition1
16:03:53.0830 4060 F: <-> \Device\Harddisk1\DR1\Partition0
16:03:53.0874 4060 D: <-> \Device\Harddisk0\DR0\Partition2
16:03:53.0874 4060 ============================================================
16:03:53.0874 4060 Initialize success
16:03:53.0874 4060 ============================================================
16:05:30.0043 0364 ============================================================
16:05:30.0043 0364 Scan started
16:05:30.0043 0364 Mode: Manual; SigCheck; TDLFS; 
16:05:30.0043 0364 ============================================================
16:05:30.0708 0364 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:05:31.0056 0364 1394ohci - ok
16:05:31.0134 0364 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:05:31.0153 0364 ACPI - ok
16:05:31.0166 0364 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:05:31.0216 0364 AcpiPmi - ok
16:05:31.0386 0364 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:31.0399 0364 AdobeARMservice - ok
16:05:31.0481 0364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:05:31.0501 0364 adp94xx - ok
16:05:31.0547 0364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:05:31.0576 0364 adpahci - ok
16:05:31.0603 0364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:05:31.0617 0364 adpu320 - ok
16:05:31.0647 0364 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:05:31.0695 0364 AeLookupSvc - ok
16:05:31.0770 0364 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:05:31.0804 0364 AFD - ok
16:05:31.0841 0364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:05:31.0865 0364 agp440 - ok
16:05:31.0885 0364 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:05:31.0930 0364 ALG - ok
16:05:31.0961 0364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:05:31.0973 0364 aliide - ok
16:05:31.0978 0364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:05:31.0991 0364 amdide - ok
16:05:32.0030 0364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:05:32.0083 0364 AmdK8 - ok
16:05:32.0105 0364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:05:32.0137 0364 AmdPPM - ok
16:05:32.0176 0364 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:05:32.0199 0364 amdsata - ok
16:05:32.0229 0364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:05:32.0243 0364 amdsbs - ok
16:05:32.0255 0364 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:05:32.0266 0364 amdxata - ok
16:05:32.0325 0364 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:05:32.0374 0364 AppID - ok
16:05:32.0425 0364 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:05:32.0503 0364 AppIDSvc - ok
16:05:32.0531 0364 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
16:05:32.0573 0364 Appinfo - ok
16:05:32.0617 0364 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:05:32.0629 0364 arc - ok
16:05:32.0646 0364 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:05:32.0659 0364 arcsas - ok
16:05:32.0688 0364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:05:32.0760 0364 AsyncMac - ok
16:05:32.0794 0364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:05:32.0806 0364 atapi - ok
16:05:33.0012 0364 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\windows\system32\DRIVERS\athrx.sys
16:05:33.0107 0364 athr - ok
16:05:33.0279 0364 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:05:33.0359 0364 AudioEndpointBuilder - ok
16:05:33.0368 0364 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:05:33.0408 0364 AudioSrv - ok
16:05:33.0458 0364 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
16:05:33.0499 0364 AxInstSV - ok
16:05:33.0576 0364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:05:33.0595 0364 b06bdrv - ok
16:05:33.0653 0364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:05:33.0699 0364 b57nd60a - ok
16:05:33.0737 0364 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:05:33.0764 0364 BDESVC - ok
16:05:33.0783 0364 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:05:33.0835 0364 Beep - ok
16:05:33.0940 0364 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
16:05:33.0998 0364 BFE - ok
16:05:34.0087 0364 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
16:05:34.0195 0364 BITS - ok
16:05:34.0237 0364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:05:34.0271 0364 blbdrive - ok
16:05:34.0331 0364 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:05:34.0361 0364 bowser - ok
16:05:34.0381 0364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:05:34.0422 0364 BrFiltLo - ok
16:05:34.0439 0364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:05:34.0455 0364 BrFiltUp - ok
16:05:34.0500 0364 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
16:05:34.0581 0364 BridgeMP - ok
16:05:34.0636 0364 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
16:05:34.0725 0364 Browser - ok
16:05:34.0761 0364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:05:34.0803 0364 Brserid - ok
16:05:34.0823 0364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:05:34.0857 0364 BrSerWdm - ok
16:05:34.0870 0364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:05:34.0933 0364 BrUsbMdm - ok
16:05:34.0938 0364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:05:34.0961 0364 BrUsbSer - ok
16:05:35.0029 0364 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
16:05:35.0064 0364 BthEnum - ok
16:05:35.0085 0364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:05:35.0119 0364 BTHMODEM - ok
16:05:35.0157 0364 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
16:05:35.0185 0364 BthPan - ok
16:05:35.0247 0364 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
16:05:35.0282 0364 BTHPORT - ok
16:05:35.0330 0364 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:05:35.0390 0364 bthserv - ok
16:05:35.0421 0364 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
16:05:35.0453 0364 BTHUSB - ok
16:05:35.0491 0364 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:05:35.0527 0364 cdfs - ok
16:05:35.0596 0364 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
16:05:35.0622 0364 cdrom - ok
16:05:35.0678 0364 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:05:35.0742 0364 CertPropSvc - ok
16:05:35.0757 0364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:05:35.0789 0364 circlass - ok
16:05:35.0847 0364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:05:35.0865 0364 CLFS - ok
16:05:35.0928 0364 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:35.0939 0364 clr_optimization_v2.0.50727_32 - ok
16:05:35.0973 0364 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:35.0984 0364 clr_optimization_v2.0.50727_64 - ok
16:05:36.0073 0364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:36.0095 0364 clr_optimization_v4.0.30319_32 - ok
16:05:36.0154 0364 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:36.0173 0364 clr_optimization_v4.0.30319_64 - ok
16:05:36.0205 0364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:05:36.0246 0364 CmBatt - ok
16:05:36.0267 0364 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:05:36.0279 0364 cmdide - ok
16:05:36.0347 0364 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:05:36.0374 0364 CNG - ok
16:05:36.0398 0364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:05:36.0410 0364 Compbatt - ok
16:05:36.0447 0364 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
16:05:36.0473 0364 CompositeBus - ok
16:05:36.0489 0364 COMSysApp - ok
16:05:36.0512 0364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:05:36.0524 0364 crcdisk - ok
16:05:36.0576 0364 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
16:05:36.0625 0364 CryptSvc - ok
16:05:36.0684 0364 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:05:36.0734 0364 DcomLaunch - ok
16:05:36.0778 0364 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:05:36.0845 0364 defragsvc - ok
16:05:36.0897 0364 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:05:36.0957 0364 DfsC - ok
16:05:36.0998 0364 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
16:05:37.0075 0364 Dhcp - ok
16:05:37.0104 0364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:05:37.0152 0364 discache - ok
16:05:37.0181 0364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:05:37.0193 0364 Disk - ok
16:05:37.0246 0364 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
16:05:37.0287 0364 Dnscache - ok
16:05:37.0321 0364 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
16:05:37.0377 0364 dot3svc - ok
16:05:37.0422 0364 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
16:05:37.0476 0364 DPS - ok
16:05:37.0501 0364 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:05:37.0516 0364 drmkaud - ok
16:05:37.0615 0364 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:05:37.0650 0364 DXGKrnl - ok
16:05:37.0678 0364 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:05:37.0725 0364 EapHost - ok
16:05:37.0950 0364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:05:38.0063 0364 ebdrv - ok
16:05:38.0187 0364 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
16:05:38.0232 0364 EFS - ok
16:05:38.0335 0364 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
16:05:38.0379 0364 ehRecvr - ok
16:05:38.0414 0364 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:05:38.0442 0364 ehSched - ok
16:05:38.0560 0364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:05:38.0581 0364 elxstor - ok
16:05:38.0619 0364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:05:38.0647 0364 ErrDev - ok
16:05:38.0687 0364 ETD (b73181411523d264ad7bec35b84716ab) C:\windows\system32\DRIVERS\ETD.sys
16:05:38.0706 0364 ETD - ok
16:05:38.0762 0364 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:05:38.0824 0364 EventSystem - ok
16:05:38.0873 0364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:05:38.0928 0364 exfat - ok
16:05:38.0944 0364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:05:38.0992 0364 fastfat - ok
16:05:39.0065 0364 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
16:05:39.0101 0364 Fax - ok
16:05:39.0121 0364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:05:39.0147 0364 fdc - ok
16:05:39.0183 0364 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:05:39.0236 0364 fdPHost - ok
16:05:39.0250 0364 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:05:39.0294 0364 FDResPub - ok
16:05:39.0350 0364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:05:39.0363 0364 FileInfo - ok
16:05:39.0371 0364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:05:39.0451 0364 Filetrace - ok
16:05:39.0463 0364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:05:39.0476 0364 flpydisk - ok
16:05:39.0524 0364 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:05:39.0541 0364 FltMgr - ok
16:05:39.0631 0364 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
16:05:39.0685 0364 FontCache - ok
16:05:39.0753 0364 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:05:39.0770 0364 FontCache3.0.0.0 - ok
16:05:39.0850 0364 FreemakeVideoCapture (93b5cd0ac126be95f65b28af3d9542dc) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
16:05:39.0865 0364 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
16:05:39.0865 0364 FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
16:05:39.0918 0364 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:05:39.0940 0364 FsDepends - ok
16:05:39.0961 0364 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
16:05:39.0973 0364 Fs_Rec - ok
16:05:40.0030 0364 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:05:40.0062 0364 fvevol - ok
16:05:40.0078 0364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:05:40.0092 0364 gagp30kx - ok
16:05:40.0168 0364 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
16:05:40.0245 0364 gpsvc - ok
16:05:40.0268 0364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:05:40.0290 0364 hcw85cir - ok
16:05:40.0335 0364 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:05:40.0369 0364 HdAudAddService - ok
16:05:40.0405 0364 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
16:05:40.0437 0364 HDAudBus - ok
16:05:40.0448 0364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
16:05:40.0475 0364 HidBatt - ok
16:05:40.0495 0364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
16:05:40.0511 0364 HidBth - ok
16:05:40.0543 0364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
16:05:40.0576 0364 HidIr - ok
16:05:40.0596 0364 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
16:05:40.0644 0364 hidserv - ok
16:05:40.0691 0364 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:05:40.0704 0364 HidUsb - ok
16:05:40.0747 0364 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
16:05:40.0792 0364 hkmsvc - ok
16:05:40.0840 0364 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
16:05:40.0863 0364 HomeGroupListener - ok
16:05:40.0885 0364 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
16:05:40.0924 0364 HomeGroupProvider - ok
16:05:40.0962 0364 hooksys (f836144985ed1f646c4c188c9ad36e50) C:\windows\system32\drivers\Hooksys.sys
16:05:41.0004 0364 hooksys - ok
16:05:41.0064 0364 HookTdi (2ab942942cdaf9a2f8fc3aac341f0270) C:\windows\system32\drivers\HookTdi.sys
16:05:41.0073 0364 HookTdi - ok
16:05:41.0091 0364 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:05:41.0104 0364 HpSAMD - ok
16:05:41.0197 0364 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:05:41.0276 0364 HTTP - ok
16:05:41.0302 0364 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:05:41.0314 0364 hwpolicy - ok
16:05:41.0355 0364 HyperVM (3db29b8e0590f87ed0dfad5ae1bfaae1) C:\windows\system32\drivers\hvm.sys
16:05:41.0371 0364 HyperVM - ok
16:05:41.0448 0364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:05:41.0466 0364 i8042prt - ok
16:05:41.0552 0364 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
16:05:41.0582 0364 iaStor - ok
16:05:41.0634 0364 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:05:41.0652 0364 iaStorV - ok
16:05:41.0786 0364 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:05:41.0820 0364 idsvc - ok
16:05:42.0406 0364 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\windows\system32\DRIVERS\igdkmd64.sys
16:05:42.0659 0364 igfx - ok
16:05:42.0793 0364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
16:05:42.0805 0364 iirsp - ok
16:05:42.0886 0364 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
16:05:42.0941 0364 IKEEXT - ok
16:05:43.0157 0364 IntcAzAudAddService (65f70696be5abc11634fcf96af7d7896) C:\windows\system32\drivers\RTKVHD64.sys
16:05:43.0208 0364 IntcAzAudAddService - ok
16:05:43.0306 0364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:05:43.0326 0364 intelide - ok
16:05:43.0369 0364 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:05:43.0390 0364 intelppm - ok
16:05:43.0424 0364 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:05:43.0474 0364 IPBusEnum - ok
16:05:43.0511 0364 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:05:43.0557 0364 IpFilterDriver - ok
16:05:43.0634 0364 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
16:05:43.0695 0364 iphlpsvc - ok
16:05:43.0749 0364 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:05:43.0781 0364 IPMIDRV - ok
16:05:43.0820 0364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:05:43.0863 0364 IPNAT - ok
16:05:43.0887 0364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:05:43.0916 0364 IRENUM - ok
16:05:43.0949 0364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:05:43.0960 0364 isapnp - ok
16:05:44.0006 0364 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:05:44.0022 0364 iScsiPrt - ok
16:05:44.0056 0364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
16:05:44.0068 0364 kbdclass - ok
16:05:44.0099 0364 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
16:05:44.0126 0364 kbdhid - ok
16:05:44.0154 0364 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:05:44.0168 0364 KeyIso - ok
16:05:44.0314 0364 Kodak AiO Network Discovery Service (221b2f551a4990056866ec73d21d3f96) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
16:05:44.0338 0364 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - warning
16:05:44.0338 0364 Kodak AiO Network Discovery Service - detected UnsignedFile.Multi.Generic (1)
16:05:44.0375 0364 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:05:44.0394 0364 KSecDD - ok
16:05:44.0465 0364 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:05:44.0490 0364 KSecPkg - ok
16:05:44.0534 0364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:05:44.0577 0364 ksthunk - ok
16:05:44.0631 0364 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:05:44.0692 0364 KtmRm - ok
16:05:44.0757 0364 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
16:05:44.0849 0364 LanmanServer - ok
16:05:44.0892 0364 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
16:05:44.0943 0364 LanmanWorkstation - ok
16:05:44.0985 0364 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:05:45.0032 0364 lltdio - ok
16:05:45.0078 0364 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:05:45.0130 0364 lltdsvc - ok
16:05:45.0156 0364 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:05:45.0203 0364 lmhosts - ok
16:05:45.0251 0364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
16:05:45.0264 0364 LSI_FC - ok
16:05:45.0288 0364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
16:05:45.0301 0364 LSI_SAS - ok
16:05:45.0317 0364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:05:45.0329 0364 LSI_SAS2 - ok
16:05:45.0354 0364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:05:45.0367 0364 LSI_SCSI - ok
16:05:45.0389 0364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:05:45.0437 0364 luafv - ok
16:05:45.0471 0364 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
16:05:45.0501 0364 Mcx2Svc - ok
16:05:45.0507 0364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
16:05:45.0520 0364 megasas - ok
16:05:45.0554 0364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
16:05:45.0571 0364 MegaSR - ok
16:05:45.0602 0364 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:05:45.0658 0364 MMCSS - ok
16:05:45.0681 0364 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:05:45.0730 0364 Modem - ok
16:05:45.0777 0364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:05:45.0810 0364 monitor - ok
16:05:45.0853 0364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:05:45.0875 0364 mouclass - ok
16:05:45.0907 0364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:05:45.0948 0364 mouhid - ok
16:05:46.0004 0364 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:05:46.0026 0364 mountmgr - ok
16:05:46.0064 0364 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:05:46.0089 0364 mpio - ok
16:05:46.0113 0364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:05:46.0162 0364 mpsdrv - ok
16:05:46.0249 0364 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
16:05:46.0340 0364 MpsSvc - ok
16:05:46.0382 0364 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:05:46.0413 0364 MRxDAV - ok
16:05:46.0446 0364 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:05:46.0465 0364 mrxsmb - ok
16:05:46.0506 0364 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:05:46.0541 0364 mrxsmb10 - ok
16:05:46.0563 0364 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:05:46.0576 0364 mrxsmb20 - ok
16:05:46.0609 0364 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
16:05:46.0620 0364 msahci - ok
16:05:46.0655 0364 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:05:46.0668 0364 msdsm - ok
16:05:46.0715 0364 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:05:46.0740 0364 MSDTC - ok
16:05:46.0803 0364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:05:46.0856 0364 Msfs - ok
16:05:46.0888 0364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:05:46.0942 0364 mshidkmdf - ok
16:05:46.0964 0364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:05:46.0976 0364 msisadrv - ok
16:05:47.0009 0364 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:05:47.0057 0364 MSiSCSI - ok
16:05:47.0062 0364 msiserver - ok
16:05:47.0079 0364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:05:47.0120 0364 MSKSSRV - ok
16:05:47.0125 0364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:05:47.0174 0364 MSPCLOCK - ok
16:05:47.0192 0364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:05:47.0243 0364 MSPQM - ok
16:05:47.0295 0364 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:05:47.0325 0364 MsRPC - ok
16:05:47.0357 0364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
16:05:47.0369 0364 mssmbios - ok
16:05:47.0374 0364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:05:47.0419 0364 MSTEE - ok
16:05:47.0435 0364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
16:05:47.0464 0364 MTConfig - ok
16:05:47.0480 0364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:05:47.0492 0364 Mup - ok
16:05:47.0558 0364 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
16:05:47.0639 0364 napagent - ok
16:05:47.0697 0364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:05:47.0745 0364 NativeWifiP - ok
16:05:47.0832 0364 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
16:05:47.0874 0364 NDIS - ok
16:05:47.0893 0364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:05:47.0948 0364 NdisCap - ok
16:05:47.0979 0364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:05:48.0025 0364 NdisTapi - ok
16:05:48.0052 0364 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:05:48.0102 0364 Ndisuio - ok
16:05:48.0150 0364 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:05:48.0193 0364 NdisWan - ok
16:05:48.0211 0364 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:05:48.0254 0364 NDProxy - ok
16:05:48.0288 0364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:05:48.0324 0364 NetBIOS - ok
16:05:48.0351 0364 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:05:48.0406 0364 NetBT - ok
16:05:48.0443 0364 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:05:48.0456 0364 Netlogon - ok
16:05:48.0521 0364 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:05:48.0583 0364 Netman - ok
16:05:48.0627 0364 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:05:48.0691 0364 netprofm - ok
16:05:48.0759 0364 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:05:48.0775 0364 NetTcpPortSharing - ok
16:05:48.0823 0364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
16:05:48.0839 0364 nfrd960 - ok
16:05:48.0898 0364 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
16:05:48.0982 0364 NlaSvc - ok
16:05:49.0017 0364 npf (351533acc2a069b94e80bbfc177e8fdf) C:\windows\system32\drivers\npf.sys
16:05:49.0028 0364 npf - ok
16:05:49.0048 0364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:05:49.0084 0364 Npfs - ok
16:05:49.0110 0364 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:05:49.0147 0364 nsi - ok
16:05:49.0156 0364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:05:49.0209 0364 nsiproxy - ok
16:05:49.0345 0364 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:05:49.0426 0364 Ntfs - ok
16:05:49.0551 0364 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:05:49.0613 0364 Null - ok
16:05:49.0680 0364 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:05:49.0694 0364 nvraid - ok
16:05:49.0767 0364 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:05:49.0781 0364 nvstor - ok
16:05:49.0825 0364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:05:49.0839 0364 nv_agp - ok
16:05:49.0865 0364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:05:49.0895 0364 ohci1394 - ok
16:05:49.0947 0364 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:05:49.0981 0364 p2pimsvc - ok
16:05:50.0025 0364 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:05:50.0072 0364 p2psvc - ok
16:05:50.0120 0364 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
16:05:50.0161 0364 Parport - ok
16:05:50.0193 0364 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
16:05:50.0205 0364 partmgr - ok
16:05:50.0233 0364 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:05:50.0276 0364 PcaSvc - ok
16:05:50.0320 0364 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:05:50.0345 0364 pci - ok
16:05:50.0391 0364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
16:05:50.0411 0364 pciide - ok
16:05:50.0463 0364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
16:05:50.0478 0364 pcmcia - ok
16:05:50.0496 0364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:05:50.0508 0364 pcw - ok
16:05:50.0568 0364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:05:50.0642 0364 PEAUTH - ok
16:05:50.0740 0364 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:05:50.0778 0364 PerfHost - ok
16:05:50.0921 0364 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
16:05:51.0002 0364 pla - ok
16:05:51.0071 0364 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
16:05:51.0127 0364 PlugPlay - ok
16:05:51.0153 0364 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:05:51.0176 0364 PNRPAutoReg - ok
16:05:51.0214 0364 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:05:51.0230 0364 PNRPsvc - ok
16:05:51.0294 0364 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
16:05:51.0389 0364 PolicyAgent - ok
16:05:51.0433 0364 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:05:51.0479 0364 Power - ok
16:05:51.0559 0364 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:05:51.0622 0364 PptpMiniport - ok
16:05:51.0656 0364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
16:05:51.0683 0364 Processor - ok
16:05:51.0730 0364 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
16:05:51.0837 0364 ProfSvc - ok
16:05:51.0865 0364 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:05:51.0889 0364 ProtectedStorage - ok
16:05:51.0924 0364 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:05:51.0959 0364 Psched - ok
16:05:52.0071 0364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
16:05:52.0141 0364 ql2300 - ok
16:05:52.0261 0364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
16:05:52.0285 0364 ql40xx - ok
16:05:52.0328 0364 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:05:52.0354 0364 QWAVE - ok
16:05:52.0370 0364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:05:52.0388 0364 QWAVEdrv - ok
16:05:52.0407 0364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:05:52.0443 0364 RasAcd - ok
16:05:52.0483 0364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:05:52.0551 0364 RasAgileVpn - ok
16:05:52.0573 0364 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:05:52.0611 0364 RasAuto - ok
16:05:52.0653 0364 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:05:52.0698 0364 Rasl2tp - ok
16:05:52.0738 0364 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
16:05:52.0787 0364 RasMan - ok
16:05:52.0814 0364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:05:52.0862 0364 RasPppoe - ok
16:05:52.0886 0364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:05:52.0939 0364 RasSstp - ok
16:05:52.0969 0364 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:05:53.0007 0364 rdbss - ok
16:05:53.0026 0364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
16:05:53.0043 0364 rdpbus - ok
16:05:53.0072 0364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:05:53.0107 0364 RDPCDD - ok
16:05:53.0121 0364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:05:53.0165 0364 RDPENCDD - ok
16:05:53.0184 0364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:05:53.0218 0364 RDPREFMP - ok
16:05:53.0259 0364 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
16:05:53.0291 0364 RDPWD - ok
16:05:53.0347 0364 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:05:53.0373 0364 rdyboost - ok
16:05:53.0415 0364 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:05:53.0487 0364 RemoteAccess - ok
16:05:53.0519 0364 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:05:53.0578 0364 RemoteRegistry - ok
16:05:53.0621 0364 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
16:05:53.0655 0364 RFCOMM - ok
16:05:53.0677 0364 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:05:53.0731 0364 RpcEptMapper - ok
16:05:53.0756 0364 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:05:53.0781 0364 RpcLocator - ok
16:05:53.0841 0364 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:05:53.0890 0364 RpcSs - ok
16:05:53.0964 0364 RsMgrSvc (811a775db3dba12d8fd27c352af071dc) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
16:05:53.0978 0364 RsMgrSvc - ok
16:05:54.0026 0364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:05:54.0082 0364 rspndr - ok
16:05:54.0153 0364 RsRavMon (99490f146ff04911da9c7f9457e2ad5a) C:\Program Files (x86)\Rising\RAV\RavMonD.exe
16:05:54.0176 0364 RsRavMon - ok
16:05:54.0213 0364 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
16:05:54.0228 0364 RTL8167 - ok
16:05:54.0313 0364 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
16:05:54.0331 0364 rtport - ok
16:05:54.0371 0364 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
16:05:54.0400 0364 SABI - ok
16:05:54.0432 0364 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:05:54.0455 0364 SamSs - ok
16:05:54.0493 0364 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
16:05:54.0514 0364 Samsung UPD Service - ok
16:05:54.0550 0364 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:05:54.0563 0364 sbp2port - ok
16:05:54.0604 0364 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:05:54.0664 0364 SCardSvr - ok
16:05:54.0710 0364 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:05:54.0751 0364 scfilter - ok
16:05:54.0845 0364 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
16:05:54.0929 0364 Schedule - ok
16:05:54.0944 0364 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:05:54.0978 0364 SCPolicySvc - ok
16:05:55.0016 0364 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
16:05:55.0033 0364 SDRSVC - ok
16:05:55.0081 0364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:05:55.0124 0364 secdrv - ok
16:05:55.0145 0364 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
16:05:55.0193 0364 seclogon - ok
16:05:55.0231 0364 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
16:05:55.0285 0364 SENS - ok
16:05:55.0298 0364 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:05:55.0312 0364 SensrSvc - ok
16:05:55.0329 0364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
16:05:55.0351 0364 Serenum - ok
16:05:55.0376 0364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
16:05:55.0405 0364 Serial - ok
16:05:55.0458 0364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
16:05:55.0490 0364 sermouse - ok
16:05:55.0544 0364 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
16:05:55.0603 0364 SessionEnv - ok
16:05:55.0630 0364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:05:55.0654 0364 sffdisk - ok
16:05:55.0669 0364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:05:55.0702 0364 sffp_mmc - ok
16:05:55.0718 0364 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:05:55.0748 0364 sffp_sd - ok
16:05:55.0769 0364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
16:05:55.0803 0364 sfloppy - ok
16:05:55.0853 0364 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
16:05:55.0903 0364 SharedAccess - ok
16:05:55.0959 0364 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
16:05:56.0013 0364 ShellHWDetection - ok
16:05:56.0029 0364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:05:56.0041 0364 SiSRaid2 - ok
16:05:56.0064 0364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
16:05:56.0077 0364 SiSRaid4 - ok
16:05:56.0111 0364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:05:56.0160 0364 Smb - ok
16:05:56.0192 0364 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:05:56.0222 0364 SNMPTRAP - ok
16:05:56.0236 0364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:05:56.0248 0364 spldr - ok
16:05:56.0315 0364 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
16:05:56.0374 0364 Spooler - ok
16:05:56.0608 0364 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
16:05:56.0739 0364 sppsvc - ok
16:05:56.0878 0364 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:05:56.0957 0364 sppuinotify - ok
16:05:57.0004 0364 sprtsvc_verizondm - ok
16:05:57.0092 0364 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:05:57.0130 0364 srv - ok
16:05:57.0198 0364 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:05:57.0226 0364 srv2 - ok
16:05:57.0265 0364 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:05:57.0295 0364 srvnet - ok
16:05:57.0335 0364 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:05:57.0392 0364 SSDPSRV - ok
16:05:57.0415 0364 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:05:57.0453 0364 SstpSvc - ok
16:05:57.0473 0364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
16:05:57.0485 0364 stexstor - ok
16:05:57.0572 0364 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
16:05:57.0622 0364 stisvc - ok
16:05:57.0658 0364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
16:05:57.0669 0364 swenum - ok
16:05:57.0709 0364 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:05:57.0773 0364 swprv - ok
16:05:57.0928 0364 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
16:05:58.0010 0364 SysMain - ok
16:05:58.0123 0364 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
16:05:58.0173 0364 TabletInputService - ok
16:05:58.0226 0364 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
16:05:58.0307 0364 TapiSrv - ok
16:05:58.0359 0364 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:05:58.0396 0364 TBS - ok
16:05:58.0564 0364 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
16:05:58.0649 0364 Tcpip - ok
16:05:58.0885 0364 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
16:05:58.0931 0364 TCPIP6 - ok
16:05:59.0023 0364 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:05:59.0090 0364 tcpipreg - ok
16:05:59.0118 0364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:05:59.0144 0364 TDPIPE - ok
16:05:59.0167 0364 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
16:05:59.0179 0364 TDTCP - ok
16:05:59.0225 0364 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:05:59.0296 0364 tdx - ok
16:05:59.0337 0364 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
16:05:59.0349 0364 TermDD - ok
16:05:59.0412 0364 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
16:05:59.0458 0364 TermService - ok
16:05:59.0502 0364 tgsrvc_verizondm - ok
16:05:59.0535 0364 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:05:59.0565 0364 Themes - ok
16:05:59.0604 0364 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:05:59.0640 0364 THREADORDER - ok
16:05:59.0665 0364 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:05:59.0716 0364 TrkWks - ok
16:05:59.0780 0364 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
16:05:59.0826 0364 TrustedInstaller - ok
16:05:59.0864 0364 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:05:59.0911 0364 tssecsrv - ok
16:05:59.0959 0364 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:05:59.0971 0364 TsUsbFlt - ok
16:06:00.0014 0364 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:06:00.0058 0364 tunnel - ok
16:06:00.0094 0364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
16:06:00.0106 0364 uagp35 - ok
16:06:00.0143 0364 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:06:00.0180 0364 udfs - ok
16:06:00.0218 0364 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:06:00.0235 0364 UI0Detect - ok
16:06:00.0271 0364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:06:00.0283 0364 uliagpkx - ok
16:06:00.0323 0364 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
16:06:00.0342 0364 umbus - ok
16:06:00.0363 0364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
16:06:00.0383 0364 UmPass - ok
16:06:00.0416 0364 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:06:00.0466 0364 upnphost - ok
16:06:00.0485 0364 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:06:00.0498 0364 usbccgp - ok
16:06:00.0524 0364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:06:00.0540 0364 usbcir - ok
16:06:00.0556 0364 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
16:06:00.0569 0364 usbehci - ok
16:06:00.0619 0364 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:06:00.0662 0364 usbhub - ok
16:06:00.0678 0364 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
16:06:00.0707 0364 usbohci - ok
16:06:00.0739 0364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:06:00.0765 0364 usbprint - ok
16:06:00.0802 0364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
16:06:00.0832 0364 usbscan - ok
16:06:00.0853 0364 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:06:00.0881 0364 USBSTOR - ok
16:06:00.0898 0364 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
16:06:00.0910 0364 usbuhci - ok
16:06:00.0963 0364 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
16:06:00.0984 0364 usbvideo - ok
16:06:01.0015 0364 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:06:01.0060 0364 UxSms - ok
16:06:01.0088 0364 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:06:01.0101 0364 VaultSvc - ok
16:06:01.0147 0364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:06:01.0158 0364 vdrvroot - ok
16:06:01.0223 0364 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
16:06:01.0275 0364 vds - ok
16:06:01.0308 0364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:06:01.0323 0364 vga - ok
16:06:01.0342 0364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:06:01.0406 0364 VgaSave - ok
16:06:01.0446 0364 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:06:01.0461 0364 vhdmp - ok
16:06:01.0475 0364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:06:01.0487 0364 viaide - ok
16:06:01.0519 0364 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:06:01.0531 0364 volmgr - ok
16:06:01.0588 0364 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:06:01.0619 0364 volmgrx - ok
16:06:01.0677 0364 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:06:01.0694 0364 volsnap - ok
16:06:01.0754 0364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
16:06:01.0779 0364 vsmraid - ok
16:06:01.0907 0364 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
16:06:02.0000 0364 VSS - ok
16:06:02.0132 0364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:06:02.0164 0364 vwifibus - ok
16:06:02.0199 0364 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
16:06:02.0223 0364 vwififlt - ok
16:06:02.0274 0364 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:06:02.0335 0364 W32Time - ok
16:06:02.0357 0364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
16:06:02.0370 0364 WacomPen - ok
16:06:02.0414 0364 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:06:02.0462 0364 WANARP - ok
16:06:02.0467 0364 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:06:02.0502 0364 Wanarpv6 - ok
16:06:02.0631 0364 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:06:02.0690 0364 WatAdminSvc - ok
16:06:02.0838 0364 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
16:06:02.0916 0364 wbengine - ok
16:06:03.0042 0364 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:06:03.0078 0364 WbioSrvc - ok
16:06:03.0129 0364 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
16:06:03.0180 0364 wcncsvc - ok
16:06:03.0198 0364 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:06:03.0222 0364 WcsPlugInService - ok
16:06:03.0267 0364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
16:06:03.0288 0364 Wd - ok
16:06:03.0351 0364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:06:03.0382 0364 Wdf01000 - ok
16:06:03.0397 0364 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:06:03.0418 0364 WdiServiceHost - ok
16:06:03.0422 0364 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:06:03.0443 0364 WdiSystemHost - ok
16:06:03.0486 0364 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
16:06:03.0520 0364 WebClient - ok
16:06:03.0554 0364 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:06:03.0612 0364 Wecsvc - ok
16:06:03.0642 0364 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:06:03.0680 0364 wercplsupport - ok
16:06:03.0702 0364 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:06:03.0755 0364 WerSvc - ok
16:06:03.0835 0364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:06:03.0892 0364 WfpLwf - ok
16:06:03.0913 0364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:06:03.0925 0364 WIMMount - ok
16:06:03.0958 0364 WinDefend - ok
16:06:03.0968 0364 WinHttpAutoProxySvc - ok
16:06:04.0041 0364 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:06:04.0090 0364 Winmgmt - ok
16:06:04.0247 0364 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
16:06:04.0342 0364 WinRM - ok
16:06:04.0509 0364 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:06:04.0576 0364 Wlansvc - ok
16:06:04.0650 0364 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:06:04.0667 0364 wlcrasvc - ok
16:06:04.0855 0364 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:06:04.0935 0364 wlidsvc - ok
16:06:05.0053 0364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
16:06:05.0092 0364 WmiAcpi - ok
16:06:05.0162 0364 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:06:05.0209 0364 wmiApSrv - ok
16:06:05.0259 0364 WMPNetworkSvc - ok
16:06:05.0282 0364 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:06:05.0301 0364 WPCSvc - ok
16:06:05.0333 0364 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
16:06:05.0351 0364 WPDBusEnum - ok
16:06:05.0378 0364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:06:05.0422 0364 ws2ifsl - ok
16:06:05.0443 0364 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
16:06:05.0473 0364 wscsvc - ok
16:06:05.0478 0364 WSearch - ok
16:06:05.0658 0364 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
16:06:05.0783 0364 wuauserv - ok
16:06:05.0925 0364 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:06:05.0971 0364 WudfPf - ok
16:06:06.0014 0364 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:06:06.0066 0364 WUDFRd - ok
16:06:06.0084 0364 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
16:06:06.0121 0364 wudfsvc - ok
16:06:06.0161 0364 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:06:06.0201 0364 WwanSvc - ok
16:06:06.0372 0364 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:06:06.0402 0364 YahooAUService - ok
16:06:06.0476 0364 yukonw7 (4647fda6e21b18824d6073801177f4f7) C:\windows\system32\DRIVERS\yk62x64.sys
16:06:06.0498 0364 yukonw7 - ok
16:06:06.0538 0364 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
16:06:06.0915 0364 \Device\Harddisk0\DR0 - ok
16:06:06.0921 0364 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
16:06:07.0255 0364 \Device\Harddisk1\DR1 - ok
16:06:07.0260 0364 Boot (0x1200) (75123ef113d4913bb4928b44421ef202) \Device\Harddisk0\DR0\Partition0
16:06:07.0262 0364 \Device\Harddisk0\DR0\Partition0 - ok
16:06:07.0278 0364 Boot (0x1200) (08832b94c3c91b8443740b7a9727e42d) \Device\Harddisk0\DR0\Partition1
16:06:07.0280 0364 \Device\Harddisk0\DR0\Partition1 - ok
16:06:07.0307 0364 Boot (0x1200) (818094a2faefae82a157fff6ddf6f665) \Device\Harddisk0\DR0\Partition2
16:06:07.0309 0364 \Device\Harddisk0\DR0\Partition2 - ok
16:06:07.0314 0364 Boot (0x1200) (f213333f19400856ded13be3006012cd) \Device\Harddisk1\DR1\Partition0
16:06:07.0319 0364 \Device\Harddisk1\DR1\Partition0 - ok
16:06:07.0320 0364 ============================================================
16:06:07.0320 0364 Scan finished
16:06:07.0320 0364 ============================================================
16:06:07.0336 4768 Detected object count: 2
16:06:07.0337 4768 Actual detected object count: 2
16:06:18.0770 4768 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:18.0770 4768 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:06:18.0771 4768 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:18.0771 4768 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:14:17.0998 2376 Deinitialize success


----------



## eddie5659 (Mar 19, 2001)

Okay, firstly you have these on your system:

*c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe.config
c:\users\pestyone\documents\advanced_uninstaller_pro_7_5_serial_keygen_by_d bc\dbc.nfo
c:\users\pestyone\documents\advanced_uninstaller_pro_7_5_serial_keygen_by_d bc\file_id.diz*

Having keygen/cracks etc, apart from being illegal, are a major scource of malware, viruses etc. So, I would strongly suggest not to use them, and to remove them.

--

You have a file that I'd like to check out further. Can you upload it as follows:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\windows\SysWow64\AK083E209605E394C.lie
> *


Let me know when they're uploaded 

-------------

Re-Run *aswMBR*


Click *Scan*
On completion of the scan, click the *FIXMBR* button 
There is a slight pause after clicking the *'Fix'* button. 
Wait for the tool to report *'Infection fixed successfully'*, now reboot the machine.
*Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.*

_*Note:*After the *'Infection fixed successfully'* message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot._

Save the log as before and post in your next reply.

------------
Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*Iobit*
*AVG*
*Conduit*
*Advanced Spyware Remover*
*SystemCare*
:folderfind
*Iobit*
*AVG*
*Conduit*
*Advanced Spyware Remover*
*SystemCare*
:regfind
Iobit
Conduit
Advanced Spyware Remover
SystemCare
:file
C:\windows\SysWow64\AK083E209605E394C.lie
:dir
C:\Users\pestyone\AppData\Local\{B8D87C41-3899-4FE5-B381-84E0935193C7} /sub
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## Verylost (Jul 15, 2010)

Ok trying to find these 4 files but so far no luck and i do use a kodak printer so if i delete kodak files wont my printer stop working and whats a hard re boot that sounds scaryyy . .

*c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe.config
c:\users\pestyone\documents\advanced_uninstaller_pro_7_5_serial_keygen_by_d bc\dbc.nfo
c:\users\pestyone\documents\advanced_uninstaller_pro_7_5_serial_keygen_by_d bc\file_id.diz*


----------



## Verylost (Jul 15, 2010)

Ok downloaded the file you wanted to spykiller its their your see it waiting on you.

Deleted the two advance folders but so far can t the kodak folders you posted but still looking can t find the bloody things and using aswMBR will post that log soon.

And whats a hard re boot ? later . .


----------



## Verylost (Jul 15, 2010)

Ok can t find any kodak malware yet but still looking and heres the sys look log seems to be a bunch of junk listed and doing more searchs for advanced and system care stuff trying not to miss anything; amazing how this stuff hides - and whats a " Hard Boot " - later . .

SystemLook 30.07.11 by jpshortstuff
Log created at 10:40 on 08/08/2012 by pestyone
Administrator - Elevation successful
========== filefind ==========
Searching for "*Iobit*"
No files found.
Searching for "*AVG*"
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\AppData\Local\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Favorites\How to remove AVG secure search. - Yahoo! Answers.url --a---- 425 bytes [17:17 26/05/2012] [17:17 26/05/2012] 39E5DD7E027F15A0F4B3715F13FA9F54
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] (Unable to calculate MD5)
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Application Data\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Users\pestyone\Local Settings\Temporary Internet Files\Content.IE5\Z1OJI8FE\1054434-avg-secure-search-must-go-3[1].htm --a---- 196293 bytes [14:38 08/06/2012] [14:38 08/06/2012] 19D065F175E999D5A3F35EC7118D8439
C:\Windows\Prefetch\AVG_REMOVER_STF_X64_2012_2125-9F3710CE.pf --a---- 30586 bytes [11:21 01/06/2012] [11:21 01/06/2012] 7E275AE7231810818529F84491E795FD
C:\_OTL\MovedFiles\06012012_153205\C_Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\052JQ5Q4\1054434-avg-secure-search-must-go-3[1].htm --a---- 57151 bytes [19:29 01/06/2012] [19:29 01/06/2012] 07E8284EEB1357F049EDF71A7E5145AD
Searching for "*Conduit*"
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml --a---- 192 bytes [03:38 08/05/2012] [11:41 11/05/2012] F159884E3BCD46C383F9086F4BF788C1
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml --a---- 188 bytes [13:53 11/05/2012] [13:53 11/05/2012] E2A87E535CF5282072AA46166D27D1DF
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.js --a---- 9052 bytes [02:23 10/05/2012] [06:04 18/04/2012] AF98421711C6CFA73D6720C455D92DAC
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [02:23 10/05/2012] [06:04 18/04/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml --a---- 935 bytes [02:23 10/05/2012] [06:04 18/04/2012] EA3447EB2DF2363DF9B9CB0429342219
C:\Users\pestyone\Application Data\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.js --a---- 9052 bytes [02:23 10/05/2012] [06:04 18/04/2012] AF98421711C6CFA73D6720C455D92DAC
C:\Users\pestyone\Application Data\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [02:23 10/05/2012] [06:04 18/04/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\pestyone\Application Data\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml --a---- 935 bytes [02:23 10/05/2012] [06:04 18/04/2012] EA3447EB2DF2363DF9B9CB0429342219
Searching for "*Advanced Spyware Remover*"
No files found.
Searching for "*SystemCare*"
No files found.
========== folderfind ==========
Searching for "*Iobit*"
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [16:19 11/05/2012]
C:\_OTL\MovedFiles\06012012_153205\C_Users\pestyone\AppData\Roaming\IObit d------ [14:04 11/05/2012]
C:\_OTL\MovedFiles\06012012_153205\C_Users\pestyone\AppData\Roaming\IObit\IObit Uninstaller d------ [00:51 25/05/2012]
Searching for "*AVG*"
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\Application Data\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Users\pestyone\Local Settings\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search d------ [20:35 13/05/2012]
C:\_OTL\MovedFiles\06012012_153205\C_Users\pestyone\AppData\Roaming\AVG2012 d------ [15:09 26/05/2012]
Searching for "*Conduit*"
C:\Users\pestyone\AppData\LocalLow\Conduit d------ [03:35 08/05/2012]
C:\_OTL\MovedFiles\06012012_153205\C_Users\pestyone\AppData\Local\Conduit d------ [03:35 08/05/2012]
Searching for "*Advanced Spyware Remover*"
No folders found.
Searching for "*SystemCare*"
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [16:19 11/05/2012]
C:\_OTL\MovedFiles\06012012_153205\C_Users\pestyone\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [14:04 11/05/2012]
========== regfind ==========
Searching for "Iobit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"="http://search.conduit.com?SearchSource=10&ctid=CT2504091"
[HKEY_USERS\S-1-5-21-660230534-9386771-3986129850-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-660230534-9386771-3986129850-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-660230534-9386771-3986129850-1000\Software\Conduit]
Searching for "Advanced Spyware Remover"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced Spyware Remover]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced Spyware Remover]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced Spyware Remover]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Advanced Spyware Remover]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced Spyware Remover]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced Spyware Remover]
Searching for "SystemCare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 5]
========== file ==========
C:\windows\SysWow64\AK083E209605E394C.lie - File found and opened.
MD5: 14A679C220F15A9630DB40BD7863D346
Created at 13:19 on 24/05/2012
Modified at 13:19 on 24/05/2012
Size: 42 bytes
Attributes: --a----
No version information available.
========== dir ==========
C:\Users\pestyone\AppData\Local\{B8D87C41-3899-4FE5-B381-84E0935193C7} - Parameters: "/sub"
---Files---
None found.
No folders found.
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Just trying to find where it says Hard boot 

Its just an actual reboot, as in shut down and then boot up as you would normally do first thing in the morning 

I'll have a look at this fully tomorrow, just remembered you're on Vista, so have to create a fix that is different to other Windows


----------



## Verylost (Jul 15, 2010)

Wo wo hang on this issue is with my laptop windows 7; my desktop pc is vista and thats my other pc; had to recover the vista pc and now tryed to recover files and photos and videos from the vista pc and then get on the web then reload the desktop such fun; n o t .

The vista had lost dll issues and boot issues so i re formatted that i can handle; but will post here if i need help in the future hummm mybe recover help whats the best software to use; but thats for another time i guess . .


----------



## eddie5659 (Mar 19, 2001)

Sorry about the lateness, this computer of mine is having problems, so trying to sort it out as well 

For these:

*c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe
c:\program files (x86)\kodak\aio\center\ekkeygenerator.exe.config*

Can you upload them to same thread over at Spykiller, and I'll check if they're legit or not 

The reason I thought this was a Vista computer, is because of these:

*C:\Users\pestyone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data*

etc.

These are normally what is seen on Vista, not Windows 7. However, the majority are temp files, so we can remove them at the end.

Also, a lot of the other entries for AVG are for the uninstaller, so we can leave them

can you run this for me, as it may be easier than the manual approach 

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*


----------



## Verylost (Jul 15, 2010)

```
OTS logfile created on: 6/13/2012 7:06:15 PM - Run 2
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\pestyone\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113.00 Gb Total Space | 14.77 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
Drive D: | 166.50 Gb Total Space | 149.38 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PESTYONE-PC
Current User Name: pestyone
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\pestyone\Downloads\OTS.exe -> [2012/06/13 19:05:19 | 000,646,656 | ---- | M] (OldTimer Tools)
capturelibservice.exe -> C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -> [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft)
ekaiohostservice.exe -> C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -> [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated)
rsmgrsvc.exe -> C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe -> [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
tgsrvc.exe -> C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -> [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.)
sprtsvc.exe -> C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -> [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.)
rstray.exe -> C:\Program Files (x86)\Rising\RAV\RsTray.exe -> [2011/11/26 07:20:56 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
popwndexe.exe -> C:\Program Files (x86)\Rising\RSD\popwndexe.exe -> [2011/11/26 07:19:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
ravmond.exe -> C:\Program Files (x86)\Rising\RAV\RavMonD.exe -> [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
yahoom~1.exe -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe -> [2011/11/24 03:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.)
ssckbdhk.exe -> C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe -> [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics)
supbackground.exe -> C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe -> [2010/08/26 21:52:12 | 002,782,064 | ---- | M] (Samsung Electronics)
dmhkcore.exe -> C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe -> [2010/08/09 05:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.)
wcscheduler.exe -> C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe -> [2010/07/27 01:28:38 | 004,382,312 | ---- | M] (SEC)
easyspeedupmanager.exe -> C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe -> [2010/02/10 10:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.)
yahooauservice.exe -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
 
[Modules - No Company Name]
yui.dll -> C:\Program Files (x86)\Yahoo!\Messenger\yui.dll -> [2011/11/24 03:05:40 | 000,921,600 | ---- | M] ()
pcre.dll -> C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll -> [2011/11/24 03:05:26 | 000,078,336 | ---- | M] ()
resdll.dll -> C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll -> [2010/05/07 10:22:18 | 001,636,864 | ---- | M] ()
hookdllps2.dll -> C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll -> [2006/08/11 23:48:40 | 000,049,152 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com)
64bit-(wlcrasvc)  [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation)
64bit-(Samsung UPD Service)  [On_Demand | Stopped] -> C:\windows\SysNative\SUPDSvc.exe -> [2010/08/09 15:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(FreemakeVideoCapture) FreemakeVideoCapture [Auto | Running] -> C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -> [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft)
(Kodak AiO Network Discovery Service) Kodak AiO Network Discovery Service [Auto | Running] -> C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -> [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated)
(RsMgrSvc) Rsd Service [Auto | Running] -> C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe -> [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
(tgsrvc_verizondm) SupportSoft Repair Service (verizondm) [Auto | Running] -> C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -> [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.)
(sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) [Auto | Running] -> C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -> [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.)
(RsRavMon) Rav Service [Auto | Running] -> C:\Program Files (x86)\Rising\RAV\RavMonD.exe -> [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
 
[Driver Services - Safe List]
64bit-(HyperVM) HyperVM [Kernel | System | Running] -> C:\Windows\SysNative\drivers\hvm.sys -> [2011/11/26 07:16:30 | 000,041,048 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
64bit-(hooksys) hooksys [Kernel | System | Running] -> C:\Windows\SysNative\drivers\Hooksys.sys -> [2011/11/26 07:16:29 | 000,037,016 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
64bit-(HookTdi) HookTdi [Kernel | System | Running] -> C:\Windows\SysNative\drivers\HookTdi.sys -> [2011/11/26 07:16:29 | 000,030,360 | ---- | M] (Beijing Rising Information Technology Co., Ltd.)
64bit-(tun3325) VPN Tunnel Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tun3325.sys -> [2011/11/17 14:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project)
64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2011/02/11 23:16:38 | 010,628,640 | ---- | M] (Intel Corporation)
64bit-(npf) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\npf.sys -> [2011/02/11 17:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.)
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2010/11/23 03:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(ETD) ELAN PS/2 Port Input Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ETD.sys -> [2010/08/09 22:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.)
64bit-(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\yk62x64.sys -> [2010/07/08 04:28:46 | 000,401,696 | ---- | M] (Marvell)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/04/27 03:57:04 | 000,540,696 | ---- | M] (Intel Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            )
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(SABI) SAMSUNG Kernel Driver For Windows 7 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\SABI.sys -> [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS)
(rtport) rtport [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\rtport.sys -> [2011/09/15 07:37:04 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(npf) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\Windows\SysWOW64\drivers\npf.sys -> [2005/08/03 01:10:12 | 000,032,512 | ---- | M] (CACE Technologies)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> [URL]http://www.yahoo.com/?ilc=8[/URL] -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.yahoo.com/[/URL] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\ -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3\ -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions -> [2012/01/07 17:51:17 | 000,000,000 | ---D | M]
  -> C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions -> [2012/05/09 22:23:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2012/06/01 15:32:06 | 000,000,098 | ---- | M] - 2 lines) -> C:\windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
::1       localhost
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"EKIJ5000StatusMonitor" -> C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe [C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe] -> [2011/06/16 17:53:44 | 002,922,496 | ---- | M] (Eastman Kodak Company)
"ETDCtrl" -> C:\Program Files\Elantech\ETDCtrl.exe [%ProgramFiles%\Elantech\ETDCtrl.exe] -> [2012/05/20 19:20:08 | 002,586,504 | ---- | M] (ELAN Microelectronics Corp.)
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\windows\system32\hkcmd.exe] -> [2011/02/11 23:25:38 | 000,386,584 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\windows\system32\igfxtray.exe] -> [2011/02/11 23:25:56 | 000,162,328 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\windows\system32\igfxpers.exe] -> [2011/02/11 23:25:46 | 000,417,304 | ---- | M] (Intel Corporation)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] -> [2011/08/24 21:48:32 | 011,895,400 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Conime" ->  [%windir%\system32\conime.exe] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Messenger (Yahoo!)" -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2011/11/24 03:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"ConsentPromptBehaviorAdmin"]\\"ConsentPromptBehaviorAdmin[/URL]" ->  [5] -> File not found
[URL="file://\\"ConsentPromptBehaviorUser"]\\"ConsentPromptBehaviorUser[/URL]" ->  [3] -> File not found
[URL="file://\\"PromptOnSecureDesktop"]\\"PromptOnSecureDesktop[/URL]" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{328ECD19-C167-40eb-A0C7-16FE7634105E}:{94BB0C4C-B957-479A-85E4-42F53B89F681} [HKLM] -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Button: Samsung AnyWeb Print] -> [2010/08/23 23:06:36 | 001,236,992 | ---- | M] ()
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> [URL]http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s[/URL] -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
extratorrent.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL] [Shockwave Flash Object] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> [URL]http://download.eset.com/special/eos/OnlineScanner.cab[/URL] [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab[/URL] [Java Plug-in 1.6.0_32] -> 
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab[/URL] [Java Plug-in 1.6.0_32] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab[/URL] [Java Plug-in 1.6.0_32] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL] [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C93A6E3F-D3AD-4BC2-A1D8-AFDD6A3DB07C}\\DhcpNameServer -> 192.168.1.1   (Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller) -> 
{D5874F40-ED48-49D1-97C2-BC417465239C}\\DhcpNameServer -> 192.168.1.1   (Atheros AR9285 Wireless Network Adapter) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\windows\explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
systempropertiesperformance.exe -> C:\windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\windows\SysWow64\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\windows\SysNative\igfxdev.dll -> [2011/02/11 22:45:30 | 000,272,896 | ---- | M] (Intel Corporation)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0C1F84A8-6705-458F-81E5-8A773A0E83EE} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31261"][email protected],-31261[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{294FFFC1-9C4C-4978-BEFA-2BF559244D53} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{38F44425-4AC6-49D1-9EC7-DE515A3508DA} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28550"][email protected],-28550[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{3A0EB6E4-6212-46AE-A970-3321D6F83376} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31289"][email protected],-31289[/EMAIL] | app=system | 
{41A9F4C7-C35B-4EF7-9581-589B389BF401} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{4BA3AD4F-B3E5-4528-B6E0-DD38ED7F07D0} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28527"][email protected],-28527[/EMAIL] | app=system | 
{4CA9D507-6CAD-4052-8E81-90C6EC47AA71} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28507"][email protected],-28507[/EMAIL] | app=system | 
{50DB2842-D9B0-43A8-BCF1-F03897E50898} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28519"][email protected],-28519[/EMAIL] | app=system | 
{5A2E2B2F-F6F2-4F1F-8DC3-EC47F8FAE46A} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28503"][email protected],-28503[/EMAIL] | app=system | 
{5A7F03B1-FBA5-4FC3-B6FF-C05A99059673} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28523"][email protected],-28523[/EMAIL] | app=system | 
{5B7C482D-EFA1-49E7-9F80-AC16964C423E} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31285"][email protected],-31285[/EMAIL] | app=system | 
{6F25111F-E610-49D1-952B-450F86222866} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28548"][email protected],-28548[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{75B1F4CF-0CB2-48CE-A387-4734CA7626B7} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28511"][email protected],-28511[/EMAIL] | app=system | 
{8CA5A4D6-DE05-49BE-BEFF-4D7CB6BFE957} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28531"][email protected],-28531[/EMAIL] | app=system | 
{959B10F1-3B8B-4572-B126-4ECE2A0F81D0} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28539"][email protected],-28539[/EMAIL] | svc=rpcss | 
{9FF6A535-9997-48F4-B3DF-78CD3C952BB0} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-28550"][email protected],-28550[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{A2CE1727-18CD-4644-96CC-81BAB56BA393} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31265"][email protected],-31265[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{B0A4E09A-F426-4DDA-997E-F23361FC9329} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31273"][email protected],-31273[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{B6EB5067-10B2-47EB-B74F-4D62B994E1FD} -> lport=9322 | profile=public | protocol=6 | dir=in | action=allow | name=ekdiscovery | 
{BAF7FC4B-9B66-4363-888A-1AB3693A7485} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31253"][email protected],-31253[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{BCF2FB79-5144-4CA0-831F-3A5863A8D261} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-28515"][email protected],-28515[/EMAIL] | app=system | 
{C0481A50-4DF7-4D9B-83E9-5B191C81B526} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31257"][email protected],-31257[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{D348722D-6F41-4F8B-A1D6-4010DAEEBA3E} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-28535"][email protected],-28535[/EMAIL] | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{D7D763ED-896F-4CD4-A015-F341C1C39BF4} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31277"][email protected],-31277[/EMAIL] | app=system | 
{E08D108E-1FB8-48C2-991A-821E41734CD3} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31269"][email protected],-31269[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{E5CAE1EA-38F9-4A91-ADD0-07DAA46EB21F} -> lport=5353 | profile=private | protocol=17 | dir=in | action=allow | name=bonjour port 5353 | 
{E6948820-621C-40BE-BCAE-09D3261BB5FD} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-28548"][email protected],-28548[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{EA0FF838-77FD-4D18-A8B3-F6692AF7E178} -> lport=9322 | profile=private | protocol=6 | dir=in | action=allow | name=ekdiscovery | 
{F7EE08B2-F2CE-4844-A45A-58BDB053F98A} -> lport=5353 | profile=public | protocol=17 | dir=in | action=allow | name=bonjour port 5353 | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{001FB7EE-3A8A-4A3D-91D8-352B6DBC1ACF} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.homecenter | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
{0CD67F93-822C-48A6-9826-A558E2ABD7B5} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31317"][email protected],-31317[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{16DE2145-09F5-4431-A736-22D4BAD43372} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.fwupdater | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
{17F74535-AC7E-4EA2-B657-3C433A935057} -> profile=public | protocol=17 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{1AF234C8-3120-4EEE-A5C2-25B4FCA54A38} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31321"][email protected],-31321[/EMAIL] | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{22EAA482-00EC-4380-8B12-3F7EDC690CD1} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31309"][email protected],-31309[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{24B3563F-4802-4FFD-8F9B-D8F6D4426018} -> profile=private | protocol=17 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{3427A77D-784D-4A38-8E90-B51C53C719DD} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.homecenter | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
{3629B06D-2DEE-4334-8999-A9AF340C72F1} -> profile=private | protocol=6 | dir=in | action=allow | [EMAIL="[email protected],-31313"][email protected],-31313[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{392721E0-6C3B-4DF1-B89A-D9264A751C08} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31301"][email protected],-31301[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{46C065AB-48FC-4B18-BBCF-68F06D0BFD00} -> profile=public | protocol=6 | dir=in | action=allow | name=rav service | app=c:\program files (x86)\rising\rav\ravmond.exe | 
{487A0598-0392-4C88-8BFD-B58D6FE04648} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31007"][email protected],-31007[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{4968A27D-1D08-484D-9CC4-72A2A2541414} -> profile=public | protocol=58 | dir=out | action=allow | [EMAIL="[email protected],-28546"][email protected],-28546[/EMAIL] | 
{4E176A0C-125A-41B1-BAA2-601FE6098454} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{50BCF4FA-FF4E-4D21-A716-EBCEC9778977} -> profile=public | protocol=6 | dir=in | action=allow | name=samsung upd service | app=c:\windows\system32\supdsvc.exe | 
{524E216A-39A2-449F-94E1-BA5D2D4AF40B} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.statistics | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
{58BEF4D9-A9AB-457B-A30C-79DA732ABECB} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.installer | app=c:\programdata\kodak\installer\setup.exe | 
{5B2351EB-B7DD-4AED-BB28-E160243E2FCE} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | 
{5BB104BD-605B-4E52-9BAE-6319CDD8EBD0} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{61ACF211-6ECD-430F-9B4C-10DD765973FD} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31297"][email protected],-31297[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{6778540D-AD64-4EB5-A672-0F97A77B003D} -> profile=public | protocol=17 | dir=in | action=allow | name=samsung upd service | app=c:\windows\system32\supdsvc.exe | 
{6C5EC5DC-3803-4E83-8B12-952DE61BC229} -> profile=private | protocol=6 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{77EB0EBF-FDA9-4B18-A213-E928283BAE28} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31293"][email protected],-31293[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{82CB63C5-DC76-4D42-BEEF-5674A01C8715} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31305"][email protected],-31305[/EMAIL] | app=%programfiles%\windows media player\wmpnetwk.exe | 
{83C096EA-ADB6-4417-AE06-1E99B5528392} -> profile=public | protocol=17 | dir=in | action=allow | name=rav service | app=c:\program files (x86)\rising\rav\ravmond.exe | 
{8E815CCF-591B-4F6E-9F67-57CF14FDE9B2} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31023"][email protected],-31023[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{907AE123-C334-41DB-ACFA-9B03B322CAA4} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.setuputility | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
{98C17670-D0B0-4330-A855-C5C0F8A660E1} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.installer | app=c:\programdata\kodak\installer\setup.exe | 
{A2681487-DD92-4568-A99E-2D6974A6FA86} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{A978B93A-0858-4FEA-A54A-1B16E50DF7DC} -> profile=private | protocol=17 | dir=out | action=allow | [EMAIL="[email protected],-31024"][email protected],-31024[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{B253D36F-3A85-4622-902F-D75EA1A0ADF9} -> profile=public | protocol=58 | dir=in | action=allow | [EMAIL="[email protected],-28545"][email protected],-28545[/EMAIL] | 
{B4C1D538-A8AF-4E60-AF40-97FE592D280D} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{B53C3B64-7519-45E8-8192-D360B6B5FBAC} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.statistics | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
{B8F7593E-1B27-4FD3-BFCD-5EF8E6E05C86} -> profile=public | protocol=6 | dir=in | action=allow | name=azureus / vuze | app=c:\program files (x86)\vuze\azureus.exe | 
{B9A2E2D6-901E-4F49-A538-B1E530A683CC} -> profile=public | protocol=1 | dir=in | action=allow | [EMAIL="[email protected],-28543"][email protected],-28543[/EMAIL] | 
{CD9B3946-F60B-415A-B8AA-7902B7BE3FD8} -> profile=public | protocol=6 | dir=in | action=allow | name=kodak.aio.fwupdater | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
{CFB9DE76-5108-421E-8FDB-55CB5523940B} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31025"][email protected],-31025[/EMAIL] | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D24B84F8-5745-4758-8818-84EA021EAF3B} -> profile=public | protocol=17 | dir=in | action=allow | name=kodak.aio.setuputility | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
{E073223C-A0B5-4856-B7A8-7D630846C7E4} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31011"][email protected],-31011[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{EEA44417-FB14-4EEA-B5AD-06F19AF1B93B} -> profile=public | protocol=1 | dir=out | action=allow | [EMAIL="[email protected],-28544"][email protected],-28544[/EMAIL] | 
{F6C41C29-E883-47D2-8015-094D52547B08} -> profile=private | protocol=17 | dir=in | action=allow | [EMAIL="[email protected],-31003"][email protected],-31003[/EMAIL] | app=%programfiles%\windows media player\wmplayer.exe | 
{FD3A29AA-DF96-43C5-A0BB-1F7C9CC64794} -> profile=private | protocol=6 | dir=out | action=allow | [EMAIL="[email protected],-31281"][email protected],-31281[/EMAIL] | app=system | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 Conversion Online -> C:\Users\pestyone\AppData\Local\Conversion Online -> [2012/06/12 16:14:17 | 000,000,000 | ---D | C]
 Conversion Online -> C:\Program Files (x86)\Conversion Online -> [2012/06/12 16:13:15 | 000,000,000 | ---D | C]
 mshtmled.dll -> C:\windows\SysNative\mshtmled.dll -> [2012/06/12 13:47:38 | 000,096,768 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\windows\SysWow64\mshtmled.dll -> [2012/06/12 13:47:38 | 000,073,216 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\windows\SysNative\url.dll -> [2012/06/12 13:47:36 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\windows\SysWow64\url.dll -> [2012/06/12 13:47:36 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\windows\SysNative\ieui.dll -> [2012/06/12 13:47:34 | 000,248,320 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\windows\SysWow64\ieui.dll -> [2012/06/12 13:47:34 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\windows\SysNative\ieUnatt.exe -> [2012/06/12 13:47:32 | 000,173,056 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\windows\SysWow64\ieUnatt.exe -> [2012/06/12 13:47:32 | 000,142,848 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\windows\SysNative\inetcpl.cpl -> [2012/06/12 13:47:30 | 001,494,528 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\windows\SysWow64\inetcpl.cpl -> [2012/06/12 13:47:30 | 001,427,968 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\windows\SysNative\jscript9.dll -> [2012/06/12 13:47:29 | 002,311,680 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\windows\SysWow64\jscript.dll -> [2012/06/12 13:47:29 | 000,716,800 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\windows\SysNative\jscript.dll -> [2012/06/12 13:47:28 | 000,818,688 | ---- | C] (Microsoft Corporation)
 rdpcorekmts.dll -> C:\windows\SysNative\rdpcorekmts.dll -> [2012/06/12 13:46:31 | 000,149,504 | ---- | C] (Microsoft Corporation)
 rdpwsx.dll -> C:\windows\SysNative\rdpwsx.dll -> [2012/06/12 13:46:31 | 000,077,312 | ---- | C] (Microsoft Corporation)
 rdrmemptylst.exe -> C:\windows\SysNative\rdrmemptylst.exe -> [2012/06/12 13:46:31 | 000,009,216 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\windows\SysNative\ntoskrnl.exe -> [2012/06/12 13:41:05 | 005,559,664 | ---- | C] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\windows\SysWow64\ntkrnlpa.exe -> [2012/06/12 13:41:04 | 003,968,368 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\windows\SysWow64\ntoskrnl.exe -> [2012/06/12 13:41:04 | 003,913,072 | ---- | C] (Microsoft Corporation)
 msi.dll -> C:\windows\SysNative\msi.dll -> [2012/06/12 13:41:01 | 003,216,384 | ---- | C] (Microsoft Corporation)
 crypt32.dll -> C:\windows\SysNative\crypt32.dll -> [2012/06/12 13:40:41 | 001,462,272 | ---- | C] (Microsoft Corporation)
 cryptnet.dll -> C:\windows\SysNative\cryptnet.dll -> [2012/06/12 13:40:41 | 000,140,288 | ---- | C] (Microsoft Corporation)
 SUPERAntiSpyware.com -> C:\Users\pestyone\AppData\Roaming\SUPERAntiSpyware.com -> [2012/06/11 04:00:57 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2012/06/11 04:00:35 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2012/06/11 04:00:30 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2012/06/11 04:00:30 | 000,000,000 | ---D | C]
 DriverCure -> C:\Users\pestyone\AppData\Roaming\DriverCure -> [2012/06/11 03:49:08 | 000,000,000 | ---D | C]
 SpeedyPC Software -> C:\Users\pestyone\AppData\Roaming\SpeedyPC Software -> [2012/06/11 03:49:07 | 000,000,000 | ---D | C]
 SpeedyPC Software -> C:\ProgramData\SpeedyPC Software -> [2012/06/11 03:48:56 | 000,000,000 | ---D | C]
 Tracing -> C:\Users\pestyone\Tracing -> [2012/06/10 18:15:13 | 000,000,000 | ---D | C]
 15354131.sys -> C:\windows\SysNative\drivers\15354131.sys -> [2012/06/01 16:03:46 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT)
 _OTL -> C:\_OTL -> [2012/06/01 15:32:05 | 000,000,000 | ---D | C]
 {B8D87C41-3899-4FE5-B381-84E0935193C7} -> C:\Users\pestyone\AppData\Local\{B8D87C41-3899-4FE5-B381-84E0935193C7} -> [2012/05/30 22:39:51 | 000,000,000 | ---D | C]
 PC Cleaners -> C:\Users\pestyone\AppData\Roaming\PC Cleaners -> [2012/05/30 00:25:52 | 000,000,000 | ---D | C]
 PCPro -> C:\Users\pestyone\AppData\Roaming\PCPro -> [2012/05/30 00:25:48 | 000,000,000 | ---D | C]
 uninst.exe -> C:\windows\uninst.exe -> [2012/05/30 00:25:42 | 004,101,392 | ---- | C] (PC Cleaners)
 Easy WiFi Radar -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy WiFi Radar -> [2012/05/28 06:59:02 | 000,000,000 | ---D | C]
 WanPacket.dll -> C:\windows\SysWow64\WanPacket.dll -> [2012/05/28 06:59:01 | 000,061,440 | ---- | C] (CACE Technologies)
 XButton.ocx -> C:\windows\SysWow64\XButton.ocx -> [2012/05/28 06:59:01 | 000,057,344 | ---- | C] (Acrotech Solutions)
 npf.sys -> C:\windows\SysWow64\drivers\npf.sys -> [2012/05/28 06:59:01 | 000,032,512 | ---- | C] (CACE Technologies)
 Makayama Interactive -> C:\Program Files (x86)\Makayama Interactive -> [2012/05/28 06:59:00 | 000,000,000 | ---D | C]
 Curiolab -> C:\Users\pestyone\AppData\Roaming\Curiolab -> [2012/05/26 06:34:42 | 000,000,000 | ---D | C]
 RAVBIN -> C:\RAVBIN -> [2012/05/26 00:12:08 | 000,000,000 | R--D | C]
 Malwarebytes -> C:\Users\pestyone\AppData\Roaming\Malwarebytes -> [2012/05/24 22:15:59 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/05/24 22:15:52 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2012/05/24 22:15:49 | 000,000,000 | ---D | C]
 mbam.sys -> C:\windows\SysNative\drivers\mbam.sys -> [2012/05/24 22:15:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2012/05/24 22:15:47 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/05/24 18:18:18 | 000,000,000 | -HSD | C]
 temp -> C:\windows\temp -> [2012/05/24 16:33:45 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\windows\SWREG.exe -> [2012/05/24 16:29:43 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\windows\SWSC.exe -> [2012/05/24 16:29:43 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\windows\NIRCMD.exe -> [2012/05/24 16:29:43 | 000,060,416 | ---- | C] (NirSoft)
 ERDNT -> C:\windows\ERDNT -> [2012/05/24 16:29:37 | 000,000,000 | ---D | C]
 VS Revo Group -> C:\Users\pestyone\AppData\Local\VS Revo Group -> [2012/05/24 09:39:17 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis -> [2012/05/24 08:19:29 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2012/05/24 08:19:27 | 000,000,000 | ---D | C]
 TeamViewer -> C:\Users\pestyone\AppData\Roaming\TeamViewer -> [2012/05/21 13:24:50 | 000,000,000 | ---D | C]
 downloads free -> C:\Users\pestyone\Desktop\downloads free -> [2012/05/21 02:32:00 | 000,000,000 | ---D | C]
 Elantech -> C:\Program Files\Elantech -> [2012/05/20 19:24:00 | 000,000,000 | ---D | C]
 ETDUI.cpl -> C:\windows\SysNative\ETDUI.cpl -> [2012/05/20 19:20:09 | 004,633,992 | ---- | C] (ELAN Microelectronics Corp.)
 BurnAware Free -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free -> [2012/05/20 19:18:02 | 000,000,000 | ---D | C]
 BurnAware Free -> C:\Program Files (x86)\BurnAware Free -> [2012/05/20 19:17:59 | 000,000,000 | ---D | C]
 file-repair-setup.exe -> C:\Users\pestyone\Desktop\file-repair-setup.exe -> [2012/05/19 09:28:56 | 001,073,608 | ---- | C] (File Repair                                                 )
 Files Terminator Free -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Files Terminator Free -> [2012/05/19 07:43:10 | 000,000,000 | ---D | C]
 Files Terminator Free -> C:\Program Files (x86)\Files Terminator Free -> [2012/05/19 07:43:09 | 000,000,000 | ---D | C]
 DVDVideoSoft -> C:\Users\pestyone\AppData\Roaming\DVDVideoSoft -> [2012/05/18 14:15:01 | 000,000,000 | ---D | C]
 Eusing Free Video Converter -> C:\Program Files (x86)\Eusing Free Video Converter -> [2012/05/17 16:01:54 | 000,000,000 | ---D | C]
 KastorVideoConverter -> C:\Users\pestyone\AppData\Roaming\KastorVideoConverter -> [2012/05/17 15:34:09 | 000,000,000 | ---D | C]
 XMedia Recode -> C:\Users\pestyone\AppData\Roaming\XMedia Recode -> [2012/05/17 15:14:39 | 000,000,000 | ---D | C]
 ETDUninst.dll -> C:\windows\ETDUninst.dll -> [2012/05/17 02:47:54 | 000,249,736 | ---- | C] (ELAN Microelectronics Corp.)
 Java -> C:\Program Files (x86)\Common Files\Java -> [2012/05/16 14:08:28 | 000,000,000 | ---D | C]
 npdeployJava1.dll -> C:\windows\SysWow64\npdeployJava1.dll -> [2012/05/16 14:08:09 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.)
 javaws.exe -> C:\windows\SysWow64\javaws.exe -> [2012/05/16 14:08:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\windows\SysWow64\javaw.exe -> [2012/05/16 14:08:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\windows\SysWow64\java.exe -> [2012/05/16 14:08:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.)
 Java -> C:\Program Files (x86)\Java -> [2012/05/16 14:07:50 | 000,000,000 | ---D | C]
 OpenOffice.org -> C:\Users\pestyone\AppData\Roaming\OpenOffice.org -> [2012/05/16 00:24:41 | 000,000,000 | ---D | C]
 OpenOffice.org 3.1 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1 -> [2012/05/16 00:23:54 | 000,000,000 | --SD | C]
 JRE -> C:\Program Files (x86)\JRE -> [2012/05/16 00:22:55 | 000,000,000 | ---D | C]
 OpenOffice.org 3 -> C:\Program Files (x86)\OpenOffice.org 3 -> [2012/05/16 00:22:48 | 000,000,000 | ---D | C]
 OfficeSuiteX -> C:\Users\pestyone\AppData\Roaming\OfficeSuiteX -> [2012/05/15 19:59:04 | 000,000,000 | ---D | C]
 Office Suite X 3 -> C:\Program Files (x86)\Office Suite X 3 -> [2012/05/15 19:54:55 | 000,000,000 | ---D | C]
 Sun -> C:\ProgramData\Sun -> [2012/05/15 19:53:26 | 000,000,000 | ---D | C]
 deployJava1.dll -> C:\windows\SysWow64\deployJava1.dll -> [2012/05/15 19:52:52 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.)
 AbiSuite -> C:\Users\pestyone\AppData\Roaming\AbiSuite -> [2012/05/15 02:11:17 | 000,000,000 | ---D | C]
 SSuite Office Installations -> C:\windows\SSuite Office Installations -> [2012/05/14 23:04:29 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\pestyone\AppData\Roaming\Windows Live Writer -> [2012/05/14 22:49:44 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\pestyone\AppData\Local\Windows Live Writer -> [2012/05/14 22:49:44 | 000,000,000 | ---D | C]
 pcouffin.sys -> C:\Users\pestyone\AppData\Roaming\pcouffin.sys -> [2012/05/13 21:21:39 | 000,082,816 | ---- | C] (VSO Software)
 
[Files/Folders - Modified Within 30 Days]
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/13 18:07:47 | 000,014,144 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/13 18:07:47 | 000,014,144 | -H-- | M] ()
 bootstat.dat -> C:\windows\bootstat.dat -> [2012/06/13 18:00:17 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/06/13 18:00:10 | 4224,307,200 | -HS- | M] ()
 vso_ts_preview.xml -> C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml -> [2012/06/13 10:57:19 | 000,001,189 | ---- | M] ()
 ConvertXtoDVD 4 english manual.lnk -> C:\Users\Public\Desktop\ConvertXtoDVD 4 english manual.lnk -> [2012/06/13 08:21:47 | 000,001,046 | ---- | M] ()
 FNTCACHE.DAT -> C:\windows\SysNative\FNTCACHE.DAT -> [2012/06/12 14:04:17 | 000,293,560 | ---- | M] ()
 PerfStringBackup.INI -> C:\windows\SysNative\PerfStringBackup.INI -> [2012/06/12 13:57:23 | 000,732,070 | ---- | M] ()
 perfh009.dat -> C:\windows\SysNative\perfh009.dat -> [2012/06/12 13:57:23 | 000,616,008 | ---- | M] ()
 perfc009.dat -> C:\windows\SysNative\perfc009.dat -> [2012/06/12 13:57:23 | 000,106,388 | ---- | M] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2012/06/11 04:00:35 | 000,001,808 | ---- | M] ()
 Samsung Support Center.lnk -> C:\Users\Public\Desktop\Samsung Support Center.lnk -> [2012/06/11 00:44:12 | 000,002,074 | ---- | M] ()
 FlashPlayerApp.exe -> C:\windows\SysWow64\FlashPlayerApp.exe -> [2012/06/10 04:09:43 | 000,426,184 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\windows\SysWow64\FlashPlayerCPLApp.cpl -> [2012/06/10 04:09:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated)
 requested-files[2012-06-06_01_59].cab -> C:\Users\pestyone\Desktop\requested-files[2012-06-06_01_59].cab -> [2012/06/06 01:59:42 | 000,000,460 | ---- | M] ()
 battery  fix.rtf -> C:\Users\pestyone\Documents\battery  fix.rtf -> [2012/06/05 10:00:11 | 000,001,661 | ---- | M] ()
 15354131.sys -> C:\windows\SysNative\drivers\15354131.sys -> [2012/06/01 16:03:46 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT)
 Hosts -> C:\windows\SysNative\drivers\etc\Hosts -> [2012/06/01 15:32:06 | 000,000,098 | ---- | M] ()
 flash  mob  idea . ..rtf -> C:\Users\pestyone\Documents\flash  mob  idea . ..rtf -> [2012/06/01 13:36:21 | 000,001,114 | ---- | M] ()
 denied.rtf -> C:\Users\pestyone\Documents\denied.rtf -> [2012/05/31 09:30:02 | 000,000,799 | ---- | M] ()
 uninst.exe -> C:\windows\uninst.exe -> [2012/05/30 00:25:17 | 004,101,392 | ---- | M] (PC Cleaners)
 red torrents i have.rtf -> C:\Users\pestyone\Documents\red torrents i have.rtf -> [2012/05/29 05:11:21 | 000,000,392 | ---- | M] ()
 -convert x burn 5 - 29 - 12.rtf -> C:\Users\pestyone\Documents\-convert x burn 5 - 29 - 12.rtf -> [2012/05/29 00:03:35 | 000,000,335 | ---- | M] ()
 Easy WiFi Radar.lnk -> C:\Users\Public\Desktop\Easy WiFi Radar.lnk -> [2012/05/28 06:59:02 | 000,002,210 | ---- | M] ()
 easy-wi-fi-radar-1.0.5.zip -> C:\Users\pestyone\Documents\easy-wi-fi-radar-1.0.5.zip -> [2012/05/28 06:57:54 | 002,159,071 | ---- | M] ()
 PeerBlock.lnk -> C:\Users\pestyone\Desktop\PeerBlock.lnk -> [2012/05/27 03:55:05 | 000,001,736 | ---- | M] ()
 40  songs.rtf -> C:\Users\pestyone\Documents\40  songs.rtf -> [2012/05/26 06:00:14 | 000,003,271 | ---- | M] ()
 burnaware.ini -> C:\Users\pestyone\AppData\Roaming\burnaware.ini -> [2012/05/26 05:52:43 | 000,000,798 | ---- | M] ()
 13  tracks  audio.m3u -> C:\Users\pestyone\Documents\13  tracks  audio.m3u -> [2012/05/26 05:52:40 | 000,001,950 | ---- | M] ()
 17  song  list.m3u -> C:\Users\pestyone\Documents\17  song  list.m3u -> [2012/05/26 05:28:33 | 000,002,734 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/05/24 22:15:52 | 000,001,065 | ---- | M] ()
 AK083E209605E394C.lie -> C:\windows\SysWow64\AK083E209605E394C.lie -> [2012/05/24 09:19:03 | 000,000,042 | ---- | M] ()
 HiJackThis.lnk -> C:\Users\pestyone\Desktop\HiJackThis.lnk -> [2012/05/24 08:19:29 | 000,002,991 | ---- | M] ()
 Future Shock 2_php end.mht -> C:\Users\pestyone\Documents\Future Shock 2_php end.mht -> [2012/05/24 07:48:57 | 000,073,490 | ---- | M] ()
 - Future Shock 1_php.mht -> C:\Users\pestyone\Documents\- Future Shock 1_php.mht -> [2012/05/24 07:46:45 | 000,076,364 | ---- | M] ()
 - Debbie's Decision, Part 2_php end.mht -> C:\Users\pestyone\Documents\- Debbie's Decision, Part 2_php end.mht -> [2012/05/24 04:27:47 | 000,075,886 | ---- | M] ()
 - Debbie's Decision, Part 1_php.mht -> C:\Users\pestyone\Documents\- Debbie's Decision, Part 1_php.mht -> [2012/05/24 04:26:43 | 000,074,353 | ---- | M] ()
 The Eunuch Archive - A Case of Prevention - Revised_php.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - A Case of Prevention - Revised_php.mht -> [2012/05/24 03:12:25 | 000,078,195 | ---- | M] ()
 A Case of Prevention - Revised_php.mht -> C:\Users\pestyone\Documents\A Case of Prevention - Revised_php.mht -> [2012/05/24 03:11:10 | 000,113,927 | ---- | M] ()
 Capture of a Grownup_php.mht -> C:\Users\pestyone\Documents\Capture of a Grownup_php.mht -> [2012/05/23 23:53:10 | 000,083,508 | ---- | M] ()
 The Eunuch Archive - A Better Life Afterwards_php.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - A Better Life Afterwards_php.mht -> [2012/05/23 23:20:08 | 000,071,417 | ---- | M] ()
 Logon  and  password.rtf -> C:\Users\pestyone\Documents\Logon  and  password.rtf -> [2012/05/23 04:07:54 | 000,000,244 | ---- | M] ()
 The Eunuch Archive - Ballbusting Mom - Part 2  Busted_php my story.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom - Part 2  Busted_php my story.mht -> [2012/05/22 10:02:12 | 000,029,048 | ---- | M] ()
 The Eunuch Archive - Ballbusting Mom_php.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom_php.mht -> [2012/05/22 10:00:25 | 000,035,871 | ---- | M] ()
 HotFixList.ini -> C:\windows\HotFixList.ini -> [2012/05/20 19:34:52 | 000,005,931 | ---- | M] ()
 SetLCDStretchMode.exe -> C:\windows\SetLCDStretchMode.exe -> [2012/05/20 19:24:17 | 000,345,600 | ---- | M] (Samsung Electronics Co., Ltd.)
 HotfixChecker.exe -> C:\windows\HotfixChecker.exe -> [2012/05/20 19:23:46 | 000,407,040 | ---- | M] (Samsung Electronics)
 ETDUI.cpl -> C:\windows\SysNative\ETDUI.cpl -> [2012/05/20 19:20:09 | 004,633,992 | ---- | M] (ELAN Microelectronics Corp.)
 BurnAware Free.lnk -> C:\Users\Public\Desktop\BurnAware Free.lnk -> [2012/05/20 19:18:02 | 000,001,010 | ---- | M] ()
 file-repair-setup.exe -> C:\Users\pestyone\Desktop\file-repair-setup.exe -> [2012/05/19 09:28:59 | 001,073,608 | ---- | M] (File Repair                                                 )
 Files Terminator Free.lnk -> C:\Users\Public\Desktop\Files Terminator Free.lnk -> [2012/05/19 07:43:10 | 000,002,002 | ---- | M] ()
 jscript9.dll -> C:\windows\SysNative\jscript9.dll -> [2012/05/17 22:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\windows\SysNative\inetcpl.cpl -> [2012/05/17 21:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\windows\SysNative\url.dll -> [2012/05/17 21:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\windows\SysNative\ieUnatt.exe -> [2012/05/17 21:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\windows\SysNative\jscript.dll -> [2012/05/17 21:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\windows\SysNative\mshtmled.dll -> [2012/05/17 21:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\windows\SysNative\ieui.dll -> [2012/05/17 21:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\windows\SysWow64\inetcpl.cpl -> [2012/05/17 18:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\windows\SysWow64\url.dll -> [2012/05/17 18:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\windows\SysWow64\ieUnatt.exe -> [2012/05/17 18:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\windows\SysWow64\jscript.dll -> [2012/05/17 18:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\windows\SysWow64\mshtmled.dll -> [2012/05/17 18:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\windows\SysWow64\ieui.dll -> [2012/05/17 18:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation)
 log open.odt -> C:\Users\pestyone\Documents\log open.odt -> [2012/05/16 19:53:42 | 000,118,068 | ---- | M] ()
 npdeployJava1.dll -> C:\windows\SysWow64\npdeployJava1.dll -> [2012/05/16 14:07:53 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.)
 deployJava1.dll -> C:\windows\SysWow64\deployJava1.dll -> [2012/05/16 14:07:53 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\windows\SysWow64\javaws.exe -> [2012/05/16 14:07:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\windows\SysWow64\javaw.exe -> [2012/05/16 14:07:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\windows\SysWow64\java.exe -> [2012/05/16 14:07:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
 OpenOffice.org 3.1.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk -> [2012/05/16 00:23:56 | 000,001,140 | ---- | M] ()
 48 C:\Users\pestyone\AppData\Local\Temp\*.tmp files -> C:\Users\pestyone\AppData\Local\Temp\*.tmp -> 
 
[Files - No Company Name]
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2012/06/11 04:00:35 | 000,001,808 | ---- | C] ()
 Samsung Support Center.lnk -> C:\Users\Public\Desktop\Samsung Support Center.lnk -> [2012/06/11 00:44:12 | 000,002,074 | ---- | C] ()
 requested-files[2012-06-06_01_59].cab -> C:\Users\pestyone\Desktop\requested-files[2012-06-06_01_59].cab -> [2012/06/06 01:59:42 | 000,000,460 | ---- | C] ()
 battery  fix.rtf -> C:\Users\pestyone\Documents\battery  fix.rtf -> [2012/06/05 09:29:10 | 000,001,661 | ---- | C] ()
 flash  mob  idea . ..rtf -> C:\Users\pestyone\Documents\flash  mob  idea . ..rtf -> [2012/06/01 13:36:21 | 000,001,114 | ---- | C] ()
 denied.rtf -> C:\Users\pestyone\Documents\denied.rtf -> [2012/05/31 09:30:02 | 000,000,799 | ---- | C] ()
 red torrents i have.rtf -> C:\Users\pestyone\Documents\red torrents i have.rtf -> [2012/05/29 05:11:21 | 000,000,392 | ---- | C] ()
 -convert x burn 5 - 29 - 12.rtf -> C:\Users\pestyone\Documents\-convert x burn 5 - 29 - 12.rtf -> [2012/05/29 00:03:35 | 000,000,335 | ---- | C] ()
 RED153.avi -> C:\Users\pestyone\Documents\RED153.avi -> [2012/05/28 23:27:31 | 1339,052,273 | ---- | C] ()
 Red Hot Jam #223.avi -> C:\Users\pestyone\Documents\Red Hot Jam #223.avi -> [2012/05/28 23:26:53 | 1194,065,920 | ---- | C] ()
 Red Hot Jam #15.avi -> C:\Users\pestyone\Documents\Red Hot Jam #15.avi -> [2012/05/28 23:26:33 | 741,816,320 | ---- | C] ()
 Easy WiFi Radar.lnk -> C:\Users\Public\Desktop\Easy WiFi Radar.lnk -> [2012/05/28 06:59:02 | 000,002,210 | ---- | C] ()
 actskn43.ocx -> C:\windows\SysWow64\actskn43.ocx -> [2012/05/28 06:59:01 | 000,389,120 | ---- | C] ()
 easy-wi-fi-radar-1.0.5.zip -> C:\Users\pestyone\Documents\easy-wi-fi-radar-1.0.5.zip -> [2012/05/28 06:58:10 | 002,159,071 | ---- | C] ()
 PeerBlock.lnk -> C:\Users\pestyone\Desktop\PeerBlock.lnk -> [2012/05/27 03:55:05 | 000,001,736 | ---- | C] ()
 40  songs.rtf -> C:\Users\pestyone\Documents\40  songs.rtf -> [2012/05/26 06:00:14 | 000,003,271 | ---- | C] ()
 13  tracks  audio.m3u -> C:\Users\pestyone\Documents\13  tracks  audio.m3u -> [2012/05/26 05:52:40 | 000,001,950 | ---- | C] ()
 17  song  list.m3u -> C:\Users\pestyone\Documents\17  song  list.m3u -> [2012/05/26 05:28:33 | 000,002,734 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/05/24 22:15:52 | 000,001,065 | ---- | C] ()
 PEV.exe -> C:\windows\PEV.exe -> [2012/05/24 16:29:43 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\windows\MBR.exe -> [2012/05/24 16:29:43 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\windows\sed.exe -> [2012/05/24 16:29:43 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\windows\grep.exe -> [2012/05/24 16:29:43 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\windows\zip.exe -> [2012/05/24 16:29:43 | 000,068,096 | ---- | C] ()
 AK083E209605E394C.lie -> C:\windows\SysWow64\AK083E209605E394C.lie -> [2012/05/24 09:19:03 | 000,000,042 | ---- | C] ()
 HiJackThis.lnk -> C:\Users\pestyone\Desktop\HiJackThis.lnk -> [2012/05/24 08:19:29 | 000,002,991 | ---- | C] ()
 Future Shock 2_php end.mht -> C:\Users\pestyone\Documents\Future Shock 2_php end.mht -> [2012/05/24 07:48:56 | 000,073,490 | ---- | C] ()
 - Future Shock 1_php.mht -> C:\Users\pestyone\Documents\- Future Shock 1_php.mht -> [2012/05/24 07:46:44 | 000,076,364 | ---- | C] ()
 - Debbie's Decision, Part 2_php end.mht -> C:\Users\pestyone\Documents\- Debbie's Decision, Part 2_php end.mht -> [2012/05/24 04:27:47 | 000,075,886 | ---- | C] ()
 - Debbie's Decision, Part 1_php.mht -> C:\Users\pestyone\Documents\- Debbie's Decision, Part 1_php.mht -> [2012/05/24 04:26:42 | 000,074,353 | ---- | C] ()
 The Eunuch Archive - A Case of Prevention - Revised_php.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - A Case of Prevention - Revised_php.mht -> [2012/05/24 03:12:25 | 000,078,195 | ---- | C] ()
 A Case of Prevention - Revised_php.mht -> C:\Users\pestyone\Documents\A Case of Prevention - Revised_php.mht -> [2012/05/24 03:11:10 | 000,113,927 | ---- | C] ()
 Capture of a Grownup_php.mht -> C:\Users\pestyone\Documents\Capture of a Grownup_php.mht -> [2012/05/23 23:53:09 | 000,083,508 | ---- | C] ()
 The Eunuch Archive - A Better Life Afterwards_php.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - A Better Life Afterwards_php.mht -> [2012/05/23 23:20:07 | 000,071,417 | ---- | C] ()
 Logon  and  password.rtf -> C:\Users\pestyone\Documents\Logon  and  password.rtf -> [2012/05/23 04:07:53 | 000,000,244 | ---- | C] ()
 The Eunuch Archive - Ballbusting Mom - Part 2  Busted_php my story.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom - Part 2  Busted_php my story.mht -> [2012/05/22 10:02:11 | 000,029,048 | ---- | C] ()
 The Eunuch Archive - Ballbusting Mom_php.mht -> C:\Users\pestyone\Documents\The Eunuch Archive - Ballbusting Mom_php.mht -> [2012/05/22 10:00:25 | 000,035,871 | ---- | C] ()
 BurnAware Free.lnk -> C:\Users\Public\Desktop\BurnAware Free.lnk -> [2012/05/20 19:18:02 | 000,001,010 | ---- | C] ()
 Files Terminator Free.lnk -> C:\Users\Public\Desktop\Files Terminator Free.lnk -> [2012/05/19 07:43:10 | 000,002,002 | ---- | C] ()
 log open.odt -> C:\Users\pestyone\Documents\log open.odt -> [2012/05/16 19:49:48 | 000,118,068 | ---- | C] ()
 OpenOffice.org 3.1.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk -> [2012/05/16 00:23:56 | 000,001,140 | ---- | C] ()
 save_en.bmp -> C:\Users\pestyone\AppData\Local\save_en.bmp -> [2012/05/14 06:38:32 | 000,043,976 | ---- | C] ()
 save_es.bmp -> C:\Users\pestyone\AppData\Local\save_es.bmp -> [2012/05/14 06:38:08 | 000,043,976 | ---- | C] ()
 pcouffin.cat -> C:\Users\pestyone\AppData\Roaming\pcouffin.cat -> [2012/05/13 21:21:39 | 000,007,859 | ---- | C] ()
 pcouffin.inf -> C:\Users\pestyone\AppData\Roaming\pcouffin.inf -> [2012/05/13 21:21:39 | 000,001,167 | ---- | C] ()
 burnaware.ini -> C:\Users\pestyone\AppData\Roaming\burnaware.ini -> [2012/05/10 00:16:52 | 000,000,798 | ---- | C] ()
 vso_ts_preview.xml -> C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml -> [2012/05/07 23:50:54 | 000,001,189 | ---- | C] ()
 BsMain.ini -> C:\windows\SysWow64\BsMain.ini -> [2011/11/26 07:18:11 | 000,000,134 | ---- | C] ()
 PerfStringBackup.INI -> C:\windows\SysWow64\PerfStringBackup.INI -> [2011/11/26 03:25:39 | 000,735,230 | ---- | C] ()
 ssndii.exe -> C:\windows\ssndii.exe -> [2011/11/26 00:13:05 | 000,484,656 | ---- | C] ()
 SUPDRun.exe -> C:\windows\SUPDRun.exe -> [2011/11/26 00:12:48 | 000,258,864 | ---- | C] ()
 igfcg500.bin -> C:\windows\SysWow64\igfcg500.bin -> [2011/04/18 21:13:20 | 000,134,592 | ---- | C] ()
 SetDisplayResolution.exe -> C:\windows\SetDisplayResolution.exe -> [2011/04/18 20:50:28 | 000,307,200 | ---- | C] ()
 HotFixList.ini -> C:\windows\HotFixList.ini -> [2011/04/18 19:25:03 | 000,005,931 | ---- | C] ()
 igkrng500.bin -> C:\windows\SysWow64\igkrng500.bin -> [2011/02/11 23:15:08 | 000,982,240 | ---- | C] ()
 igcompkrng500.bin -> C:\windows\SysWow64\igcompkrng500.bin -> [2011/02/11 23:15:08 | 000,439,308 | ---- | C] ()
 igfcg500m.bin -> C:\windows\SysWow64\igfcg500m.bin -> [2011/02/11 23:15:08 | 000,092,356 | ---- | C] ()
 pthreadVC.dll -> C:\windows\SysWow64\pthreadVC.dll -> [2011/02/11 17:23:34 | 000,053,299 | ---- | C] ()
< End of report >
```


----------



## eddie5659 (Mar 19, 2001)

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Conime" -> [%windir%\system32\conime.exe]
[Files/Folders - Modified Within 30 Days]
NY ->  48 C:\Users\pestyone\AppData\Local\Temp\*.tmp files -> C:\Users\pestyone\AppData\Local\Temp\*.tmp
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here.

------------------------

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.js
> C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt
> C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.


----------



## Verylost (Jul 15, 2010)

Still here with you and still getting % 20 when i do a search but guess thats another issue; i do use a kodak printer so not to sure those files are malwear so careful.

Having problems myself; my fingers feel numb and feet are swollon so thats thats just wonderful- not but heres a log to keep you busy . . . and my neice graduates from high school tomorrow . . .

[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Users\pestyone\AppData\Local\Temp\setCF46.tmp deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\tmp8433.tmp deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\tmp9001.tmp deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\tmp93AF.tmp deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\tmp9981.tmp deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\tmpD3EB.tmp deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\~DF30D9D353CC4D0C4F.TMP deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\~DF3F547DFB3284D094.TMP deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\~DF47D72BA959D94DF2.TMP deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\~DF56BD4964B025155A.TMP deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\~DF796F3A9122CA16A5.TMP deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\~DFB04B021342661814.TMP deleted successfully.
C:\Users\pestyone\AppData\Local\Temp\~DFBF63D985312B8F93.TMP deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 06192012_211413


----------



## Verylost (Jul 15, 2010)

Dang annoying modzilla / firefox junk seems like they came with the lap top need food later .

must delete that crap . .


----------



## eddie5659 (Mar 19, 2001)

When you say 20%, do you mean it still uses AVG? When you've run the ComboFix, just post it here.

I'm not here tomorrow, but have the next week off work, so will be here at home from Saturday. Have to use my holidays up, so taking a break to relax and do some work around the house 

Hope the graduation goes well, and hope you feel better soon


----------



## Verylost (Jul 15, 2010)

Ok where was i trying to get am MRI and CT scan for some med issues i have and the red tape is awful to get things ok'd . .

Don t worry about the 20 % thingy that has to do with ie 9.0 can t connect to web sites and it keeps inserting 20% into the address i type in thats another issue for later . .

Heres the Malwearbytes log i just ran i hope it didn t miss anything . . . it did delete stuff and i did delete all in Quarantin - Didn t you want OTL to remove some stuff you had a list need that re posted and should i run combo fix again insure nothing was missed . . .

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pestyone :: PESTYONE-PC [administrator]
7/7/2012 10:45:44 PM
mbam-log-2012-07-07 (22-45-44).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Objects scanned: 324403
Time elapsed: 33 minute(s), 22 second(s)
Memory Processes Detected: 1
C:\Users\pestyone\AppData\Local\swpsmom.exe (Trojan.Lameshield) -> 1448 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 11
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Users\pestyone\AppData\Local\swpsmom.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Rising\RSD\updater.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\updater.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\F4D55F3B003185BB013C01EBB4EB2367\F4D55F3B003185BB013C01EBB4EB2367.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\pestyone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\192e1155-11ed0f12 (Trojan.Lameshield) -> Quarantined and deleted successfully.
(end)


----------



## eddie5659 (Mar 19, 2001)

Its okay about the delay, as health is more important, and red tape etc is annoying any time 

The 20% thing is sometimes when there are spaces in the address, and so IE puts that in (why 20% and never a symbol) to make the space go.

I see that MBAM removed FunMoods. Do you have the toolbar installed?

Can you run Combofix as I posted here:

http://forums.techguy.org/8387448-post43.html

And post the log 

------

As for the IE problem, we can try a repair of it, which is easy to do, but I'll wait for the replies on the above. Any time is fine, I'll be here most nights 

Take care

eddie


----------



## Verylost (Jul 15, 2010)

Ok trying this again hopefully won t get timed out again grrrrr .

still seeing conime and conduit on my laptop and can t delete them yet dang it.

Getting some malwear/ trojan called " lameshield/kiltsr.exe " that keeps coming back to bite me after malwearbytes deletes it but this the 4th time around i am leaving at in quarantine seeing how male can t delete it 100% after it reboots; getting smarter and tired will the mess's ever end finally.

As for the log you wanted me to insert in combo fix it didn t work but will try again think i missed some don t have note pad so trying word pad don t see how to install note pad yet

Heres the latest combo log if you see anything let me know maybe i can find and delete the malwear in a search - later and thanks . .

And how do i get full access so i can open all folders i am the only user thats another problem i can t fix yet . . .

ComboFix 12-07-10.01 - pestyone 07/10/2012 3:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.263.1033.18.4029.2296 [GMT -4:00]
Running from: c:\users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0BQQQ72\ComboFix.exe
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section not completed
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 06:11 . 2012-07-10 06:11 -------- d-----w- c:\users\pestyone\AppData\Local\Nero
2012-07-10 05:46 . 2012-07-10 05:47 -------- d-----w- c:\users\pestyone\AppData\Roaming\Nero
2012-07-10 05:37 . 2012-07-10 05:42 -------- d-----w- c:\program files (x86)\Nero
2012-07-10 05:37 . 2012-07-10 05:39 -------- d-----w- c:\programdata\Nero
2012-07-10 05:37 . 2012-07-10 05:45 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-07-07 12:40 . 2012-07-07 12:40 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-07-07 01:45 . 2012-07-08 03:20 -------- d-----w- c:\programdata\F4D55F3B003185BB013C01EBB4EB2367
2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\users\pestyone\AppData\Roaming\Ashampoo
2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\users\pestyone\AppData\Local\ashampoo
2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\programdata\ashampoo
2012-07-06 13:32 . 2012-07-06 13:33 -------- d-----w- c:\users\pestyone\AppData\Roaming\EasyBurner
2012-07-06 07:45 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE5325E8-AA59-4065-8A4B-06AAE7E19B9D}\mpengine.dll
2012-07-04 10:08 . 2012-07-04 10:08 -------- d-----w- c:\users\pestyone\AppData\Local\SumRando
2012-06-28 19:22 . 2012-06-28 19:22 74352 ----a-w- c:\windows\SysWow64\sslsp104.dll
2012-06-28 19:21 . 2012-06-28 19:21 75888 ----a-w- c:\windows\system32\sslsp104.dll
2012-06-21 00:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 00:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 00:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 00:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 00:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 00:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 00:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 00:13 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 00:13 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-12 20:14 . 2012-06-12 20:14 -------- d-----w- c:\users\pestyone\AppData\Local\Conversion Online
2012-06-12 20:13 . 2012-06-12 20:13 -------- d-----w- c:\program files (x86)\Conversion Online
2012-06-12 17:46 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 17:46 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 17:46 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 17:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 17:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 17:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 17:41 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 17:41 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 17:41 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 17:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 17:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 17:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 17:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 17:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 17:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 17:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 17:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\users\pestyone\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 08:00 . 2012-07-08 01:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-11 07:49 . 2012-06-11 07:49 -------- d-----w- c:\users\pestyone\AppData\Roaming\DriverCure
2012-06-11 07:49 . 2012-06-11 07:49 -------- d-----w- c:\users\pestyone\AppData\Roaming\SpeedyPC Software
2012-06-10 22:15 . 2012-06-10 22:15 -------- d-----w- c:\users\pestyone\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 08:09 . 2012-04-22 01:47 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 08:09 . 2011-12-10 23:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-01 20:03 . 2012-06-01 20:03 116016 ----a-w- c:\windows\system32\drivers\15354131.sys
2012-05-30 04:25 . 2012-05-30 04:25 4101392 ----a-w- c:\windows\uninst.exe
2012-05-24 12:19 . 2012-05-24 12:19 388096 ----a-r- c:\users\pestyone\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-20 23:24 . 2011-04-18 23:57 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-05-20 23:23 . 2011-04-18 23:57 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-05-20 23:20 . 2012-05-20 23:20 4633992 ----a-w- c:\windows\system32\ETDUI.cpl
2012-05-16 18:07 . 2012-05-16 18:08 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-16 18:07 . 2012-05-15 23:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-14 01:21 . 2012-05-14 01:21 82816 ----a-w- c:\users\pestyone\AppData\Roaming\pcouffin.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanSetup"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tun3325;VPN Tunnel Adapter;c:\windows\system32\DRIVERS\tun3325.sys [2011-11-17 35056]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [2011-11-26 37016]
S1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [2011-11-26 30360]
S1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2011-11-26 41048]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-06 8704]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35344]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [2011-12-06 150168]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\RavMonD.exe [2011-11-26 264448]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-08 401696]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-25 11895400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\windows\system32\sslsp104.dll
Trusted Zone: extratorrent.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\02\03\01\010?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-10 03:07:50
ComboFix-quarantined-files.txt 2012-07-10 07:07
.
Pre-Run: 21,481,127,936 bytes free
Post-Run: 21,261,000,704 bytes free
.
- - End Of File - - 6920FA5F7CB22CC9492233B003208E6B


----------



## eddie5659 (Mar 19, 2001)

Lets look a bit deeper, to see if malware is blocking the folders from opening:

Okay, can you re-run SystemLook using the following code, and post the log:


```
:filefind
*Iobit*
*Funmoods*
*AVG*
*Conduit*
*Advanced Spyware Remover*
*SystemCare*
:folderfind
*Iobit*
*Funmoods*
*AVG*
*Conduit*
*Advanced Spyware Remover*
*SystemCare*
```
-------

Then, can you post your installed programs as follows:

Please go * here* to download *HijackThis*.
Save the *HijackThis.exe* file to your desktop.

Open HijackThis, click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.

--------

Then, delete the copy of OTL that you have, get a fresh one from here and run as follows. If only the one log is produced, that's fine 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## Verylost (Jul 15, 2010)

Dang seems to be a lot of crap in these logs that shouldn t be here but not sure what heres the un install list beats me what could get deleted - never used windows live yuk . .

???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Windows Live Mail
Windows Live Messenger
Windows Live fotogalerija
7-Zip 9.20
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advertising Center
aioscnnr
aioscnnr
Atheros Client Installation Program
BatteryLifeExtender
center
ConvertXtoDVD 4 english manual
ConvertXtoDVD 4.1.19.365
CyberLink YouCam
CyberLink YouCam
D3DX10
DolbyFiles
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
Easy WiFi Radar 1.0.3
EasyBatteryManager
EMCO Malware Destroyer 6
essentials
Files Terminator Free 2.3.0.4
Fotogalerija Windows Live
Freemake Video Converter version 3.0.1
Freemake Video Downloader
Galeria de Fotografias do Windows Live
Galería fotográfica de Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Google Earth
Google Update Helper
HiJackThis
Intel(R) Rapid Storage Technology
Java(TM) 6 Update 32
KODAK AiO Software
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Menu Templates - Starter Kit
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
ocr
OpenOffice.org 3.1
Poczta uslugi Windows Live
Pota Windows Live
PreReq
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Rising Antivirus
Rising Software Deployment System
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Toolbar Cleaner 1.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
Verizon Download Manager
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live fotoattelu galerija
Windows Live Fotogaléria
Windows Live Fotogalerie
Windows Live Fotogalerie
Windows Live Foto-galerija
Windows Live Fotogalleri
Windows Live Fotograf Galerisi
Windows Live Fotótár
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Pota
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinPcap 4.1.2
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

I only have one OTL log and here it is; looking for the first look link then i ll post it here; so 2 of 3 for now so whats going on . . .

OTL logfile created on: 7/12/2012 2:16:07 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\pestyone\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.63% Memory free
7.87 Gb Paging File | 6.00 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113.00 Gb Total Space | 16.30 Gb Free Space | 14.42% Space Free | Partition Type: NTFS
Drive D: | 166.50 Gb Total Space | 148.48 Gb Free Space | 89.18% Space Free | Partition Type: NTFS

Computer Name: PESTYONE-PC | User Name: pestyone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 02:15:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pestyone\Downloads\OTL.exe
PRC - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/11/26 07:20:56 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RsTray.exe
PRC - [2011/11/26 07:19:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\popwndexe.exe
PRC - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe
PRC - [2011/11/24 03:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/08/26 21:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/09 05:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/27 01:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/24 03:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/24 03:05:26 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2010/05/07 10:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/08/09 15:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:*64bit:* - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe -- (RsRavMon)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/11/26 07:16:30 | 000,041,048 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hvm.sys -- (HyperVM)
DRV:*64bit:* - [2011/11/26 07:16:29 | 000,037,016 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Hooksys.sys -- (hooksys)
DRV:*64bit:* - [2011/11/26 07:16:29 | 000,030,360 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookTdi.sys -- (HookTdi)
DRV:*64bit:* - [2011/11/17 14:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tun3325.sys -- (tun3325)
DRV:*64bit:* - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 23:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/02/11 17:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:*64bit:* - [2010/11/23 03:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/08/09 22:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:*64bit:* - [2010/07/08 04:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2010/04/27 03:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2011/09/15 07:37:04 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/08/03 01:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf.sys -- (npf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9EE14179-061B-460E-840B-2530D8988107}
IE - HKCU\..\SearchScopes\{9EE14179-061B-460E-840B-2530D8988107}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 08:17:07 | 000,000,000 | ---D | M]

[2012/01/07 17:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions
[2012/05/09 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/09 22:23:08 | 000,000,000 | ---D | M] (uTorrentControl3 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}
[2012/04/26 06:04:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/17 06:20:00 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

O1 HOSTS File: ([2012/06/01 15:32:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:*64bit:* - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O15 - HKCU\..Trusted Domains: extratorrent.com ([]https in Trusted sites)
O16:*64bit:* - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C93A6E3F-D3AD-4BC2-A1D8-AFDD6A3DB07C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5874F40-ED48-49D1-97C2-BC417465239C}: DhcpNameServer = 192.168.1.1
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bsmain)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 08:17:12 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\AVG Secure Search
[2012/07/11 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/11 08:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/11 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/11 08:16:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/11 08:15:07 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\FixCleaner
[2012/07/11 08:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/07/11 08:14:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/07/10 06:11:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/10 04:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
[2012/07/10 04:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
[2012/07/10 02:59:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 02:11:29 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Nero
[2012/07/10 01:46:25 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Nero
[2012/07/10 01:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/07/10 01:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012/07/10 01:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/07/10 01:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/07/08 07:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/07 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{CF7C29A2-06BA-4331-ADE6-34AFA2A1F2C8}
[2012/07/07 08:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/07/06 21:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B003185BB013C01EBB4EB2367
[2012/07/06 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Ashampoo
[2012/07/06 09:39:26 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\ashampoo
[2012/07/06 09:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012/07/06 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\EasyBurner
[2012/07/04 06:08:25 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\SumRando
[2012/07/02 07:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/02 03:55:30 | 000,000,000 | -H-D | C] -- C:\Users\pestyone\Documents\Freemake_do_not_remove_this_folder
[2012/06/30 17:43:32 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ._files
[2012/06/28 15:22:04 | 000,074,352 | ---- | C] (SumRando) -- C:\windows\SysWow64\sslsp104.dll
[2012/06/28 15:21:26 | 000,075,888 | ---- | C] (SumRando) -- C:\windows\SysNative\sslsp104.dll
[2012/06/12 16:14:17 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Conversion Online
[2012/06/12 16:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conversion Online
[2012/05/13 21:21:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\pestyone\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/12 02:13:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 02:13:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 02:05:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/12 02:05:17 | 4224,307,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 08:30:28 | 000,452,131 | ---- | M] () -- C:\Users\pestyone\Desktop\confuciuetext02cnfcs10.pdf
[2012/07/11 06:35:27 | 000,000,179 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\default.rss
[2012/07/10 23:08:56 | 005,716,992 | ---- | M] () -- C:\Users\pestyone\Desktop\FAQ_eng.exe
[2012/07/10 23:07:06 | 012,801,024 | ---- | M] () -- C:\Users\pestyone\Desktop\Win7_Vista_XP_Manual_eng.exe
[2012/07/10 10:53:49 | 000,000,307 | ---- | M] () -- C:\Users\pestyone\Documents\Ink Cart Order 7-10-12 . . ..rtf
[2012/07/10 04:18:30 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\EMCO Malware Destroyer 6.lnk
[2012/07/10 01:38:13 | 000,002,688 | ---- | M] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2012/07/10 01:38:13 | 000,002,664 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/07/08 07:41:25 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/08 07:32:10 | 000,000,351 | ---- | M] () -- C:\Users\pestyone\Documents\in and out of vuze - reds.rtf
[2012/07/08 07:08:22 | 018,886,696 | ---- | M] () -- C:\Users\pestyone\Desktop\Screw the Roses - Send Me the Thorns The Romance and Sexual Sorcery of Sadomasochism.pdf
[2012/07/07 22:23:43 | 000,001,189 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
[2012/07/07 02:39:24 | 000,000,802 | ---- | M] () -- C:\Users\pestyone\Documents\Red combos ext drive 7-1-12.rtf
[2012/07/06 09:31:38 | 000,031,470 | ---- | M] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
[2012/07/06 09:26:38 | 000,000,798 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
[2012/07/02 07:29:04 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/01 03:43:25 | 065,881,740 | ---- | M] () -- C:\Users\pestyone\Documents\The Kama Sutra Figures in Indian Art.pdf
[2012/07/01 03:10:28 | 000,000,304 | ---- | M] () -- C:\Users\pestyone\Documents\red groupings 6-30-12.rtf
[2012/07/01 03:10:22 | 000,000,648 | ---- | M] () -- C:\Users\pestyone\Documents\reds so far 6-23-12.rtf
[2012/06/30 23:09:05 | 000,004,004 | ---- | M] () -- C:\Users\pestyone\Documents\Wooden bowl.rtf
[2012/06/30 17:43:32 | 000,026,324 | ---- | M] () -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ..htm
[2012/06/29 08:46:59 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/29 08:46:59 | 000,628,484 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/29 08:46:59 | 000,110,636 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/28 15:22:04 | 000,074,352 | ---- | M] (SumRando) -- C:\windows\SysWow64\sslsp104.dll
[2012/06/28 15:21:26 | 000,075,888 | ---- | M] (SumRando) -- C:\windows\SysNative\sslsp104.dll
[2012/06/25 06:53:21 | 000,002,093 | ---- | M] () -- C:\Users\pestyone\Documents\guy needs help with story 6-25-12.rtf
[2012/06/19 13:38:23 | 000,001,160 | ---- | M] () -- C:\Users\pestyone\Documents\battery fix.rtf
[2012/06/13 08:21:47 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\ConvertXtoDVD 4 english manual.lnk
[2012/06/12 14:04:17 | 000,293,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/11 08:30:28 | 000,452,131 | ---- | C] () -- C:\Users\pestyone\Desktop\confuciuetext02cnfcs10.pdf
[2012/07/10 23:06:12 | 012,801,024 | ---- | C] () -- C:\Users\pestyone\Desktop\Win7_Vista_XP_Manual_eng.exe
[2012/07/10 23:05:34 | 005,716,992 | ---- | C] () -- C:\Users\pestyone\Desktop\FAQ_eng.exe
[2012/07/10 10:53:49 | 000,000,307 | ---- | C] () -- C:\Users\pestyone\Documents\Ink Cart Order 7-10-12 . . ..rtf
[2012/07/10 04:18:30 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\EMCO Malware Destroyer 6.lnk
[2012/07/10 02:11:41 | 000,000,179 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\default.rss
[2012/07/10 01:38:13 | 000,002,688 | ---- | C] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2012/07/10 01:38:13 | 000,002,664 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/07/08 07:41:25 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/08 07:32:09 | 000,000,351 | ---- | C] () -- C:\Users\pestyone\Documents\in and out of vuze - reds.rtf
[2012/07/08 07:08:21 | 018,886,696 | ---- | C] () -- C:\Users\pestyone\Desktop\Screw the Roses - Send Me the Thorns The Romance and Sexual Sorcery of Sadomasochism.pdf
[2012/07/06 09:31:40 | 000,031,470 | ---- | C] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
[2012/07/02 07:29:04 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/01 05:51:44 | 000,000,802 | ---- | C] () -- C:\Users\pestyone\Documents\Red combos ext drive 7-1-12.rtf
[2012/07/01 03:43:25 | 065,881,740 | ---- | C] () -- C:\Users\pestyone\Documents\The Kama Sutra Figures in Indian Art.pdf
[2012/06/30 23:03:24 | 000,004,004 | ---- | C] () -- C:\Users\pestyone\Documents\Wooden bowl.rtf
[2012/06/30 19:29:41 | 000,000,304 | ---- | C] () -- C:\Users\pestyone\Documents\red groupings 6-30-12.rtf
[2012/06/30 17:43:31 | 000,026,324 | ---- | C] () -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ..htm
[2012/06/25 06:53:21 | 000,002,093 | ---- | C] () -- C:\Users\pestyone\Documents\guy needs help with story 6-25-12.rtf
[2012/06/23 06:43:32 | 000,000,648 | ---- | C] () -- C:\Users\pestyone\Documents\reds so far 6-23-12.rtf
[2012/05/24 16:29:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/24 16:29:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/24 16:29:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/24 16:29:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/24 16:29:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/14 06:38:32 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_en.bmp
[2012/05/14 06:38:08 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_es.bmp
[2012/05/13 21:21:39 | 000,007,859 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.cat
[2012/05/13 21:21:39 | 000,001,167 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.inf
[2012/05/10 00:16:52 | 000,000,798 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
[2012/05/07 23:50:54 | 000,001,189 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
[2012/04/13 06:47:12 | 000,000,600 | ---- | C] () -- C:\Users\pestyone\PUTTY.RND
[2011/11/26 07:18:11 | 000,000,134 | ---- | C] () -- C:\windows\SysWow64\BsMain.ini
[2011/11/26 03:25:39 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/26 00:13:05 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe
[2011/11/26 00:12:48 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/04/18 21:13:20 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2011/04/18 20:50:28 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/04/18 19:25:03 | 000,005,931 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/02/11 23:15:08 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2011/02/11 23:15:08 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2011/02/11 23:15:08 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2011/02/11 17:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll

========== LOP Check ==========

[2012/05/31 04:45:37 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\AbiSuite
[2012/07/06 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Ashampoo
[2012/01/07 22:01:33 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Avant Downloader
[2012/05/26 06:34:42 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Curiolab
[2012/06/11 03:49:08 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\DriverCure
[2012/05/26 18:06:14 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\DVDVideoSoft
[2012/07/06 09:33:19 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\EasyBurner
[2012/07/11 08:15:23 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\FixCleaner
[2012/05/07 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Free Media Converter
[2012/05/11 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\IrfanView
[2012/06/11 03:03:12 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\JAM Software
[2012/05/17 15:34:20 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\KastorVideoConverter
[2012/05/10 04:08:57 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\mkvtoolnix
[2012/01/07 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Moonchild Productions
[2012/05/15 19:59:04 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\OfficeSuiteX
[2012/05/16 00:24:41 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\OpenOffice.org
[2012/05/30 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\PC Cleaners
[2012/05/30 00:25:54 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\PCPro
[2012/05/09 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\QuickZip
[2011/11/26 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Samsung
[2012/05/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\SoftGrid Client
[2012/06/11 03:49:07 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\SpeedyPC Software
[2012/05/21 13:24:50 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\TeamViewer
[2012/04/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Temp
[2012/05/06 02:13:51 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\TP
[2012/05/14 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Windows Live Writer
[2012/05/17 15:14:39 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\XMedia Recode
[2012/05/16 13:56:29 | 000,032,654 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


----------



## Verylost (Jul 15, 2010)

Ok this is getting serious and very annoying ; A V G popped back in for a quick visit and i hope i deleted it fast and now i have some crap from AVG called toolbarupdater.ex . .

Getting very tired of this and nothing is getting fix ed so if you don t have one big huge idea to fix my many mess's guess the only thing to do is call a techy to my house and fix the bloody mess is their any fix in sight from your end ?


----------



## Verylost (Jul 15, 2010)

Ok managed to delete avg search again and something called vpot whats with that crap; do you see anything blocking me or programs and what malwear do you see it the logs and how do i delete that crap.

now what did you want me to re post i will look still here . .


----------



## Verylost (Jul 15, 2010)

Ok you asked for a sys look log hope this looks like it found junk - later . .

SystemLook 30.07.11 by jpshortstuff
Log created at 09:10 on 14/07/2012 by pestyone
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "*Iobit*"
No files found.
Searching for "*Funmoods*"
C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx --a---- 31470 bytes [13:31 06/07/2012] [13:31 06/07/2012] BC64C97573527DDBC0F6522A28E6C96E
Searching for "*AVG*"
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FR53UHC\1054434-avg-secure-search-must-go-4[1].htm --a---- 191096 bytes [13:09 14/07/2012] [13:09 14/07/2012] 123F01F98B0B7608AF38C30857613017
Searching for "*Conduit*"
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml --a---- 192 bytes [03:38 08/05/2012] [11:41 11/05/2012] F159884E3BCD46C383F9086F4BF788C1
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml --a---- 188 bytes [13:53 11/05/2012] [13:53 11/05/2012] E2A87E535CF5282072AA46166D27D1DF
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [02:23 10/05/2012] [06:04 18/04/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml --a---- 935 bytes [02:23 10/05/2012] [06:04 18/04/2012] EA3447EB2DF2363DF9B9CB0429342219
Searching for "*Advanced Spyware Remover*"
No files found.
Searching for "*SystemCare*"
No files found.
========== folderfind ==========
Searching for "*Iobit*"
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [16:19 11/05/2012]
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [16:19 11/05/2012]
Searching for "*Funmoods*"
No folders found.
Searching for "*AVG*"
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search d------ [20:35 13/05/2012]
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search d------ [20:35 13/05/2012]
C:\Users\pestyone\AppData\Local\AVG Secure Search d------ [12:17 11/07/2012]
C:\Users\pestyone\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
Searching for "*Conduit*"
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit d------ [03:35 08/05/2012]
C:\Users\pestyone\AppData\LocalLow\Conduit d------ [03:35 08/05/2012]
C:\Users\pestyone\AppData\LocalLow\ConduitEngine d------ [13:39 06/07/2012]
Searching for "*Advanced Spyware Remover*"
No folders found.
Searching for "*SystemCare*"
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [16:19 11/05/2012]
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [16:19 11/05/2012]
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Well, your Java is out of date, so you can update that, but its not related to the AVG problem.

Your Java is out of date, so lets do that next:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 5 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u5-windows-i586.exe* and select "Run as an Administrator.")
Don't install any of the toolbars that are offered.

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

---------------

Also, did you install this?

EMCO Malware Destroyer 6

====================
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
_ Modification of the registry can be *EXTREMELY* dangerous if you do not know exactly what you are doing so follow the steps that are listed below *EXACTLY*. if you cannot perform some of these steps or if you have *ANY* questions please ask *BEFORE* proceeding._

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.









*Registry Modifications*

--

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
PRC - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
SRV - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2475029
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
[2012/05/09 22:23:08 | 000,000,000 | ---D | M] (uTorrentControl3 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}
[2012/04/26 06:04:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/17 06:20:00 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 08:17:07 | 000,000,000 | ---D | M]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
[2012/07/11 08:17:12 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\AVG Secure Search
[2012/07/11 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/11 08:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/11 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/06 09:31:38 | 000,031,470 | ---- | M] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
:Files
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\ProgramData\AVG Secure Search
C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
C:\Users\pestyone\AppData\Local\AVG Secure Search
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit
C:\Users\pestyone\AppData\LocalLow\Conduit
C:\Users\pestyone\AppData\LocalLow\ConduitEngine
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

----------------------------

You also have a file that is not found anywhere running on your system. Can you upload a copy of it for me to check further. In case you're wondering where I saw it, its in your OTL log here:

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)

----

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\windows\SysNative\sslsp104.dll
> *


Let me know when its uploaded


----------



## Verylost (Jul 15, 2010)

Ok what fun updated jave but not sure if it worked got no confrimation.

Did the ERUNT thingy wonder how that worked hum .

And heres the OTL log . .

Working on trying to find the files you posted and re post here - later . .

All processes killed
========== OTL ==========
No active process named ToolbarUpdater.exe was found!
Error: No service named vToolbarUpdater11.2.0 was found to stop!
Service\Driver key vToolbarUpdater11.2.0 not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\modules folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\META-INF folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\defaults folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\chrome folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a} folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll not found.
C:\Users\pestyone\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
C:\Users\pestyone\AppData\Local\AVG Secure Search folder moved successfully.
Folder C:\ProgramData\AVG Secure Search\ not found.
Folder C:\Program Files (x86)\Common Files\AVG Secure Search\ not found.
Folder C:\Program Files (x86)\AVG Secure Search\ not found.
File C:\Users\pestyone\AppData\Local\funmoods.crx not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search not found.
File\Folder C:\ProgramData\AVG Secure Search not found.
C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml moved successfully.
File\Folder C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt not found.
File\Folder C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml not found.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit folder moved successfully.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search\cache folder moved successfully.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search\cache folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search folder moved successfully.
File\Folder C:\Users\pestyone\AppData\Local\AVG Secure Search not found.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\ConduitEngine\MyStuffApps folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\ConduitEngine\Logs folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\ConduitEngine folder moved successfully.
File\Folder C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 not found.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\pestyone\Downloads\cmd.bat deleted successfully.
C:\Users\pestyone\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pestyone
->Temp folder emptied: 37763285 bytes
->Temporary Internet Files folder emptied: 25400588 bytes
->Java cache emptied: 285785 bytes
->Flash cache emptied: 930 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 366678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: pestyone
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: pestyone
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07162012_052135
Files\Folders moved on Reboot...
C:\Users\pestyone\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\1054434-avg-secure-search-must-go-4[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\DtCol[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[3].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[2] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[3] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[4] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\01[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5275251235[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5543162843[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[3].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[4].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\data_sync[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\DtCol[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[2] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\8151466274[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\ff2[5].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\md[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\newattachment[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\storage[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\welcome[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\_;mtfIFrameRequest=false;ord=1342427648[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\5150153640[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\abmw[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\clk[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[2] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[3] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[4] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\welcome[2].htm moved successfully.
PendingFileRenameOperations files...
File C:\Users\pestyone\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\1054434-avg-secure-search-must-go-4[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\DtCol[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[3].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[2] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[3] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[4] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\01[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5275251235[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5543162843[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[3].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[4].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\data_sync[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\DtCol[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[2] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\8151466274[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\ff2[5].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\md[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\newattachment[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\storage[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\welcome[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\_;mtfIFrameRequest=false;ord=1342427648[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\5150153640[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\abmw[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\clk[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[2] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[3] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[4] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\welcome[2].htm not found!
Registry entries deleted on Reboot...


----------



## Verylost (Jul 15, 2010)

awww not that file packer again getting tired need a short break things are getting worse on this end the files you wanted ; the 6 of them i can t find them - later 

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)


----------



## eddie5659 (Mar 19, 2001)

Just reading here:

http://forums.techguy.org/networking/1061229-wifi-yellow-icon-but-connected.html

You said you're getting messages about Rootkit.0Access and Trojan.Dropper.BCMiner. When have you been getting the Rookit messages? I thought it was just AVG search to remove. Which programs are telling you about the rootkit message?

None of the tools we've used mention this, least not in any of the logs you posted.

I know you don't want to use the sfp tool again, but the file that you have on your system, is not found anywhere, and running from where it is, could be the key to the infection. Its just the one file, so if you can do this, I can check the file fully:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\windows\SysNative\sslsp104.dll
> *


-------------

Also, as its Zero Access you get message about, can you do this again with ComboFix:

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Verylost (Jul 15, 2010)

awww crap- dang tryed 2x to post here and bring you up to date but both times have been logged out by this site so one more short try; google " Bad Pool Health " and you ll see the only fix is recovery - stressed out and tired over re formatting and re loading software bk on my PC . .

Later . .


----------



## etaf (Oct 2, 2003)

please up date the post - that samsung have now been involved and restored the PC - and explain exactly what that means so we know the full details and if you still require service from this site , can continue to help. 

I would also suggest as you are concerned about the time taken here, you look for an alternative solution for your problem such as the local shop you mentioned to me in a PM or other sites where you pay for the service.

This site will continue to operate the policy of only authorised malware advisor's operate here and that we will not allow multiple people to answer questions as from our experience that will cause more issues to the posters pc then resolve the issue


----------



## Cookiegal (Aug 27, 2003)

VeryLost,

You've been a member here for two years and during that time, you've started a multitude of threads and received a lot of assistance. I've reviewed several of those threads and it seems you are very impatient and always have something negative to say about the help you receive or the site in general.

In this thread you complained more than once about the time it was taking yet there were also long absences on your part (Eddie also had some computer problems causing a delay....yes, even computer techs are not immune to having issues with their systems). Also, you often failed to follow the instructions but instead you were doing other things on your own, making it very difficult to help you. The logs also showed evidence of using cracking programs to pirate software, which we do not condone or support, so many of the problems you're experiencing are self-inflicted. You also started three separate threads while this one was ongoing which only added more confusion, not to mention getting other people involved and wasting their time too when they could have been helping other people who are waiting patiently for someone to help them.

You received a lot of help for various problems with your Vista machine until you finally reformatted it. At this point, that's the best thing you can do with the Windows 7 laptop as well.

Also, in the future, I think it would be best if you sought help on another web site, where they may be more receptive to your style of posting. Consequently, although you're not banned, I am closing your account and this thread.


----------

