dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5390
rockerrr
join:2012-11-11
Nampa, ID

1 edit

rockerrr

Member

[Trojan] Multiple infections, Windows installer is not installed

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Vernon :: BORCHLAP [administrator]

11/10/2012 7:17:55 AM
mbam-log-2012-11-10 (07-17-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 864905
Time elapsed: 23 hour(s), 33 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\Users\Vernon\Downloads\video-download-toolbar-setup.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\Broken Pictures\Sample14.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\Broken Pictures\shape6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\Broken Pictures\shape7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\Broken Pictures\@rip_bg.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\Broken Pictures\PAT002.BMP (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\Broken Pictures\PAT018.BMP (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\Broken Pictures\shape8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\bu\Broken Pictures\@rip_bg.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\bu\Broken Pictures\PAT002.BMP (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\bu\Broken Pictures\PAT018.BMP (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\bu\Broken Pictures\Sample14.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\bu\Broken Pictures\shape6.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\bu\Broken Pictures\shape7.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Combined Broken Files From PVR\bu\Broken Pictures\shape8.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
F:\To Non Recovery drive\Software to try\google-chrome-setup.exe (Adware.ToDownload) -> Quarantined and deleted successfully.
C:\Users\Vernon\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Vernon\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Vernon\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

Re: [Trojan] Multiple infections, Windows installer is not insta



OTL logfile created on: 11/11/2012 8:28:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vernon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 60.93% Memory free
6.07 Gb Paging File | 4.85 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 104.93 Gb Free Space | 36.54% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.36 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 306.75 Gb Free Space | 21.95% Space Free | Partition Type: NTFS
Drive G: | 14.83 Gb Total Space | 14.69 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
Drive H: | 7.20 Gb Total Space | 2.70 Gb Free Space | 37.45% Space Free | Partition Type: FAT32

Computer Name: BORCHLAP | User Name: Vernon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/11/10 06:26:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vernon\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/11 08:13:02 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.287\SSScheduler.exe
PRC - [2012/07/13 09:35:52 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/05/18 09:37:40 | 000,116,632 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/04/17 08:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/04/11 08:22:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\afasrv32.exe
PRC - [2011/11/22 23:16:48 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2011/10/31 08:31:48 | 000,220,824 | ---- | M] () -- D:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/17 08:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/06/28 07:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/04/27 09:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2010/04/27 09:44:52 | 000,102,503 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2010/04/27 09:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009/07/02 17:28:58 | 000,030,720 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/07/13 09:35:52 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2011/11/22 23:16:48 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2010/07/04 14:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/04/27 09:43:30 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BsMobileCSps.dll
MOD - [2010/04/12 08:19:56 | 000,237,568 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
MOD - [2010/03/31 20:59:22 | 000,122,880 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/09/23 16:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2003/05/01 16:23:28 | 000,041,472 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\Mobile\CsCvt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - File not found [Disabled | Stopped] -- -- (bhohalzkeiqsxb)
SRV - [2012/11/09 21:39:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 23:02:20 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/11 08:12:16 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.287\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/18 09:37:40 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/04/17 08:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/04/11 08:22:25 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\afasrv32.exe -- (AfaService)
SRV - [2011/10/31 08:31:48 | 000,220,824 | ---- | M] () [Auto | Running] -- D:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/17 08:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/25 10:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/27 09:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2010/04/27 09:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/02 17:28:58 | 000,030,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/03/19 14:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/06 16:55:24 | 000,105,248 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vernon\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi)
DRV - File not found [Kernel | System | Stopped] -- -- (aswSP)
DRV - File not found [File_System | System | Stopped] -- -- (aswSnx)
DRV - File not found [Kernel | System | Stopped] -- -- (AswRdr)
DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - File not found [File_System | Auto | Stopped] -- -- (aswFsBlk)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/17 05:06:04 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)
DRV - [2012/07/11 03:31:20 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/06/08 15:08:26 | 000,024,576 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2012/04/17 07:25:02 | 000,027,080 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2011/11/27 08:42:26 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\Windows\iprot\4a25082f-17e6-4672-ac75-210519066833\PhysMem.sys -- (4a25082f-17e6-4672-ac75-210519066833)
DRV - [2011/10/31 08:32:40 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2011/10/31 08:32:14 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pssnap.sys -- (pssnap)
DRV - [2011/10/31 08:32:02 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psmounter.sys -- (PSMounter)
DRV - [2011/09/02 22:29:40 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/09/02 22:29:36 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/08/08 16:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/07/07 15:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/04/13 20:48:10 | 000,027,760 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2011/03/10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/12/20 22:55:02 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/12/20 22:55:02 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2010/12/20 22:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/29 17:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\Windows\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/04/19 15:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2010/04/06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010/04/06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010/04/06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010/04/06 17:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcombus.sys -- (BTCOMBUS)
DRV - [2010/04/06 17:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcomport.sys -- (BTCOM)
DRV - [2010/01/18 15:39:06 | 000,003,200 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/06/09 16:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/23 15:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/29 07:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 15:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/27 09:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/06 16:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 16:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2002/07/25 11:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Bulk50x.sys -- (USBCamera)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {6c824316-13ae-4d3e-8ea9-640af6a1d847} - C:\Program Files\poker__live\prxtbpoke.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{98B479F5-B95C-4F0B-AB3C-BB349B7CB935}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CzytBtCtBtD0F0CyEtAtCtN0D0Tzu0CtBzzzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=288607638
IE - HKLM\..\SearchScopes\{B7BA1697-368E-4C6E-AD99-97A1E7188EDA}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 7A 46 E8 47 B8 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll (Minibar)
IE - HKCU\..\URLSearchHook: {6c824316-13ae-4d3e-8ea9-640af6a1d847} - C:\Program Files\poker__live\prxtbpoke.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS339
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={610A667F-F87F-4172-BFE1-25EB65F53815}&mid=d0a94290bb7047d09ae8d158213cd362-a911ee428c7f998f5021dd797ff3269570a858d1&lang=en&ds=AVG&pr=fr&d=2012-05-31 01:21:08&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..CT3247201.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {97A78363-B868-4B48-AC91-A783A31215AF}:1.1.0
FF - prefs.js..extensions.enabledAddons: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}:10.10.27.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3247201&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vernon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vernon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vernon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/11/11 08:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/07 23:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 23:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 23:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/05 03:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/11 08:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2012/06/14 12:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2012/09/11 08:08:59 | 000,000,000 | ---D | M]

[2011/01/09 07:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Extensions
[2012/10/31 08:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions
[2012/09/11 08:09:48 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/10/07 05:56:18 | 000,000,000 | ---D | M] (InternetHelper1.5) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}
[2012/09/11 08:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/15 04:34:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/13 23:22:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/09/11 08:09:49 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/10/31 08:21:36 | 000,000,000 | ---D | M] (Video Download Toolbar) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
[2012/02/19 00:51:56 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(280)
[2012/10/15 21:06:30 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\ffxtlbr@funmoods.com
[2012/10/07 06:27:00 | 000,000,927 | ---- | M] () -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\searchplugins\conduit.xml
[2012/10/15 21:07:02 | 000,002,351 | ---- | M] () -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\searchplugins\Funmoods.xml
[2012/11/07 11:52:08 | 000,000,950 | ---- | M] () -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\searchplugins\icqplugin-1.xml
[2012/07/24 13:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\searchplugins\icqplugin.gif
[2011/03/30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\searchplugins\icqplugin.xml
[2012/07/11 03:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/24 11:15:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/11 03:34:48 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012/07/06 15:01:06 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012/11/05 03:42:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2000/01/01 02:00:00 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/06/28 08:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/11/10 13:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/07/06 14:41:27 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/07 04:01:43 | 000,002,361 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/25 06:25:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 14:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012/04/17 08:00:00 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/10/19 21:47:02 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://search.conduit.com/?ctid=CT3247201&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.conduit.com/?ctid=CT3247201&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vernon\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vernon\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vernon\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Vernon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_1\
CHR - Extension: AT_Porsche = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3\
CHR - Extension: Virtual Keyboard = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_1\
CHR - Extension: DivX Plus Web Player HTML5 \\u003Cvideo\\u003E = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Vernon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/10/17 02:31:39 | 000,444,348 | R--- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15263 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (InternetHelper1.5 Toolbar) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (poker live Toolbar) - {6c824316-13ae-4d3e-8ea9-640af6a1d847} - C:\Program Files\poker__live\prxtbpoke.dll (Conduit Ltd.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Minibar.dll (Minibar)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (InternetHelper1.5 Toolbar) - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (poker live Toolbar) - {6c824316-13ae-4d3e-8ea9-640af6a1d847} - C:\Program Files\poker__live\prxtbpoke.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper1.5 Toolbar) - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - C:\Program Files\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (poker live Toolbar) - {6C824316-13AE-4D3E-8EA9-640AF6A1D847} - C:\Program Files\poker__live\prxtbpoke.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search and Recover Disk Image Service] C:\Users\Vernon\Recover\DiskImageService.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send Image to Photo Library - C:\ProgramData\MGI\PhotoSuite4\Temp\MGI00000.html ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\Minibar.dll (Minibar)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://192.168.0.253/bl_camera.cab (Reg Error: Key error.)
lilhurricane

lilhurricane

Numquam oblita

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.64.48.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{677D4FD1-5C9D-47A5-8974-AFC972B4E3D3}: DhcpNameServer = 10.64.48.1 205.171.2.25
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/31 15:42:32 | 000,000,062 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1f574380-b599-11e1-8607-001f16d6ec81}\Shell - "" = AutoRun
O33 - MountPoints2\{1f574380-b599-11e1-8607-001f16d6ec81}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{93ba8ebc-f13f-11e1-9472-001f16d6ec81}\Shell - "" = AutoRun
O33 - MountPoints2\{93ba8ebc-f13f-11e1-9472-001f16d6ec81}\Shell\AutoRun\command - "" = F:\Autorun.exe /s
O33 - MountPoints2\{e30ee68d-3436-11e0-b83f-001167d83a91}\Shell\AutoRun\command - "" = wscript.exe Deploy\Scripts\BDD_AutoRun.wsf
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\Vernon\AppData\Roaming\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/11/10 06:35:33 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Desktop\Chris Schultze
[2012/11/10 06:34:34 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Desktop\Custody Reading
[2012/11/10 06:33:22 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Desktop\Captures
[2012/11/10 06:29:34 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Desktop\Shortcuts
[2012/11/10 06:26:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vernon\Desktop\OTL.exe
[2012/11/05 07:05:14 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Desktop\From Thumb drive
[2012/11/01 01:28:45 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Desktop\Recovered3
[2012/10/31 08:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/10/31 08:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/10/31 08:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Minibar
[2012/10/31 08:21:10 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\Minibar
[2012/10/31 08:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Video Download Button
[2012/10/31 08:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoDownloadToolbar
[2012/10/31 08:20:26 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Roaming\VideoDownloadToolbar
[2012/10/31 08:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\VideoDownloadToolbar
[2012/10/31 08:19:22 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\TempDIR
[2012/10/24 10:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2012/10/24 03:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Jpegsnoop
[2012/10/23 08:38:06 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Documents\recov2
[2012/10/23 07:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Recover Files
[2012/10/23 07:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2012/10/23 07:21:32 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2012/10/23 07:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2012/10/23 07:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\eSupport.com
[2012/10/23 07:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/10/22 09:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/10/22 08:59:01 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Roaming\PandoraRecovery
[2012/10/22 08:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2012/10/22 08:52:12 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Roaming\GlarySoft
[2012/10/22 08:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Undelete
[2012/10/22 08:13:10 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Documents\SFPR recovery
[2012/10/22 00:01:38 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Documents\sppr recovery
[2012/10/21 23:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/10/21 07:45:34 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Documents\Disk Images
[2012/10/21 02:17:42 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Roaming\JPEGsnoop
[2012/10/20 22:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fixit Center New
[2012/10/20 22:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dreamweaver
[2012/10/19 21:13:57 | 000,000,000 | ---D | C] -- C:\MATS
[2012/10/17 21:24:50 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\{79633115-2DB9-4BC5-8B65-610D42C64D67}
[2012/10/17 21:24:09 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\{6F375659-E264-4BB4-9DF2-B889EB7DF2F4}
[2012/10/17 05:14:20 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Documents\Software Keys, passwords, etc
[2012/10/17 05:12:34 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Documents\Pictures
[2012/10/17 03:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Picture Doctor
[2012/10/17 02:31:03 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\{10BC8E89-60FF-4BFB-A4DA-9E5126BB9186}
[2012/10/16 09:06:08 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/10/16 08:24:20 | 000,000,000 | ---D | C] -- C:\Users\Vernon\Desktop\How to Recover Deleted Facebook Messages Guide
[2012/10/15 19:47:56 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\{09273C87-3D09-411B-9539-95E7D28A175B}
[2012/10/15 04:27:46 | 000,000,000 | ---D | C] -- C:\Users\Vernon\AppData\Local\{B478A01B-BDE1-4657-B52A-C70C48D2E2B1}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/11/11 08:26:49 | 000,001,230 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2012/11/11 08:20:13 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509414838-4269606527-2852130047-1000UA.job
[2012/11/11 08:19:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/11 08:17:54 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/11 08:17:54 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/11 08:16:01 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/11/11 08:14:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/11 08:11:24 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 08:11:24 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 08:10:53 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/11/11 08:10:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/11 08:10:42 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 08:08:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/11/11 08:01:04 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/11/11 07:44:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 03:25:41 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vernon.job
[2012/11/10 14:20:30 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-509414838-4269606527-2852130047-1000Core.job
[2012/11/10 07:12:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/10 06:28:00 | 000,881,833 | ---- | M] () -- C:\Users\Vernon\Desktop\SecurityCheck.exe
[2012/11/10 06:26:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vernon\Desktop\OTL.exe
[2012/11/10 06:26:22 | 000,008,939 | ---- | M] () -- C:\Users\Vernon\Desktop\cleaning.rtf
[2012/11/10 06:04:51 | 000,318,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/10 05:59:40 | 000,001,356 | ---- | M] () -- C:\Users\Vernon\AppData\Local\d3d9caps.dat
[2012/11/09 23:08:32 | 000,000,632 | RHS- | M] () -- C:\Users\Vernon\ntuser.pol
[2012/11/09 21:57:53 | 000,000,289 | ---- | M] () -- C:\Users\Vernon\Desktop\Paesseler network monitor.rtf
[2012/11/09 21:39:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/09 21:39:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/08 13:04:43 | 000,035,716 | ---- | M] () -- C:\Users\Vernon\AppData\Roaming\wklnhst.dat
[2012/11/07 09:02:13 | 000,081,920 | ---- | M] () -- C:\Users\Vernon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/07 00:50:55 | 000,002,009 | ---- | M] () -- C:\Users\Vernon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/05 07:10:27 | 000,017,711 | ---- | M] () -- C:\Users\Vernon\Desktop\October 31, 2012.wlmp
[2012/11/05 06:49:17 | 010,952,370 | ---- | M] () -- C:\Users\Vernon\Documents\BE FREE2.wav
[2012/11/05 06:41:28 | 013,902,706 | ---- | M] () -- C:\Users\Vernon\Documents\BE FREE.wav
[2012/11/05 06:16:58 | 000,046,591 | ---- | M] () -- C:\Users\Vernon\Documents\JM 08 Nov. 05 06.16.jpg
[2012/11/05 06:16:35 | 000,037,710 | ---- | M] () -- C:\Users\Vernon\Documents\JM 06 Nov. 05 06.16.jpg
[2012/11/05 06:16:13 | 000,049,079 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 06.16.jpg
[2012/11/05 06:15:49 | 000,033,977 | ---- | M] () -- C:\Users\Vernon\Documents\JM 03 Nov. 05 06.15.jpg
[2012/11/05 06:15:07 | 000,033,820 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 06.15.jpg
[2012/11/05 05:35:45 | 000,115,202 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 05.35.jpg
[2012/11/05 05:24:03 | 000,002,790 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 05.24.jpg
[2012/11/05 05:15:15 | 000,011,145 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 05.15.jpg
[2012/11/05 04:58:44 | 002,201,646 | ---- | M] () -- C:\Users\Vernon\Documents\Bell 3x.wav
[2012/11/05 04:47:44 | 000,000,188 | ---- | M] () -- C:\Windows\sc.INI
[2012/11/05 04:35:12 | 004,163,098 | ---- | M] () -- C:\Users\Vernon\Documents\Bell Ring.wav
[2012/11/05 04:13:58 | 000,009,990 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 04.13.jpg
[2012/11/05 00:33:08 | 000,166,007 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.33.jpg
[2012/11/05 00:29:19 | 000,017,515 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.29.jpg
[2012/11/05 00:15:50 | 000,023,227 | ---- | M] () -- C:\Users\Vernon\Documents\JM 13 Nov. 05 00.15.jpg
[2012/11/05 00:15:32 | 000,027,183 | ---- | M] () -- C:\Users\Vernon\Documents\JM 11 Nov. 05 00.15.jpg
[2012/11/05 00:15:03 | 000,022,556 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.15.jpg
[2012/11/05 00:09:24 | 000,018,124 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.09.jpg
[2012/11/05 00:08:39 | 000,017,821 | ---- | M] () -- C:\Users\Vernon\Documents\JM 07 Nov. 05 00.08.jpg
[2012/11/05 00:08:24 | 000,023,533 | ---- | M] () -- C:\Users\Vernon\Documents\JM 05 Nov. 05 00.08.jpg
[2012/11/05 00:08:06 | 000,018,788 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.08.jpg
[2012/11/05 00:07:37 | 000,013,185 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.07.jpg
[2012/11/05 00:06:59 | 000,138,255 | ---- | M] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.06.jpg
[2012/11/02 07:57:55 | 000,676,646 | ---- | M] () -- C:\Users\Vernon\Documents\Texts to Susan.pdf
[2012/11/02 07:29:20 | 000,207,580 | ---- | M] () -- C:\Users\Vernon\Documents\SMS with BOBBI HENRY CUNINGHAM - rockerrr64@gmail -1.pdf
[2012/11/02 07:28:19 | 000,288,950 | ---- | M] () -- C:\Users\Vernon\Documents\Gmail - SMS with BOBBI HENRY CUNINGHAM - 2.pdf
[2012/11/01 05:37:57 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\DriverNavigator Scheduled Scan.job
[2012/10/31 06:43:46 | 000,147,205 | ---- | M] () -- C:\Users\Vernon\Documents\The Salvation Army expands work to 117 countries.pdf
[2012/10/31 06:41:59 | 000,056,968 | ---- | M] () -- C:\Users\Vernon\Documents\501c9b7e404d6.image.jpg
[2012/10/31 06:41:39 | 002,599,064 | ---- | M] () -- C:\Users\Vernon\Documents\New Caldwell lieutenant hopes to help as Salvation Army sees surge in need - Idaho Press-Tribune_ Members.pdf
[2012/10/31 06:36:36 | 000,091,093 | ---- | M] () -- C:\Users\Vernon\Documents\4e0d534bb21a7.image.jpg
[2012/10/31 06:35:52 | 002,212,130 | ---- | M] () -- C:\Users\Vernon\Documents\Recession hits hard at Caldwell Salvation Army - Idaho Press-Tribune_ News2.pdf
[2012/10/31 06:32:42 | 000,109,732 | ---- | M] () -- C:\Users\Vernon\Documents\Recession hits hard at Caldwell Salvation Army - Idaho Press-Tribune_ News.pdf
[2012/10/30 03:56:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012/10/24 20:15:08 | 000,013,824 | ---- | M] () -- C:\Users\Vernon\Documents\Key Database.xlr
[2012/10/22 08:52:13 | 000,000,870 | ---- | M] () -- C:\Users\Vernon\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Undelete.lnk
[2012/10/21 08:55:05 | 000,005,409 | ---- | M] () -- C:\Users\Vernon\Documents\JPEG_000194.jpg.export.000001.jpg
[2012/10/21 08:52:27 | 000,000,264 | ---- | M] () -- C:\Users\Vernon\Documents\JPEG_000194.jpg.tif
[2012/10/19 20:15:22 | 003,327,000 | ---- | M] () -- C:\Users\Vernon\Desktop\WindowsXP-KB942288-v3-x86.exe
[2012/10/18 04:53:09 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVernon.job
[2012/10/18 03:53:31 | 000,000,352 | ---- | M] () -- C:\Users\Vernon\Desktop\Phone Forensics.rtf
[2012/10/17 04:33:19 | 000,000,571 | ---- | M] () -- C:\Users\Vernon\Desktop\Free Photo and File Recovery Software.rtf
[2012/10/17 02:31:39 | 000,444,348 | R--- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/11/10 07:12:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/10 06:27:49 | 000,881,833 | ---- | C] () -- C:\Users\Vernon\Desktop\SecurityCheck.exe
[2012/11/10 06:26:22 | 000,008,939 | ---- | C] () -- C:\Users\Vernon\Desktop\cleaning.rtf
[2012/11/10 06:04:28 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/09 21:57:53 | 000,000,289 | ---- | C] () -- C:\Users\Vernon\Desktop\Paesseler network monitor.rtf
[2012/11/05 06:49:15 | 010,952,370 | ---- | C] () -- C:\Users\Vernon\Documents\BE FREE2.wav
[2012/11/05 06:41:23 | 013,902,706 | ---- | C] () -- C:\Users\Vernon\Documents\BE FREE.wav
[2012/11/05 06:16:58 | 000,046,591 | ---- | C] () -- C:\Users\Vernon\Documents\JM 08 Nov. 05 06.16.jpg
[2012/11/05 06:16:35 | 000,037,710 | ---- | C] () -- C:\Users\Vernon\Documents\JM 06 Nov. 05 06.16.jpg
[2012/11/05 06:16:13 | 000,049,079 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 06.16.jpg
[2012/11/05 06:15:49 | 000,033,977 | ---- | C] () -- C:\Users\Vernon\Documents\JM 03 Nov. 05 06.15.jpg
[2012/11/05 06:15:07 | 000,033,820 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 06.15.jpg
[2012/11/05 05:35:45 | 000,115,202 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 05.35.jpg
[2012/11/05 05:24:03 | 000,002,790 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 05.24.jpg
[2012/11/05 05:15:15 | 000,011,145 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 05.15.jpg
[2012/11/05 04:58:39 | 002,201,646 | ---- | C] () -- C:\Users\Vernon\Documents\Bell 3x.wav
[2012/11/05 04:32:40 | 004,163,098 | ---- | C] () -- C:\Users\Vernon\Documents\Bell Ring.wav
[2012/11/05 04:24:38 | 000,017,711 | ---- | C] () -- C:\Users\Vernon\Desktop\October 31, 2012.wlmp
[2012/11/05 04:13:58 | 000,009,990 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 04.13.jpg
[2012/11/05 00:33:08 | 000,166,007 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.33.jpg
[2012/11/05 00:29:19 | 000,017,515 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.29.jpg
[2012/11/05 00:15:50 | 000,023,227 | ---- | C] () -- C:\Users\Vernon\Documents\JM 13 Nov. 05 00.15.jpg
[2012/11/05 00:15:32 | 000,027,183 | ---- | C] () -- C:\Users\Vernon\Documents\JM 11 Nov. 05 00.15.jpg
[2012/11/05 00:15:03 | 000,022,556 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.15.jpg
[2012/11/05 00:09:24 | 000,018,124 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.09.jpg
[2012/11/05 00:08:39 | 000,017,821 | ---- | C] () -- C:\Users\Vernon\Documents\JM 07 Nov. 05 00.08.jpg
[2012/11/05 00:08:24 | 000,023,533 | ---- | C] () -- C:\Users\Vernon\Documents\JM 05 Nov. 05 00.08.jpg
[2012/11/05 00:08:06 | 000,018,788 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.08.jpg
[2012/11/05 00:07:37 | 000,013,185 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.07.jpg
[2012/11/05 00:06:58 | 000,138,255 | ---- | C] () -- C:\Users\Vernon\Documents\JM Nov. 05 00.06.jpg
[2012/11/02 07:57:51 | 000,676,646 | ---- | C] () -- C:\Users\Vernon\Documents\Texts to Susan.pdf
[2012/11/02 07:28:19 | 000,288,950 | ---- | C] () -- C:\Users\Vernon\Documents\Gmail - SMS with BOBBI HENRY CUNINGHAM - 2.pdf
[2012/11/02 07:24:33 | 000,207,580 | ---- | C] () -- C:\Users\Vernon\Documents\SMS with BOBBI HENRY CUNINGHAM - rockerrr64@gmail -1.pdf
[2012/10/31 08:40:36 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2012/10/31 06:43:46 | 000,147,205 | ---- | C] () -- C:\Users\Vernon\Documents\The Salvation Army expands work to 117 countries.pdf
[2012/10/31 06:41:59 | 000,056,968 | ---- | C] () -- C:\Users\Vernon\Documents\501c9b7e404d6.image.jpg
[2012/10/31 06:41:38 | 002,599,064 | ---- | C] () -- C:\Users\Vernon\Documents\New Caldwell lieutenant hopes to help as Salvation Army sees surge in need - Idaho Press-Tribune_ Members.pdf
[2012/10/31 06:36:36 | 000,091,093 | ---- | C] () -- C:\Users\Vernon\Documents\4e0d534bb21a7.image.jpg
[2012/10/31 06:35:52 | 002,212,130 | ---- | C] () -- C:\Users\Vernon\Documents\Recession hits hard at Caldwell Salvation Army - Idaho Press-Tribune_ News2.pdf
[2012/10/31 06:32:42 | 000,109,732 | ---- | C] () -- C:\Users\Vernon\Documents\Recession hits hard at Caldwell Salvation Army - Idaho Press-Tribune_ News.pdf
[2012/10/24 16:37:27 | 000,013,824 | ---- | C] () -- C:\Users\Vernon\Documents\Key Database.xlr
[2012/10/22 08:52:13 | 000,000,870 | ---- | C] () -- C:\Users\Vernon\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Undelete.lnk
[2012/10/21 08:55:05 | 000,005,409 | ---- | C] () -- C:\Users\Vernon\Documents\JPEG_000194.jpg.export.000001.jpg
[2012/10/21 08:52:22 | 000,000,264 | ---- | C] () -- C:\Users\Vernon\Documents\JPEG_000194.jpg.tif
[2012/10/19 20:15:18 | 003,327,000 | ---- | C] () -- C:\Users\Vernon\Desktop\WindowsXP-KB942288-v3-x86.exe
[2012/10/19 19:44:26 | 000,007,188 | ---- | C] () -- C:\Users\Vernon\Desktop\msiserver.reg
[2012/10/19 08:41:04 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2012/10/18 03:53:31 | 000,000,352 | ---- | C] () -- C:\Users\Vernon\Desktop\Phone Forensics.rtf
[2012/10/17 04:33:19 | 000,000,571 | ---- | C] () -- C:\Users\Vernon\Desktop\Free Photo and File Recovery Software.rtf
[2012/09/17 05:06:04 | 000,044,240 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2012/09/16 23:50:47 | 000,416,382 | ---- | C] () -- C:\Users\Vernon\AppData\Local\census.cache
[2012/09/16 23:50:01 | 000,337,899 | ---- | C] () -- C:\Users\Vernon\AppData\Local\ars.cache
[2012/09/16 23:17:30 | 000,000,036 | ---- | C] () -- C:\Users\Vernon\AppData\Local\housecall.guid.cache
[2012/08/28 16:49:10 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/08/27 09:08:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\diskio.dll
[2012/08/27 09:08:42 | 000,020,296 | ---- | C] () -- C:\Windows\System32\diskrw.dll
[2012/07/30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/07/11 16:47:37 | 000,002,189 | ---- | C] () -- C:\Users\Vernon\July Backup
[2012/07/06 15:02:27 | 000,017,408 | ---- | C] () -- C:\Users\Vernon\AppData\Local\WebpageIcons.db
[2012/07/06 15:01:15 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/07/06 15:01:15 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/07/02 18:06:11 | 000,003,400 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2012/07/02 18:06:11 | 000,002,008 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2012/07/01 18:21:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2012/07/01 18:21:43 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2012/07/01 18:21:43 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2012/07/01 18:21:43 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2012/07/01 18:21:43 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2012/07/01 18:21:42 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2012/07/01 18:21:01 | 000,831,600 | ---- | C] () -- C:\Windows\System32\Ctaa1.dat
[2012/07/01 18:21:01 | 000,122,880 | ---- | C] () -- C:\Windows\System32\cddvdint.dll
[2012/05/31 22:22:42 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/05/18 07:36:43 | 000,000,220 | -HS- | C] () -- C:\Windows\dwin.sys
[2012/05/07 08:01:46 | 000,000,188 | ---- | C] () -- C:\Windows\sc.INI
[2012/05/05 22:48:12 | 000,000,632 | RHS- | C] () -- C:\Users\Vernon\ntuser.pol
[2012/04/17 09:50:02 | 000,001,745 | ---- | C] () -- C:\Windows\IF40LE.INI
[2012/04/17 09:50:02 | 000,000,265 | ---- | C] () -- C:\Windows\PEXPLORE.INI
[2012/04/17 08:55:24 | 000,010,624 | ---- | C] () -- C:\Windows\System32\GENEUSB.SYS
[2012/04/17 08:37:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\fCommstr.dll
[2012/04/17 08:37:21 | 000,139,264 | ---- | C] () -- C:\Windows\System32\faspi32u.dll
[2012/04/17 08:37:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\Fmuscrl32.dll
[2012/04/17 08:37:21 | 000,031,232 | ---- | C] () -- C:\Windows\System32\FSCMD32u.dll
[2012/04/15 22:14:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/04/13 08:04:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/03/21 20:55:24 | 000,033,539 | ---- | C] () -- C:\Windows\System32\dischandler.exe
[2012/03/13 11:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/03/10 06:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/10 06:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/10 06:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/10 06:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/10 06:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/10 06:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/03/04 11:15:11 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2012/03/04 11:15:11 | 000,014,381 | ---- | C] () -- C:\Windows\Tw500c.ini
[2012/03/04 11:15:11 | 000,001,325 | ---- | C] () -- C:\Windows\Remove.ini
[2012/02/26 09:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/26 09:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/02/26 09:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/02/26 09:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/02/26 09:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/02/26 09:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/02/26 09:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/02/26 09:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/02/26 09:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/02/26 09:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/12/30 06:19:17 | 000,004,110 | ---- | C] () -- C:\ProgramData\aaukbyma.jmq
[2011/12/14 20:44:03 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/14 20:44:03 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/08 15:42:14 | 000,000,055 | ---- | C] () -- C:\Windows\System32\BRDH2240.DAT
[2011/12/07 12:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/12/02 10:24:28 | 000,910,920 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/12/02 10:24:27 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/12/02 10:24:07 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/11/29 01:37:17 | 000,000,345 | ---- | C] () -- C:\Windows\pagebreeze.ini
[2011/11/29 01:37:17 | 000,000,044 | ---- | C] () -- C:\Windows\formbreeze.ini
[2011/10/21 09:46:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\msrOnlern.dll
[2011/09/08 07:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 07:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 07:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 07:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 07:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 07:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 07:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 07:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 06:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 06:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/08/14 06:36:15 | 002,319,536 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2011/08/04 09:46:26 | 000,009,845 | ---- | C] () -- C:\Windows\System32\mswcnlope.dll
[2011/06/22 18:39:22 | 000,155,648 | ---- | C] () -- C:\Windows\System32\daspi32u.dll
[2011/06/22 18:39:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\PF1800LC.Dll
[2011/06/22 18:39:22 | 000,106,496 | ---- | C] () -- C:\Windows\System32\IO_PORT.DLL
[2011/06/22 18:39:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\FVC.DLL
[2011/06/22 18:39:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PWiaExt.dll
[2011/06/22 18:39:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\SQ1394.DLL
[2011/06/22 18:39:22 | 000,010,624 | ---- | C] () -- C:\Windows\System32\drivers\GENEUSB.SYS
[2011/06/22 18:39:21 | 000,000,234 | ---- | C] () -- C:\Windows\Scanner.ini
[2011/06/17 23:31:38 | 000,001,940 | ---- | C] () -- C:\Users\Vernon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/30 06:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 00:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/03/03 04:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 04:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 04:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011/02/18 07:08:39 | 000,159,744 | ---- | C] () -- C:\Windows\System32\msrcclopd.dll
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/10 08:35:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/14 16:47:57 | 003,799,951 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll
[2011/01/05 09:10:40 | 000,004,957 | ---- | C] () -- C:\ProgramData\gcmsfupc.omw
[2010/12/29 09:36:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe
[2010/09/13 06:59:19 | 000,000,000 | -H-- | C] () -- C:\Users\Vernon\AppData\Roaming\1 .exe
[2010/07/16 00:30:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/03/07 15:35:28 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2009/10/14 13:45:05 | 000,027,503 | ---- | C] () -- C:\Users\Vernon\AppData\Roaming\UserTile.png
[2009/09/28 09:24:11 | 000,035,716 | ---- | C] () -- C:\Users\Vernon\AppData\Roaming\wklnhst.dat
[2009/09/08 07:48:05 | 000,081,920 | ---- | C] () -- C:\Users\Vernon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/18 06:23:51 | 000,001,356 | ---- | C] () -- C:\Users\Vernon\AppData\Local\d3d9caps.dat
[2009/06/08 16:50:53 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/08/31 16:04:38 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Ad-Aware Antivirus
[2012/04/06 07:57:55 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Amrak phoneMiner
[2012/05/05 06:21:49 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\AnnVideo
[2012/05/31 05:45:47 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\AVG2012
[2012/10/19 10:22:19 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Azureus
[2010/12/30 03:28:27 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Blitware
[2012/11/07 13:21:16 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\CoreFTP
[2012/02/22 15:48:30 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Dekart
[2011/01/14 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Doblon
[2012/09/11 08:09:41 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\DocFetcher
[2012/02/25 17:00:38 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\DriverCure
[2011/12/27 10:44:50 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Easeware
[2012/07/22 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Foxit Software
[2012/10/22 08:52:12 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\GlarySoft
[2012/01/08 22:01:18 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Hermetic Systems
[2012/09/15 04:49:00 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\ICQ
[2012/04/09 15:49:36 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\InfraRecorder
[2012/07/01 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\InterVideo
[2012/09/11 08:09:41 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\iolo
[2012/09/16 01:04:48 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\IrfanView
[2012/09/09 06:32:22 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\iSpy
[2012/10/24 04:11:04 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\JPEGsnoop
[2011/01/08 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Leadertech
[2011/09/03 02:59:18 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\ManyCam
[2012/02/25 14:19:43 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Motorola
[2012/05/25 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Motorola Mobility
[2010/02/05 01:08:53 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\muvee Technologies
[2012/09/11 08:09:49 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\MyPhoneExplorer
[2011/01/22 19:06:47 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\NCH Swift Sound
[2012/04/13 08:04:45 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Netscape
[2012/08/07 23:52:48 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Nico Mak Computing
[2012/03/19 05:31:53 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\OxyForensic
[2012/04/04 11:05:02 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PACE Anti-Piracy
[2012/10/22 08:59:01 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PandoraRecovery
[2012/08/31 05:35:15 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PC Cleaners
[2012/08/28 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PC Suite
[2012/08/31 05:35:16 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PCPro
[2012/10/10 17:15:40 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PDAppFlex
[2009/10/14 13:45:04 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PeerNetworking
[2010/08/01 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Philipp Winterberg
[2011/07/29 20:09:46 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\PIE
[2011/01/21 13:36:01 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Recordpad
[2011/02/26 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Recover Files from CD
[2012/09/11 08:09:49 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\RipIt4Me
[2012/08/28 03:38:21 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Samsung
[2012/01/27 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Scooter Software
[2010/06/23 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Skinux
[2012/02/25 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\SpeedMaxPc
[2012/10/10 03:34:19 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\SpeedyPC Software
[2010/05/04 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\SumatraPDF
[2012/03/20 07:53:43 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Teleca
[2009/09/28 09:24:14 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Template
[2010/07/04 03:26:56 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Tific
[2012/04/04 11:14:15 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Unity
[2012/10/31 08:28:57 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\VideoDownloadToolbar
[2011/01/30 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Visan
[2012/01/02 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Wal-Mart
[2010/10/01 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\WalaSoft
[2009/09/29 07:09:39 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\WildTangent
[2010/05/18 08:21:11 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\WinBatch
[2010/10/29 12:47:23 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Windows Live Writer
[2011/12/27 10:15:21 | 000,000,000 | ---D | M] -- C:\Users\Vernon\AppData\Roaming\Xilisoft Corporation

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 361 bytes -> C:\ProgramData\Temp:8927A071
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:7631EA83
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:B468194E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:0CFE8F97
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C895616B
lilhurricane

lilhurricane

Numquam oblita

OTL Extras logfile created on: 11/11/2012 8:28:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vernon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 60.93% Memory free
6.07 Gb Paging File | 4.85 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 104.93 Gb Free Space | 36.54% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.36 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 306.75 Gb Free Space | 21.95% Space Free | Partition Type: NTFS
Drive G: | 14.83 Gb Total Space | 14.69 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
Drive H: | 7.20 Gb Total Space | 2.70 Gb Free Space | 37.45% Space Free | Partition Type: FAT32

Computer Name: BORCHLAP | User Name: Vernon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Search With DocFetcher] -- "C:\Program Files\DocFetcher\DocFetcher.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAC60C-2672-48E0-ACA6-4DEC2FB0F80A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{019545C4-A08C-4028-908F-0D69FE16B72E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0ECE9BDF-25A0-461E-AB0D-58D9CD461D82}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{0F015039-FDF3-4E9D-A5A9-9D013556E0D4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{10F8FBD5-17FF-4F05-B600-C2CC864342AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1234B341-60A7-4CDD-BF6D-5730E66BAE06}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{141900BE-9722-47BB-AB20-685AE966CCE3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{21970D97-F2DB-4482-8261-15B92F01A49A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{276E6098-D11C-4E32-A305-3741B7B58800}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29180F70-D60D-48A1-A6C1-F74631F606B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29B82B89-CA78-4E13-94A3-C84D433E0DC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36138AF4-9E56-4027-A519-88ECE865EF80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3D34C2F5-D27B-4F4D-B3CF-C9E6F578AD10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FD94ADF-34D2-44DA-BBAF-D6484B69B849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5337F961-B953-4B2D-909C-CC39225A5A4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7769F306-59AB-4C63-BE2A-2E0872CF5923}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7C8FCF86-654C-42CD-AD38-7CD8508BB20D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7C97D226-672F-43C9-BE5E-7A044E8EF9FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{813791A7-A19A-4587-985D-E3179F895473}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FFE8E99-2BF9-4384-9349-45FD31939BDE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9EA4EE33-B8BC-4667-892C-3351AEE799A6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A18A3B8B-2120-4758-9FC8-A51B9CFD4138}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A943A196-345D-4C80-9428-E69B4BD28464}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE60CF0D-4245-4F6C-B9C4-70239F7E6BFD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B23C7677-2959-4985-A920-8B1CBBCC8542}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B76A191D-079F-43C9-A3D6-05F10630B51B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{BBBAD1DD-8857-44F8-A887-2DC2A3051E0B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C086C503-2C4B-4BB1-887B-5E1D0C78B240}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C6E39FF0-F290-4E51-9F9F-6A043411FB17}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA386A2B-52DE-407D-A554-2D32C10613C9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CF048403-E5F5-4C92-AF8B-48707667FB48}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5A5B045-5BF2-4889-919F-2026DEF14E85}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{D6A5DF82-5CB5-49E5-8926-1F18DA8D3FCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A43FC9B-B258-4800-9460-65C35D387C7F}" = protocol=6 | dir=in | app=e:\install\data\disk1\setup.exe |
"{1572DB44-CC60-44E0-B30C-388E0F30DC17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A374CBB-ED2A-447D-9DEB-50FB168302CB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{1C38FE7E-A9CB-47D8-9230-40B70B78DDBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{213A9C4B-12E2-46B0-9B13-C343551362F3}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{21923D96-7BBE-4D23-BB69-173C37CE6435}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{267D9A4C-FE3D-4BCA-ADFF-F140B3EA0B4A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{2F726469-3E49-4DA8-8D7A-246F394B76DC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{3581255C-8169-48CF-B333-025D568A0F8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3599E17F-C86F-4E38-A669-D1B46621A80E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{3925617A-F39A-420C-922C-2F56571186A8}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{3F0FD20F-C8A4-4615-8D03-AD0E7A94239E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4204C6C5-0971-490D-ABF6-51EFCAB6058C}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{42E51E1F-DC9A-4267-A590-7357BD5CE5B9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4950CD00-6A81-47CE-92EC-8769053CE5E3}" = protocol=6 | dir=out | app=system |
"{49B486ED-3926-480A-8DE9-77FCA3138AC1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CA0B2B6-5387-42BE-B9FF-50E0BF506EB0}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{50BBA51A-9A76-4BF5-B3E5-9CDBDB4F2E54}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{615ECC4F-1CA3-40F7-ABFF-E1DC8DFB7DE0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{62E1E159-FE8A-420D-B104-2D3577659245}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{68B052F8-9FF0-49D8-B7E2-268DF1DA3574}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{76BF5AE0-3A1E-43B4-9DD0-56B132A7C696}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{78260F36-D9B8-4793-96B0-20198914F1ED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B99846C-AD69-4BBF-A87E-B43DD4940825}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7E20D794-BE7C-4433-8EFD-5885903B28A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82E4AAF2-D0EB-4B62-B33C-7FB97C1FE8E1}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{86FE496C-E7DF-4400-A96B-9C75A84A1DCB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B296D35-1E44-41C4-A71B-DC83392638D6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B3DF705-710C-4BAF-880A-8C2683BBDDCA}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{8C4F9ED0-723A-4563-8F6A-A29C994F7D01}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8D75A7F9-6E83-45E0-AD68-C52F97EB7B94}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8F473096-2234-4CF9-89FA-3182135019FE}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{96C94AD3-EF20-4F75-81D0-04485A8E50A4}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9D0965E4-C7B3-4019-91E2-D9F8043D6714}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{9DD900FD-2D66-4E81-845C-2704AB0BE340}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A2F467AA-8ABC-4546-BC9E-3434DD934E48}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{A81975D7-0A3A-491A-BE98-6CF798FC101E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B750C6B1-6E61-4161-97CE-367B813756CE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C22551B1-C5F3-4E1E-A72B-A97E4D941803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C48581DC-5FCB-4B13-9CA0-212FA8B57AFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C5C169AB-7FFF-4B85-98A6-51A0F93A8EE0}" = protocol=17 | dir=in | app=e:\install\data\disk1\setup.exe |
"{C82B77E8-8880-4F11-8EAD-05C767BB0D52}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C9B20943-F460-49CE-8BD2-DDCA91A394FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1974EC1-3E86-4C69-8B48-2ED4335F7A6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3B1F42C-6C5A-448E-A9B6-03D344447CEC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{D5C3CF72-8A61-435A-9F20-63EBFF253D6A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{D70D4DE1-FB0F-437C-8707-44D7837B0410}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC6A1091-0B45-41BB-9DBD-FB73AFDCFF48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E23EF910-0AC6-4524-8115-5DDDA47E7A36}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{E2CA1125-8C24-4F24-9DAF-D57F9D2B3BE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E87B4B2C-4767-4031-BE35-A5263743F7C0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{ED90C21C-21D5-4BF6-AC5B-1C1380FDB378}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{EF2D324D-896A-41C7-9A7F-69B2239C62A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F27AEBBA-D036-4F0C-B208-9142F433DC6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{00C60CAA-4DC2-47EA-804F-AB85BF4F9405}C:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe" = protocol=6 | dir=in | app=c:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe |
"TCP Query User{0CD7A314-38C3-47F2-85C7-A323C02D44CE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{20C1E791-5D47-4D6C-B0CC-C33188FD2D8E}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"TCP Query User{5363DD1E-2583-409F-8C31-B9645D04D2F0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{61127C2D-B86E-4748-8039-71755028DF00}C:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe" = protocol=6 | dir=in | app=c:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe |
"TCP Query User{6D82BF9B-0052-4CAF-9AE0-DD08BF5E9CEE}C:\program files\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files\unity\editor\unity.exe |
"TCP Query User{B8D239C6-F515-4915-8506-890238FB375E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D515B118-728A-4364-8FC8-B2C10BB0680E}C:\program files\ispy\ispy\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"UDP Query User{0102F8EF-4C6C-4636-9CCF-E6A88BD1732D}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"UDP Query User{1EF283DA-314D-4C0E-B83C-AD4B7BB4542C}C:\program files\ispy\ispy\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy\ispy.exe |
"UDP Query User{2B32E65B-4DCD-4C00-8923-32979C20FDDD}C:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe" = protocol=17 | dir=in | app=c:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe |
"UDP Query User{2E6FAD18-BDCD-4C63-89C0-6825370B94B9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4821F73A-DE80-4DE6-A4B1-C5B77BBB9C4D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{48EE39A8-6DC7-428D-8E58-3661ADC30934}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{86CB943A-3200-4665-8D27-9F5928057126}C:\program files\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files\unity\editor\unity.exe |
"UDP Query User{D3E473CA-9A8B-4F0B-8C74-61198F0C588B}C:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe" = protocol=17 | dir=in | app=c:\users\vernon\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{07473686-FC3A-4825-9CA9-97D269145F62}" = Motorola Phone Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09AFC8E1-0DDE-4C16-AA68-2E89365C73E9}" = CyberView for USB Film Scanner Multi-Language
"{0D9B75C0-3FC9-11D5-8617-00D0B707C2B6}" = Directory Report
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{0F764E1C-356E-4AA3-B0D7-6922E0329A18}" = Macrium Reflect - Free Edition
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1805BD6D-C441-4A1C-802D-AFF0232DAACD}" = A-Men Technologies USB-to-Serial
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{24A71701-4BFD-4228-97B3-7D739195EC67}" = Walmart Digital Photo Manager
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216030F0}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{279EE11A-F15B-481C-86E2-CBCFC806C573}" = Motorola Device Software Update
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2ED9AF15-5387-4C87-AE9C-3E4EC21FB0C2}_is1" = Twin Files Finder 2.0.10.0101
"{30AB2FCD-FBF2-4bed-4444-13E6A1468621}_is1" = Ann Video Converter 4.5.0
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150180}" = J2SE Runtime Environment 5.0 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{37CA4B50-EAA2-012B-AD81-000000000000}" = TurboTax 2009 widiper
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{422ACD79-EFB5-4FDE-8595-F52E295A8996}" = DataRobot Premium
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4CCE77B1-36E1-4A25-91BD-350A0B7C11DE}" = Chronotron Pro
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.30
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EA05D7F-5645-4068-A60F-0DCF8FBFD267}" = OLYMPUS Raw Codec
"{5F5623DF-7951-4D32-8897-73E0A6BC2AA7}" = Samsung PC Studio
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BB7612B-383F-422C-A605-EA0F4FB0FB7C}" = MagicBerry
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{874112D6-0C93-4A3A-944C-B3811505D5CD}" = BlueSoleil 6.4.314.3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime (Drop Down Deals) 1.10.01
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B0527BE-427B-459B-93B1-D30ED8CB4F93}" = Network Camera Recorder
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E73635A-C9F2-446F-BAC9-C4BDA395289A}" = Duplicate Image Finder
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943C384A-AD26-4D34-8319-A90033C09395}" = Myson Century USB Driver for Windows 98&ME
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{961FBA1C-C20F-463F-B9B1-30A2D96CC5E3}_is1" = MagicCute Data Recovery 2011.1
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE29CC62-C835-40FD-99C6-292F90D58DF8}" = TurboTax 2010 widiper
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BA0D764E-4256-4408-979B-6B1AEFCAE985}_is1" = Karaoke DVD Burner
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C25BCEA0-6770-4ABF-9BE4-C97EE27836E5}_is1" = Sanmaxi Sim Card Data Recovery 5.0.1
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3E35A8F-600C-4E7E-8AEE-AB4F6FA12F0C}" = Paraben's Dongle Manager
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEABB85A-22B9-4DEF-B881-51FEC54FD441}" = SIM Edit Tool
"{D05D9246-FB86-4C90-9287-516089E638E5}" = iPrint2Fax
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = EasyStudio 1.1.1
"{D543EE2B-11C2-4C51-89E8-EA52FC0DC97E}" = phoneMiner
"{D61F7835-65DF-4662-9A71-CD51F8FC0CE4}" = Desktop Notifier
"{D8FF6E29-36B4-474F-A88F-973087650C00}" = CyberView X - SF v1.18b
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.18.0001
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF11860-2158-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1ACEF2E-C3C0-43F5-A815-5F0BB968DA70}" = GSM SIM Utility 9.0
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69A76AA-71D9-4939-8EBB-8FC8BE22428D}" = Files Compare Tool
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF2AA69F-67E4-4721-89F9-04F4A177F9C5}" = Motorola Phone Tools
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F4D948ED-7D7E-4739-9F61-B938E8F9870B}" = Paraben's Device Seizure
"{F76F5379-BDF5-4668-9B7A-39E7E1EEA805}" = iSpy
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FDEBD5BC-A2DC-450D-908B-25F29842539D}" = TULP2G
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"8D434570B215F4E7650A004193A770DC9BD6DB58" = Windows Driver Package - Dekart (DEKART38) SmartCardReader (08/08/2011 1.1.6.1)
"9397EA7527D5597E900F76DDCF42A1DEDCBDC288" = Windows Driver Package - Dekart (DEKART38) SmartCardReader (11/21/2007 1.0.5.9)
"AbacastNode:11" = Abacast Distributed On-Demand
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"ABC Amber BlackBerry Editor" = ABC Amber BlackBerry Editor
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adventure Maker v4.4.0_is1" = Adventure Maker v4.4.0 (build1)
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Audacity_is1" = Audacity 1.2.6
"Avira UnErase Personal" = Avira UnErase Personal
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bad CD DVD Reader_is1" = Bad CD DVD Reader 1.0
"BeyondCompare3_is1" = Beyond Compare Version 3.3.3
"BFT" = BFT
"BlackBerryBackupExtractor" = BlackBerry Backup Extractor
"blekkotb" = Spam Free Search Bar
"Bojc9pspv_is1" = All In I Key-logger
"BurnToDisk_is1" = BurnToDisk version 1.0
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.28.0
"CCleaner" = CCleaner
"CD Reader_is1" = CD Reader 0.8.2.0
"CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1
"CDCopy" = CDCopy
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"CoreFTP" = Core FTP LE
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Daniusoft Digital Media to Mobile Phone Converter_is1" = Daniusoft Digital Media to Mobile Phone Converter(Build 2.4.1.1
"Data Doctor Recovery - SIM Card (Demo)" = Data Doctor Recovery - SIM Card (Demo)
"DBXTriever_is1" = DBXTriever 4.1
"Debut" = Debut Video Capture Software
"Dekart SIM Manager 2" = Dekart SIM Manager 2.8
"DivX Setup" = DivX Setup
"DocFetcher" = DocFetcher
"Doxillion" = Doxillion Document Converter
"DriverNavigator_is1" = DriverNavigator 2.7.3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EaseUS Data Recovery Wizard Free Edition 5.6.1_is1" = EaseUS Data Recovery Wizard Free Edition 5.6.1
"EASEUS Deleted File Recovery 3.0.1_is1" = EASEUS Deleted File Recovery 3.0.1
"Easy Index Generator" = Easy Index Generator
"ESET Online Scanner" = ESET Online Scanner v3
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.3.926
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"FaceDub" = FaceDub
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FlashLynx" = FlashLynx Video Download Software
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader_is1" = Foxit Reader
"Free MP3 Sound Recorder_is1" = Free MP3 Sound Recorder v1.9
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.02" = Freecorder 4.02 Application
"Glary Undelete_is1" = Glary Undelete 1.8.0.468
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"Homewatch Dslcam_is1" = HomeWatch Dslcam 2.0.9
"HP Photo Creations" = HP Photo Creations
"iCoolPlayer_is1" = iCoolPlayer 1.0
"if40leUninstall" = Presto! ImageFolio LE
"Index Files Search Words_is1" = Index Files Search Words 7.09
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = EasyStudio
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"InternetHelper1.5 Toolbar" = InternetHelper1.5 Toolbar
"iolo Search and Recover" = iolo Search and Recover
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"Kernel EML Viewer_is1" = Kernel EML Viewer ver 10.09.01
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"ManyCam" = ManyCam 2.6.30 (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.9
"MExplorer" = M-Explorer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
"MOBILedit! Forensic" = MOBILedit! Forensic 2.9
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"News Rover" = News Rover -- Usenet newsreader
"NST" = Norton Safe Web Lite
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Par-N-Rar" = Par-N-Rar 1.24
"Picture Doctor_is1" = Picture Doctor version 1.7
"Picture Style Editor" = Canon Utilities Picture Style Editor
"poker__live Toolbar" = poker live Toolbar
"PRGrep" = PRGrep
"Prism" = Prism Video File Converter
"QcDrv" = Labtec® Camera Driver
"Quick Search Box" = Google Quick Search Box
"RarZilla Free Unrar" = RarZilla Free Unrar
"Recover Files_is1" = Recover Files 3.29
"Recuva" = Recuva
"SIM editor" = SIM editor 4.0
"SimCardExplorer" = SimCardExplorer 1.1.2
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SoundCapture" = SoundCapture
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery v3.5
"SumatraPDF" = Sumatra PDF reader
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"ToneGen" = NCH Tone Generator
"ToolBox" = NCH Toolbox
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Unity" = Unity
"Unlocker" = Unlocker 1.9.1
"Video Download Button" = Video Download Button
"Video Download Toolbar_is1" = Video Download Toolbar 2.7.0.0
"VideoPad" = VideoPad Video Editor
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Walaoke" = Walaoke 2.11.1
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"Xilisoft Mobile Phone Manager" = Xilisoft Mobile Phone Manager
"Y!Decode" = Y!Decode 1.0.0
"Yahoo Message Archive Decoder" = Yahoo Message Archive Decoder 4.4
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"49b8d68351bac0d9" = CD Click i-Studio
"Abacast Distributed Live" = Abacast Distributed Live
"Google Chrome" = Google Chrome
"Password Recovery for AIM" = Password Recovery for AIM (remove only)
"Password Recovery for Google" = Password Recovery for Google (remove only)
"Password Recovery for Windows Live" = Password Recovery for Windows Live (remove only)
"TExtract 9" = TExtract 9
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/10/2012 10:12:23 AM | Computer Name = BorchLap | Source = Application Error | ID = 1000
Description = Faulting application BtTray.exe, version 5.4.314.0, time stamp 0x4bd6502f,
faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception
code 0xc0000005, fault offset 0x00047336, process id 0x1058, application start time
0x01cdbf4ba9a94501.

Error - 11/10/2012 8:34:30 PM | Computer Name = BorchLap | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EE7

Error - 11/10/2012 8:34:33 PM | Computer Name = BorchLap | Source = MatSvc | ID = 262152
Description = The MATS service encountered a failure when loading SAP. hr=0x80070002

SAP folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.32

Error - 11/10/2012 8:34:46 PM | Computer Name = BorchLap | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x80070002 .

Error - 11/11/2012 11:11:00 AM | Computer Name = BorchLap | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2012 11:16:11 AM | Computer Name = BorchLap | Source = Application Error | ID = 1000
Description = Faulting application BlueSoleilCS.exe, version 5.4.314.0, time stamp
0x4bfa52fe, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00a3fb99, process id 0x1450, application start time
0x01cdc01f669f7543.

Error - 11/11/2012 11:26:13 AM | Computer Name = BorchLap | Source = Application Error | ID = 1000
Description = Faulting application BlueSoleilCS.exe, version 5.4.314.0, time stamp
0x4bfa52fe, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0039fb99, process id 0xaec, application start time
0x01cdc020e26152b3.

Error - 11/11/2012 11:26:40 AM | Computer Name = BorchLap | Source = Application Error | ID = 1000
Description = Faulting application BlueSoleilCS.exe, version 5.4.314.0, time stamp
0x4bfa52fe, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x01c5fb99, process id 0x11e0, application start time
0x01cdc020f21651b3.

Error - 11/11/2012 11:26:50 AM | Computer Name = BorchLap | Source = Application Error | ID = 1000
Description = Faulting application BlueSoleilCS.exe, version 5.4.314.0, time stamp
0x4bfa52fe, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x01c4fb99, process id 0x1378, application start time
0x01cdc020f8099aa3.

Error - 11/11/2012 11:27:38 AM | Computer Name = BorchLap | Source = Application Error | ID = 1000
Description = Faulting application BtTray.exe, version 5.4.314.0, time stamp 0x4bd6502f,
faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception
code 0xc0000005, fault offset 0x00047336, process id 0x7f4, application start time
0x01cdc01f53370363.

[ Hewlett-Packard Events ]
Error - 8/30/2011 6:23:18 PM | Computer Name = BorchLap | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081130042256.xml
File not created by asset agent

Error - 11/15/2011 7:44:39 PM | Computer Name = BorchLap | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. Configurator

at Configurator.ConfiguratorClass.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 11/22/2011 7:54:53 PM | Computer Name = BorchLap | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111122045445.xml
File not created by asset agent

Error - 12/20/2011 7:19:06 PM | Computer Name = BorchLap | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121120041859.xml
File not created by asset agent

Error - 6/26/2012 8:33:34 PM | Computer Name = BorchLap | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061226063254.xml
File not created by asset agent

Error - 7/18/2012 8:28:48 AM | Computer Name = BorchLap | Source = Hewlett-Packard | ID = 0
Description =

[ Media Center Events ]
Error - 5/19/2012 3:10:18 PM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 4:48:08 PM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 10:56:28 PM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 12:19:55 PM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 8:55:32 AM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 5:53:16 AM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 7:16:54 AM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 12:36:44 AM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 2:21:35 AM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 12:18:12 PM | Computer Name = BorchLap | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/11/2012 11:14:16 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7009
Description =

Error - 11/11/2012 11:14:16 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2012 11:14:46 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7009
Description =

Error - 11/11/2012 11:14:46 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2012 11:16:53 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7009
Description =

Error - 11/11/2012 11:16:53 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2012 11:16:53 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7034
Description =

Error - 11/11/2012 11:26:23 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7034
Description =

Error - 11/11/2012 11:26:49 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7034
Description =

Error - 11/11/2012 11:26:59 AM | Computer Name = BorchLap | Source = Service Control Manager | ID = 7034
Description =
lilhurricane

lilhurricane

Numquam oblita

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a5e964cb98259f4cbd025a1ad161a980
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-17 11:04:42
# local_time=2012-09-17 05:04:42 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 8498247 8498247 0 0
# compatibility_mode=1280 16777215 100 0 4941884 4941884 0 0
# compatibility_mode=5892 16776574 100 100 8416634 184473785 0 0
# compatibility_mode=7425 16777213 50 92 2719061 138493929 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=121959
# found=14
# cleaned=14
# scan_time=13626
C:\Documents and Settings\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\78b01a8-65e85479 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2ee3da7e-71d5d0d3 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\AppData\Roaming\Mozilla\Firefox\Profiles\pxxbw2q2.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Desktop\Software\Progs for Thumb or CD\Photo and File Recovery\cnet_photorec5_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Documents\Vuze Downloads\Elcomsoft Blackberry Backup Explorer Professional v9.05.rar probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Cell Phone Software to Try\bbbe-latest.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Cell Phone Software to Try\cnet2_sc11a_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Cell Phone Software to Try\cnet2_SimCardExplorer_setup_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Cell Phone Software to Try\cnet2_smrecorder_installer_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Installed Software\cnet2_pgbreeze_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Installed Software\cnet2_setupscreenhunterfree_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Installed Software\cnet2_winamp563_full_emusic-7plus_en-us_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Vernon\Downloads\Installed Software\winamp563_full_emusic-7plus_en-us.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
lilhurricane

lilhurricane

Numquam oblita

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
iSpy
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Panda Cloud Cleaner
Java(TM) 6 Update 30
Java(TM) 6 Update 31
Java(TM) 6 Update 7
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.5.502.110
Adobe Reader 9 [color=red]Adobe Reader out of Date![/color]
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
[color=red]Ad-Aware AAWService.exe is disabled![/color]
[color=red]Ad-Aware AAWTray.exe is disabled![/color]
[color=red]Spybot Teatimer.exe is disabled![/color]
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro RUBotted RUBotSrv.exe
iolo Common Lib ioloServiceManager.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 8 % [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color]
[u]````````````````````End of Log``````````````````````[/u]

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to rockerrr

MVM

to rockerrr
First:
The OTL log shows a keylogger is installed ("Bojc9pspv_is1" = All In I Key-logger).

Did you install this program? If not, or were unaware that it was installed, then remove it via Add/Remove Programs (Program Features in Vista)

Second:
Use Add/Remove Programs (Program Features in Vista) to uininstall the items listed below. All are from Conduit are suspect for Adware and Trackware.

"blekkotb" = Spam Free Search Bar
"conduitEngine" = Conduit Engine
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.02" = Freecorder 4.02 Application
"InternetHelper1.5 Toolbar" = InternetHelper1.5 Toolbar
"poker__live Toolbar" = poker live Toolbar
Vuze_Remote Toolbar" = Vuze_Remote Toolbar

Third:
Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.
rockerrr
join:2012-11-11
Nampa, ID

rockerrr

Member

Thank you so much for your help.

I did install the All in One Keylogger, it is purchased software, but I have been suspicious of it. Do you know anything of it and whether it is safe or not? Norton 360, never worried about it after I said it was okay, but Kaspersky will not leave me alone about it.

Blekkotb I had to search for and found, through some work, was installed as Spam Free Search Bar. Freecorder Toolbar is not wanting to go away, uninstall fails....cannot open uninstall log. All of the others seemed to uninstall properly.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to rockerrr

MVM

to rockerrr
In general, all AV programs will report keyloggers. They have no way of knowing if it was installed by the user or by malware.

Since you purchased and installed the All in One Keylogger, there should be no issues with it. You will have to have Kaspersky allow it.

Please run OTL again, and post the new log in this thread. There will not be a new Extras log.

Several items have been removed by the programs you ran, and from my instructions. Will you please update me on the status of the problems.
rockerrr
join:2012-11-11
Nampa, ID

rockerrr

Member

Currently I have had several blue screen events and when I logged into the event viewer I notice hundreds of errors, none of which seem to have solutions from Microsoft when they are reported.

Also, I still cannot install software. When I try, I get an error that says something like Windows Installer Service could not be contacted and may not be installed correctly. I only tried to install because I knew that was one of the problems that seemed to start with this infection/trojan. In the past week, before I came to your help forum, I had received installation errors and then tried to re-install the windows installer, which did not work. I also tried to uninstall and then re-install the last service pack which was said to resolve the problem of the missing windows installer, and it did not fix the problem either. Apparently that problem still exists from some components that have been deleted.

Currently, I am still having big slow downs and the above errors, but that is an improvement.

I also still cannot uninstall the freecorder toolbar as it says that the uninstall file cannot be opened.

See the attached file OTL2.

Thanks
rockerrr

rockerrr

Member

does not look like the log posted, will repost here

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to rockerrr

MVM

to rockerrr
Thanks.

While there are a few leftovers remaining from the programs uninstalled, there are no other signs of active malware.

I suspect the blue screens, and other problems are the result of a corrupted Windows. At this point, beyond cleanup, there is nothing more that be done in this forum.

While you can try Microsoft Answers (»answers.microsoft.com/en-us), I would suggest you backup all pertinent data, then reformat and re-install.

Note: Of interest in the recent OTL log was this item:
O34 - HKLM BootExecute: (TULP2G.Protocol.OBEX)

That may have been part of the problem.
LoPhatPhuud

LoPhatPhuud to rockerrr

MVM

to rockerrr
Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
rockerrr
join:2012-11-11
Nampa, ID

rockerrr

Member

I am also experiencing long pauses, sometimes with hard drive activity and sometimes without. During this time, I cannot do anything including getting task manager to run. On the odd occasion when I have task manager already running, I see things with 30 to 40 % in the individual task, taking 100% processor. I have seen some other troubling things as well. Do you think that this is also due to windows damage? If so, would upgrading to seven accomplish the same thing as a re-install of vista? I have an upgrade, but have never installed. Thanks again for your help.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to rockerrr

MVM

to rockerrr
Yes, the additional symptom are indicative of a corrupted OS.

You never upgrade a corrupted OS, always a clean install. Windows 7 is the best course with a clean install.
Expand your moderator at work