1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Explorer.exe Problems after bootup

Discussion in 'Malware and Virus Removal Archive' started by wraithby, 2011/08/11.

  1. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    [Resolved] Explorer.exe Problems after bootup

    I was asked to post this problem in "Malware and Virus Removal ":

    After boot into Windows 7 Ultimate 64--I click on any icon on the desktop and it initializes the "user folder" on the desktop. The folder containing "my documents" "downloads" "my music" "my videos" etc.

    Usually I need to wait several minutes before I can click on a folder or icon and I can open. Sometimes I need to start the task manager and close explorer.exe and then restart it. Then I can access everything normally.

    I thought I had a trojan or a virus (running avira real time enabled, super anti-spyware and comodo firewall), I ran avira (the installed and the rescue disk version), malwarebytes, super antispyware and it came up clean.

    Any insights would be appreciated. Thanks. Log files follow in several posts:



    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7434

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    8/11/2011 9:25:44 AM
    mbam-log-2011-08-11 (09-25-44).txt

    Scan type: Quick scan
    Objects scanned: 187970
    Time elapsed: 3 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\wraithby\AppData\Local\Temp\done.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

    Kaspersky Rescue Disk Log:

    Status: Quarantined (events: 4)
    8/10/11 9:11 PM Quarantined virus HEUR:Trojan.Win32.Generic F:/$RECYCLE.BIN/S-1-5-21-2020176623-1789108150-1020894111-1001/$RLFO3ZM.exe//data0035.res//A48BD8~1.EXE High
    8/10/11 9:11 PM Quarantined virus HEUR:Trojan.Win32.Generic F:/$RECYCLE.BIN/S-1-5-21-2020176623-1789108150-1020894111-1001/$RLFO3ZM.exe//data0000.cab High
    8/10/11 9:11 PM Quarantined virus HEUR:Trojan.Win32.Generic F:/$RECYCLE.BIN/S-1-5-21-2020176623-1789108150-1020894111-1001/$RLFO3ZM.exe//data0035.res High
    8/10/11 9:11 PM Quarantined virus HEUR:Trojan.Win32.Generic F:/$RECYCLE.BIN/S-1-5-21-2020176623-1789108150-1020894111-1001/$RLFO3ZM.exe High
     
    wraithby,
    #1
  2. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    Explorer.exe Problems after bootup

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-11 13:56:19
    Windows 6.1.7601 Service Pack 1
    Running: no2nl9p6.exe


    ---- Files - GMER 1.0.15 ----

    File E:\Documents and Settings\Michael W\Application Data\Macromedia\Flash Player\#SharedObjects\G5CKQHV9\l3.image.member.21st.com.\picture 0 bytes
    File E:\Documents and Settings\Michael W\Application Data\Macromedia\Flash Player\#SharedObjects\G5CKQHV9\l3.image.member.21st.com.\picture\webimages 0 bytes
    File E:\Documents and Settings\Michael W\Application Data\Macromedia\Flash Player\#SharedObjects\G5CKQHV9\l3.image.member.21st.com.\picture\webimages\flowplayer.commercial-3.1.5.swf 0 bytes
    File E:\Documents and Settings\Michael W\Application Data\Macromedia\Flash Player\#SharedObjects\G5CKQHV9\l3.image.member.21st.com.\picture\webimages\flowplayer.commercial-3.1.5.swf\org.flowplayer.sol 67 bytes
    File E:\Documents and Settings\Michael W\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l3.image.member.21st.com.\settings.sol 100 bytes

    ---- EOF - GMER 1.0.15 ----

    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2011-08-11 14:03:14
    -----------------------------
    14:03:14.571 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:03:14.571 Number of processors: 2 586 0x203
    14:03:14.571 ComputerName: WRAITHBY-PC UserName: wraithby
    14:03:15.148 Initialize success
    14:11:37.145 AVAST engine defs: 11081101
    14:14:03.537 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:14:03.553 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
    14:14:03.553 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
    14:14:03.553 Disk 1 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
    14:14:03.569 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
    14:14:03.569 Disk 2 Vendor: WDC_WD1001FALS-00U9B0 05.00K05 Size: 953869MB BusType: 3
    14:14:05.612 Disk 1 MBR read successfully
    14:14:05.612 Disk 1 MBR scan
    14:14:05.628 Disk 1 Windows 7 default MBR code
    14:14:05.628 Service scanning
    14:14:06.969 Modules scanning
    14:14:06.969 Disk 1 trace - called modules:
    14:14:06.969 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    14:14:07.484 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800490d790]
    14:14:07.484 3 CLASSPNP.SYS[fffff8800162443f] -> nt!IofCallDriver -> [0xfffffa800490d040]
    14:14:07.500 5 Sahdad64.sys[fffff88001993e25] -> nt!IofCallDriver -> [0xfffffa8003aa69b0]
    14:14:07.500 7 ACPI.sys[fffff88000e397a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-2[0xfffffa8003ad0060]
    14:14:08.155 AVAST engine scan C:\Windows
    14:14:09.699 AVAST engine scan C:\Windows\system32
    14:15:37.543 AVAST engine scan C:\Windows\system32\drivers
    14:15:46.825 AVAST engine scan C:\Users\wraithby
    14:17:41.860 AVAST engine scan C:\ProgramData
    14:18:34.495 Scan finished successfully
    14:19:09.626 Disk 1 MBR has been saved successfully to "C:\Users\wraithby\Desktop\BBS Malware\MBR.dat "
    14:19:09.626 The log file has been saved successfully to "C:\Users\wraithby\Desktop\BBS Malware\aswMBR.txt "
     
    wraithby,
    #2


  3. to hide this advert.

  4. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    Explorer.exe Problems after bootup

    ASW Attach
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/7/2011 12:14:34 PM
    System Uptime: 8/11/2011 12:29:13 PM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M3A78-CM
    Processor: AMD Athlon(tm) 7750 Dual-Core Processor | AM2 | 2700/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 133 GiB total, 74.544 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 190.924 GiB free.
    E: is FIXED (NTFS) - 165 GiB total, 94.583 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 701.769 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()
    K: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP127: 8/9/2011 6:04:22 PM - Revo Uninstaller's restore point - Wondershare LiveBoot 2012 (Build 7.0.1)
    RP128: 8/9/2011 6:08:25 PM - Revo Uninstaller's restore point - Wondershare LiveBoot 2012 (Build 7.0.1)
    RP129: 8/10/2011 11:04:47 AM - Windows Update
    RP130: 8/10/2011 11:49:14 AM - Windows Update
    RP131: 8/10/2011 1:38:41 PM - Soluto
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    7-Zip 9.22beta
    Acoustica CD/DVD Label Maker
    Acoustica Photos Forever
    Active@ Hard Disk Monitor
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Advanced SystemCare 4
    Aiseesoft Streaming Video Recorder
    All My Books 2.5
    AnyDVD
    Apple Application Support
    Apple Software Update
    Ares 2.1.7
    ASUSUpdate
    Audacity 1.3.13 (Unicode)
    Avira AntiVir Personal - Free Antivirus
    calibre
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CloneDVD2
    CodeStuff Starter
    ConvertXtoDVD 4.1.19.365
    Cool & Quiet
    Creative Media Lite
    Creative Software Update
    Creative ZEN Stone Plus User's Guide
    Daniusoft Digital Music Converter(Build 2.6.2.1)
    Daniusoft Video Converter Ultimate(Build 3.1.1.0)
    Daum PotPlayer 1.5.28025
    EASEUS Data Recovery Wizard Professional 5.0.1
    EASEUS Todo Backup Free 2.5.1
    EasyBCD 2.0
    EasyCapture 1.2.0.0
    Epson Event Manager
    EPSON Scan
    EpsonNet Print
    EpsonNet Setup
    Everything 1.2.1.371
    File Extension Changer 3.3.1
    FormatFactory 2.70
    ImgBurn
    iReboot 1.1.0
    K-Lite Mega Codec Pack 7.2.8
    LAME v3.98.3 for Audacity
    LastPass (uninstall only)
    Lyrics Plugin for Windows Media Player
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 5.0 (x86 en-US)
    Mozilla Thunderbird (5.0)
    Mp3tag v2.49
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    NirSoft Wireless Network Watcher
    Nuance PaperPort 12
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OverDrive Media Console
    PC Probe II
    PC Wizard 2010.1.96
    Platform
    Playlist Creator 3.6.2
    PowerISO
    QuickTime
    Ralink RT2860 Wireless LAN Card
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Revo Uninstaller 1.92
    Rhapsody
    Roxio BackOnTrack
    Roxio BackOnTrackPE
    Roxio Burn - Secure
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Creator 2011 Pro
    Roxio PhotoShow
    Roxio Video Capture USB
    Sansa Updater
    Scansoft PDF Professional
    SDFormatter
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartSound Common Data
    SmartSound Quicktracks 5
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    USB Safely Remove 4.5
    VIA Platform Device Manager
    Wallpaper SlideShow LT 1.4.5
    WinPcap 4.1.2
    Xmarks for IE
    XnView 1.98
    XnView Shell Extension 3.1.0 (64bits)
    Yankee Clipper III
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/9/2011 11:33:38 AM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/8/2011 9:15:18 PM, Error: Service Control Manager [7022] - The Microsoft iSCSI Initiator Service service hung on starting.
    8/7/2011 8:49:27 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    8/7/2011 11:24:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    8/7/2011 11:21:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2011 10:17:29 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/7/2011 10:16:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    8/7/2011 10:16:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    8/7/2011 10:15:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/7/2011 10:15:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/7/2011 10:15:32 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\RAIHV.dll Error Code: 21
    8/7/2011 10:15:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/7/2011 10:15:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/7/2011 10:15:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO avipbb discache ElbyCDIO EUDSKACS SaibVdAd64 SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6
    8/4/2011 11:15:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
    8/4/2011 11:14:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
    8/4/2011 11:13:03 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/4/2011 11:13:03 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/4/2011 11:13:03 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/4/2011 11:13:03 AM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/4/2011 11:13:03 AM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/4/2011 11:13:03 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    8/11/2011 12:31:36 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    8/11/2011 12:30:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    8/11/2011 12:29:44 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    8/11/2011 12:29:40 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    .
    ==== End Of File =====================
     
    wraithby,
    #3
  5. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    Explorer.exe Problems after bootup--DDS log

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by wraithby at 14:27:27 on 2011-08-11
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2452 [GMT -4:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
    C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
    C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    C:\Windows\System32\svchost.exe -k PeerDist
    C:\Program Files\Preton\PretonSaver\PretonClientService.exe
    C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Users\wraithby\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files (x86)\Nuance\PDF Professional 5\PdfPro5Hook.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
    C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
    C:\Windows\System32\snmptrap.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\SAgent4.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\splwow64.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.drudgereport.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
    uRun: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q
    uRun: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SF3E4.tmp" /EF "HKCU "
    uRun: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [DiskMonitorAdmin] "C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe" hide
    uRun: [SansaDispatch] C:\Users\wraithby\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe
    mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 5\RegistryController.exe
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [Nuance PDF Professional 5-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Professional 5\Ereg\Ereg.ini "
    mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe "
    mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe "
    mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini "
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe "
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe "
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe "
    mRun: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe "
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    StartupFolder: C:\Users\wraithby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\Users\wraithby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YANKEE~1.LNK - C:\Program Files (x86)\YCIII\YankClip.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IREBOO~1.LNK - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: Open with Nuance PDF Converter 5.0 - C:\Program Files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll /100
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    TCP: DhcpNameServer = 192.168.10.1
    TCP: Interfaces\{91AD97C5-E472-4BA7-A2F1-84E64A6B93E8} : DhcpNameServer = 192.168.0.1 71.243.0.12
    TCP: Interfaces\{BA8D7F16-566F-4C4F-A407-A396D98DF2C7} : DhcpNameServer = 192.168.10.1
    TCP: Interfaces\{BA8D7F16-566F-4C4F-A407-A396D98DF2C7}\452554E444E65647635323 : DhcpNameServer = 192.168.10.1
    TCP: Interfaces\{BA8D7F16-566F-4C4F-A407-A396D98DF2C7}\8616C666D6163656 : DhcpNameServer = 192.168.0.1 71.243.0.12
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO-X64: LastPass Browser Helper Object - No File
    BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
    TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
    mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe
    mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 5\RegistryController.exe
    mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun-x64: [Nuance PDF Professional 5-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Professional 5\Ereg\Ereg.ini "
    mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe "
    mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe "
    mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini "
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe "
    mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe "
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe "
    mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe "
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://drudgereport.com/
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
    R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
    R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
    R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
    R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-17 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-17 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-5-4 146816]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
    R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-7-3 1123784]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-20 353168]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-6-17 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-6-17 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]
    R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-6-28 56200]
    R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-4-27 9216]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-17 366640]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-4 584488]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-1 2214504]
    R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-2-2 144672]
    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-9-10 142424]
    R2 PretonClientService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonClientService.exe [2011-2-2 91136]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-7-7 193888]
    R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-7-7 211808]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
    R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-6-7 539032]
    R3 EUDISK;EASEUS Disk Enumerator;\??\C:\Windows\system32\drivers\eudisk.sys --> C:\Windows\system32\drivers\eudisk.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
    S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-8-9 21480]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-10 20:33:01 -------- d-----w- C:\ProgramData\CA
    2011-08-10 18:00:06 -------- d-----w- C:\Users\wraithby\AppData\Roaming\Soluto
    2011-08-10 17:42:11 -------- d-----w- C:\Program Files\Soluto
    2011-08-10 17:38:33 -------- d-----w- C:\ProgramData\Soluto
    2011-08-10 15:04:25 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-08-10 15:02:48 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-08-10 15:01:53 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-08-10 14:40:23 -------- d-----w- C:\Program Files (x86)\CodeStuff
    2011-08-09 20:27:21 -------- d-----w- C:\ProgramData\Spotmau
    2011-08-09 20:26:37 -------- d-----w- C:\Program Files (x86)\Wondershare
    2011-08-09 16:36:54 114176 ----a-w- C:\Windows\SysWow64\PCWizard.cpl
    2011-08-09 16:36:54 -------- d-----w- C:\Windows\Java
    2011-08-09 16:36:51 -------- d-----w- C:\Program Files (x86)\CPUID
    2011-08-09 15:38:47 -------- d--h--w- C:\VritualRoot
    2011-08-09 15:31:11 -------- d-----w- C:\ProgramData\Comodo
    2011-08-07 01:42:28 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-08-07 01:42:28 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-08-07 01:42:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-08-07 01:42:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-08-07 01:42:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-08-07 01:42:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-08-07 01:42:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-08-03 19:34:37 -------- d-----w- C:\Program Files (x86)\Acoustica CD Label Maker
    2011-08-02 03:42:06 587776 ----a-w- C:\Users\wraithby\AppData\Roaming\7za.exe
    2011-07-29 16:36:32 -------- d-----w- C:\Users\wraithby\AppData\Roaming\WallpaperSS
    2011-07-29 16:36:30 -------- d-----w- C:\Program Files (x86)\WallpaperSS
    2011-07-28 10:27:17 138872 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
    2011-07-28 10:27:17 138872 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
    2011-07-28 00:23:39 131072 ----a-w- C:\Windows\SysWow64\SAgent4.exe
    2011-07-24 22:26:52 -------- d-----w- C:\Users\wraithby\AppData\Local\Apple Computer
    2011-07-24 22:26:27 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-07-24 22:26:27 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-07-24 22:26:27 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-07-24 22:25:56 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-07-24 22:25:56 -------- d-----w- C:\Program Files\iTunes
    2011-07-24 22:25:56 -------- d-----w- C:\Program Files\iPod
    2011-07-24 22:25:56 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-07-24 22:24:42 -------- d-----w- C:\Users\wraithby\AppData\Local\Apple
    2011-07-24 22:24:19 -------- d-----w- C:\Program Files\Bonjour
    2011-07-24 22:24:19 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-07-24 22:00:46 -------- d-----w- C:\Users\wraithby\AppData\Roaming\DVDFab
    2011-07-23 03:41:36 84992 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll
    2011-07-23 03:41:36 76288 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll
    2011-07-23 03:41:36 529920 ----a-w- C:\Windows\System32\VIASysFx.dll
    2011-07-23 03:41:36 242176 ----a-w- C:\Windows\System32\Dts2APO.dll
    2011-07-23 03:41:36 193024 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll
    2011-07-23 03:41:36 1235968 ----a-w- C:\Windows\System32\drivers\viahduaa.sys
    2011-07-23 03:41:36 1011712 ----a-w- C:\Windows\System32\VIAPropPageExt.dll
    2011-07-23 02:35:48 -------- d-----w- C:\Program Files (x86)\Common Files\Real
    2011-07-23 02:29:27 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
    2011-07-23 02:29:25 -------- d-----w- C:\Program Files (x86)\Rhapsody
    2011-07-21 19:01:19 -------- d-----w- C:\Users\wraithby\AppData\Roaming\NVIDIA
    2011-07-18 17:59:50 -------- d-----w- C:\Users\wraithby\AppData\Roaming\PotPlayerMini
    2011-07-18 17:59:50 -------- d-----w- C:\Users\wraithby\AppData\Local\Daum
    2011-07-18 17:52:01 -------- d-----w- C:\Program Files (x86)\Daum
    2011-07-17 14:30:52 -------- d-----w- C:\Program Files (x86)\SDA
    2011-07-17 14:29:39 -------- d-----w- C:\Users\wraithby\AppData\Local\Downloaded Installations
    2011-07-15 14:20:39 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E09B229-0D38-403C-A08B-2BB38B8C785C}\mpengine.dll
    2011-07-15 13:46:10 73728 ----a-w- C:\Program Files (x86)\Windows Media Player\plugins\np_plugin\np_plugin.dll
    2011-07-15 13:44:03 73728 ----a-w- C:\Program Files\Windows Media Player\plugins\np_plugin\np_plugin.dll
    2011-07-14 18:05:50 -------- d-----w- C:\Program Files (x86)\NirSoft
    2011-07-13 03:22:15 -------- d-----w- C:\Users\wraithby\AppData\Roaming\SanDisk
    .
    ==================== Find3M ====================
    .
    2011-08-09 21:45:02 363560 ----a-w- C:\Windows\System32\guard64.dll
    2011-08-09 21:44:58 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
    2011-08-09 21:44:52 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2011-08-09 21:44:51 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2011-08-09 21:44:50 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2011-07-29 17:06:58 273408 --sha-w- C:\EUMONBMP.SYS
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-01 00:36:36 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-06-24 14:44:30 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-16 18:00:00 83968 ----a-w- C:\Windows\System32\ff_vfw.dll
    2011-06-16 08:00:00 73216 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-14 23:58:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-13 20:38:31 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-06-13 20:38:31 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-07 19:12:32 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-06-07 19:12:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-06-02 00:10:30 644608 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-21 02:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ============= FINISH: 14:27:49.70 ===============
     
    wraithby,
    #4
  6. 2011/08/11
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #5
  7. 2011/08/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================

    I don't see much so far.

    Let's try something...
    Restart computer in Safe Mode and see if you have same issue there.
     
    broni,
    #6
  8. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    Thanks for having a look.

    Same behavior in safe mode. Click on any desktop folder or program icon and I get the "user" folder.

    I discovered I can use task manager to start "explorer.exe" and I have normal access to folders and programs immediately. (There is one instance of explorer.exe running in the task manager on boot)
     
    wraithby,
    #7
  9. 2011/08/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    Explorer.exe Problems after bootup-CombFix log

    ComboFix 11-08-11.03 - wraithby 08/11/2011 20:47:44.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2342 [GMT -4:00]
    Running from: c:\users\wraithby\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\wraithby\AppData\Roaming\7za.exe
    c:\users\wraithby\AppData\Roaming\a.7z
    c:\users\wraithby\AppData\Roaming\Google\Update\1
    c:\users\wraithby\AppData\Roaming\Google\Update\1\SD\s.txt
    c:\users\wraithby\Desktop\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-12 00:53 . 2011-08-12 00:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-08-12 00:53 . 2011-08-12 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-11 23:56 . 2011-08-12 00:08 -------- d-----w- c:\users\wraithby\AppData\Local\Deployment
    2011-08-10 20:33 . 2011-08-10 20:33 -------- d-----w- c:\programdata\CA
    2011-08-10 18:00 . 2011-08-10 18:00 -------- d-----w- c:\users\wraithby\AppData\Roaming\Soluto
    2011-08-10 17:42 . 2011-08-11 00:03 -------- d-----w- c:\program files\Soluto
    2011-08-10 17:38 . 2011-08-11 00:03 -------- d-----w- c:\programdata\Soluto
    2011-08-10 15:02 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
    2011-08-10 15:01 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-10 14:40 . 2011-08-10 14:40 -------- d-----w- c:\program files (x86)\CodeStuff
    2011-08-09 20:27 . 2011-08-09 20:27 -------- d-----w- c:\programdata\Spotmau
    2011-08-09 20:26 . 2011-08-09 22:04 -------- d-----w- c:\program files (x86)\Wondershare
    2011-08-09 16:36 . 2011-08-09 16:36 -------- d-----w- c:\windows\Java
    2011-08-09 16:36 . 2010-08-22 17:48 114176 ----a-w- c:\windows\SysWow64\PCWizard.cpl
    2011-08-09 16:36 . 2011-08-09 16:36 -------- d-----w- c:\program files (x86)\CPUID
    2011-08-07 01:42 . 2011-08-07 01:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-08-07 01:42 . 2011-08-07 01:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-08-07 01:42 . 2011-08-07 01:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-08-07 01:42 . 2011-08-07 01:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-08-07 01:42 . 2011-08-07 01:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-08-07 01:42 . 2011-08-07 01:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-08-07 01:42 . 2011-08-07 01:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-08-07 01:41 . 2011-08-07 01:42 -------- d-----w- c:\program files (x86)\QuickTime
    2011-08-03 19:34 . 2011-08-03 19:37 -------- d-----w- c:\program files (x86)\Acoustica CD Label Maker
    2011-07-29 16:36 . 2011-07-29 16:36 -------- d-----w- c:\users\wraithby\AppData\Roaming\WallpaperSS
    2011-07-29 16:36 . 2011-07-29 16:36 -------- d-----w- c:\program files (x86)\WallpaperSS
    2011-07-28 10:27 . 2011-07-28 10:27 138872 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
    2011-07-28 10:27 . 2011-07-28 10:27 138872 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-07-28 00:23 . 2006-12-20 04:14 131072 ----a-w- c:\windows\SysWow64\SAgent4.exe
    2011-07-24 22:26 . 2011-07-24 23:55 -------- d-----w- c:\users\wraithby\AppData\Local\Apple Computer
    2011-07-24 22:26 . 2011-07-24 22:28 -------- d-----w- c:\users\wraithby\AppData\Roaming\Apple Computer
    2011-07-24 22:26 . 2011-07-24 22:26 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-07-24 22:26 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-07-24 22:26 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2011-07-24 22:26 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2011-07-24 22:25 . 2011-07-24 22:26 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-07-24 22:25 . 2011-07-24 22:26 -------- d-----w- c:\program files\iTunes
    2011-07-24 22:25 . 2011-07-24 22:26 -------- d-----w- c:\program files (x86)\iTunes
    2011-07-24 22:25 . 2011-07-24 22:25 -------- d-----w- c:\program files\iPod
    2011-07-24 22:24 . 2011-07-24 22:25 -------- d-----w- c:\programdata\Apple Computer
    2011-07-24 22:24 . 2011-07-24 22:24 -------- d-----w- c:\users\wraithby\AppData\Local\Apple
    2011-07-24 22:24 . 2011-07-24 22:24 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-07-24 22:24 . 2011-07-24 22:24 -------- d-----w- c:\program files\Common Files\Apple
    2011-07-24 22:24 . 2011-07-24 22:24 -------- d-----w- c:\program files\Bonjour
    2011-07-24 22:24 . 2011-07-24 22:24 -------- d-----w- c:\program files (x86)\Bonjour
    2011-07-24 22:24 . 2011-07-24 22:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-07-24 22:24 . 2011-07-24 22:24 -------- d-----w- c:\programdata\Apple
    2011-07-24 22:00 . 2011-07-24 22:00 -------- d-----w- c:\users\wraithby\AppData\Roaming\DVDFab
    2011-07-23 03:41 . 2009-08-17 23:20 1235968 ----a-w- c:\windows\system32\drivers\viahduaa.sys
    2011-07-23 03:41 . 2009-08-17 21:58 529920 ----a-w- c:\windows\system32\VIASysFx.dll
    2011-07-23 03:41 . 2009-08-17 18:18 1011712 ----a-w- c:\windows\system32\VIAPropPageExt.dll
    2011-07-23 03:41 . 2009-06-01 14:10 242176 ----a-w- c:\windows\system32\Dts2APO.dll
    2011-07-23 03:41 . 2009-03-04 20:42 84992 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
    2011-07-23 03:41 . 2009-01-20 01:32 76288 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
    2011-07-23 03:41 . 2009-01-20 01:32 193024 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
    2011-07-23 02:35 . 2011-07-23 02:36 -------- d-----w- c:\program files (x86)\Common Files\Real
    2011-07-23 02:29 . 2002-11-12 16:22 569397 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
    2011-07-23 02:29 . 2011-07-23 02:35 -------- d-----w- c:\program files (x86)\Rhapsody
    2011-07-21 19:01 . 2011-07-21 19:01 -------- d-----w- c:\users\wraithby\AppData\Roaming\NVIDIA
    2011-07-18 17:59 . 2011-07-18 17:59 -------- d-----w- c:\users\wraithby\AppData\Roaming\PotPlayerMini
    2011-07-18 17:59 . 2011-07-18 17:59 -------- d-----w- c:\users\wraithby\AppData\Local\Daum
    2011-07-18 17:52 . 2011-07-18 17:52 -------- d-----w- c:\program files (x86)\Daum
    2011-07-17 14:30 . 2011-07-17 14:30 -------- d-----w- c:\program files (x86)\SDA
    2011-07-17 14:29 . 2011-07-17 14:29 -------- d-----w- c:\users\wraithby\AppData\Local\Downloaded Installations
    2011-07-15 14:20 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E09B229-0D38-403C-A08B-2BB38B8C785C}\mpengine.dll
    2011-07-15 13:46 . 2011-07-15 13:42 73728 ----a-w- c:\program files (x86)\Windows Media Player\plugins\np_plugin\np_plugin.dll
    2011-07-15 13:44 . 2011-07-15 13:42 73728 ----a-w- c:\program files\Windows Media Player\plugins\np_plugin\np_plugin.dll
    2011-07-14 18:05 . 2011-07-14 18:05 -------- d-----w- c:\program files (x86)\NirSoft
    2011-07-13 03:22 . 2011-07-13 03:22 -------- d-----w- c:\users\wraithby\AppData\Roaming\SanDisk
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-16 04:26 . 2011-08-10 15:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-07-06 23:52 . 2011-06-17 21:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 23:52 . 2011-06-17 21:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-01 00:36 . 2011-06-17 19:50 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-01 00:36 . 2011-06-17 19:50 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-30 04:36 . 2011-06-30 04:36 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-06-24 14:44 . 2011-07-06 16:33 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2011-06-16 18:00 . 2011-07-06 16:34 83968 ----a-w- c:\windows\system32\ff_vfw.dll
    2011-06-16 08:00 . 2011-07-06 16:33 73216 ----a-w- c:\windows\SysWow64\ff_vfw.dll
    2011-06-14 23:58 . 2011-06-07 20:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-13 20:38 . 2006-07-11 22:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-06-13 20:38 . 2003-03-19 00:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-06-11 21:33 . 2011-06-11 21:33 53248 ----a-r- c:\users\wraithby\AppData\Roaming\Microsoft\Installer\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}\ARPPRODUCTICON.exe
    2011-06-07 19:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-07 19:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-06-07 17:45 . 2011-06-07 17:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-06-07 17:45 . 2011-06-07 17:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-06-07 17:45 . 2011-06-07 17:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-06-07 17:45 . 2011-06-07 17:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-06-07 17:45 . 2011-06-07 17:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-06-07 17:45 . 2011-06-07 17:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-06-07 17:45 . 2011-06-07 17:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-06-07 17:45 . 2011-06-07 17:45 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-06-07 17:45 . 2011-06-07 17:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-06-07 17:45 . 2011-06-07 17:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-06-07 17:45 . 2011-06-07 17:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-06-07 17:45 . 2011-06-07 17:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-06-07 17:45 . 2011-06-07 17:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-06-07 17:45 . 2011-06-07 17:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-06-07 17:45 . 2011-06-07 17:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-06-07 17:45 . 2011-06-07 17:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-06-07 17:45 . 2011-06-07 17:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-07 17:45 . 2011-06-07 17:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-07 17:45 . 2011-06-07 17:45 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-07 17:45 . 2011-06-07 17:45 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-07 17:45 . 2011-06-07 17:45 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-07 17:45 . 2011-06-07 17:45 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-07 17:45 . 2011-06-07 17:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-07 17:45 . 2011-06-07 17:45 448512 ----a-w- c:\windows\system32\html.iec
    2011-06-07 17:45 . 2011-06-07 17:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-06-07 17:45 . 2011-06-07 17:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-07 17:45 . 2011-06-07 17:45 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-06-07 17:45 . 2011-06-07 17:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-07 17:45 . 2011-06-07 17:45 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-07 17:45 . 2011-06-07 17:45 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-06-07 17:45 . 2011-06-07 17:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-07 17:45 . 2011-06-07 17:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-07 17:45 . 2011-06-07 17:45 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-06-07 17:45 . 2011-06-07 17:45 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-06-07 17:45 . 2011-06-07 17:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-07 17:45 . 2011-06-07 17:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-06-02 00:10 . 2011-07-06 16:33 644608 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2011-05-25 06:09 . 2011-02-23 05:38 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-05-25 06:09 . 2011-02-23 05:39 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-05-25 06:09 . 2011-02-23 05:38 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-05-25 06:09 . 2011-02-23 05:38 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-05-25 06:09 . 2011-07-01 13:38 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-05-25 06:09 . 2011-07-01 13:38 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-05-25 06:09 . 2011-02-23 05:39 739432 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-05-25 06:09 . 2011-02-23 05:39 6300776 ----a-w- c:\windows\system32\nvcpl.dll
    2011-05-25 06:09 . 2009-07-13 21:59 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-05-25 06:09 . 2011-07-01 13:38 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-05-25 06:09 . 2011-07-01 13:38 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-05-25 06:09 . 2011-02-23 06:58 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-05-25 06:09 . 2011-07-01 13:38 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-05-25 06:09 . 2011-07-01 13:38 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-05-25 06:09 . 2011-07-01 13:38 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-05-25 06:09 . 2011-07-01 13:38 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
    2011-05-25 06:09 . 2011-07-01 13:38 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
    2011-05-25 06:09 . 2011-07-01 13:38 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-05-25 06:09 . 2011-07-01 13:38 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-05-25 06:09 . 2011-07-01 13:38 7123560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-05-25 06:09 . 2011-07-01 13:38 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-05-25 06:09 . 2011-07-01 13:38 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-05-25 06:09 . 2011-07-01 13:38 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-05-25 06:09 . 2011-07-01 13:38 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-05-25 06:09 . 2011-07-01 13:38 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-05-25 06:09 . 2011-07-01 13:38 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-05-25 06:09 . 2011-02-23 06:58 2644584 ----a-w- c:\windows\system32\nvapi64.dll
    2011-05-24 23:14 . 2011-06-07 16:46 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 11:42 . 2011-06-30 14:12 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:40 . 2011-06-30 14:12 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:40 . 2011-06-30 14:12 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:39 . 2011-06-30 14:12 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37 . 2011-06-30 14:12 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2011-05-21 02:35 . 2011-05-21 02:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xmarks "= "c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2011-02-05 1092808]
    "USB Safely Remove "= "c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-28 1802584]
    "ISUSPM "= "c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-11 5466496]
    "DiskMonitorAdmin "= "c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe" [2009-04-23 3835384]
    "SansaDispatch "= "c:\users\wraithby\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-07-13 79872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDFHook "= "c:\program files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-03-15 1626112]
    "PDF5 Registry Controller "= "c:\program files (x86)\Nuance\PDF Professional 5\RegistryController.exe" [2008-02-02 58656]
    "SSBkgdUpdate "= "c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
    "Nuance PDF Professional 5-reminder "= "c:\program files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
    "EEventManager "= "c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "IndexSearch "= "c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-09-10 44120]
    "PaperPort PTD "= "c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-09-10 27736]
    "PPort12reminder "= "c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]
    "GrooveMonitor "= "c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "RoxWatchTray "= "c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
    "CPMonitor "= "c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
    "TkBellExe "= "c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-06-13 273544]
    "avgnt "= "c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "HDAudDeck "= "c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
    "EaseUs Watch "= "c:\program files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
    "EaseUs Tray "= "c:\program files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-26 733576]
    "iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Malwarebytes' Anti-Malware "= "c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "Everything "= "c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
    .
    c:\users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-6-7 576000]
    Yankee Clipper III.lnk - c:\program files (x86)\YCIII\YankClip.exe [2011-6-7 1368064]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    iReboot 1.1.0.lnk - c:\program files (x86)\NeoSmart Technologies\iReboot\iReboot.exe [2008-4-27 205312]
    Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-7-7 7485792]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=" "
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
    S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
    S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
    S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
    S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-03 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-08-03 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 139648]
    S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200]
    S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-04-23 1123784]
    S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
    S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
    S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
    S2 iReboot;iReboot Background Service;c:\program files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-04 584488]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
    S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 144672]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-09-10 142424]
    S2 PretonClientService;PretonSaver;c:\program files\Preton\PretonSaver\PretonClientService.exe [2011-02-02 91136]
    S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2010-06-28 211808]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe [2011-01-28 539032]
    S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 79900398-367b-4ae2-bf93-60d5b5761ad5.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-03 23:40]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]
    "PretonClient "= "c:\program files\Preton\PretonSaver\PretonClient.exe" [2011-02-02 2576896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.drudgereport.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
    IE: Open with Nuance PDF Converter 5.0 - c:\program files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll /100
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    FF - ProfilePath - c:\users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://drudgereport.com/
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-(Default) - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*a*n*k*i*n*g* *&* *I*n*v*e*s*t*i*n*g* *&* *T*a*x*e*s*
    \Banks]
    "Order "=hex:08,00,00,00,02,00,00,00,28,03,00,00,01,00,00,00,05,00,00,00,aa,00,
    00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,cd,5b,7f,20,00,43,49,54,49,5a,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*a*n*k*i*n*g* *&* *I*n*v*e*s*t*i*n*g* *&* *T*a*x*e*s*
    \Mutual Funds]
    "Order "=hex:08,00,00,00,02,00,00,00,a2,03,00,00,01,00,00,00,06,00,00,00,80,00,
    00,00,01,00,00,00,72,00,32,00,84,00,00,00,00,c5,2a,e1,20,00,44,52,45,59,46,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*r*
    \Car Price]
    "Order "=hex:08,00,00,00,02,00,00,00,76,05,00,00,01,00,00,00,07,00,00,00,a4,00,
    00,00,00,00,00,00,96,00,32,00,84,00,00,00,00,62,f4,ec,20,00,31,53,54,41,44,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*r*
    \Maps-driving directions]
    "Order "=hex:08,00,00,00,02,00,00,00,d0,03,00,00,01,00,00,00,07,00,00,00,76,00,
    00,00,00,00,00,00,68,00,32,00,84,00,00,00,00,b2,16,4d,20,00,47,4f,4f,47,4c,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*t*h*o*l*i*c* *s*i*t*e*s*
    \Apolegetics]
    "Order "=hex:08,00,00,00,02,00,00,00,64,09,00,00,01,00,00,00,0e,00,00,00,f8,00,
    00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,e0,6a,b1,20,00,43,41,54,48,4f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*t*h*o*l*i*c* *s*i*t*e*s*
    \Catholic and Christian reference works]
    "Order "=hex:08,00,00,00,02,00,00,00,f8,05,00,00,01,00,00,00,0a,00,00,00,7a,00,
    00,00,00,00,00,00,6c,00,32,00,84,00,00,00,00,20,10,2f,20,00,42,49,42,4c,45,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*t*h*o*l*i*c* *s*i*t*e*s*
    \Catholic literary]
    "Order "=hex:08,00,00,00,02,00,00,00,4c,05,00,00,01,00,00,00,08,00,00,00,ae,00,
    00,00,00,00,00,00,a0,00,32,00,84,00,00,00,00,19,cb,58,20,00,41,44,32,30,30,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*t*h*o*l*i*c* *s*i*t*e*s*
    \Catholic Merchandise]
    "Order "=hex:08,00,00,00,02,00,00,00,7e,02,00,00,01,00,00,00,03,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,c5,f8,92,20,00,48,54,54,50,2d,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*t*h*o*l*i*c* *s*i*t*e*s*
    \Churches & Prayer]
    "Order "=hex:08,00,00,00,02,00,00,00,e8,06,00,00,01,00,00,00,0c,00,00,00,98,00,
    00,00,00,00,00,00,8a,00,32,00,84,00,00,00,00,c1,a0,8c,20,00,48,4f,4c,59,54,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*t*h*o*l*i*c* *s*i*t*e*s*
    \Institutional]
    "Order "=hex:08,00,00,00,02,00,00,00,bc,02,00,00,01,00,00,00,04,00,00,00,8a,00,
    00,00,00,00,00,00,7c,00,32,00,84,00,00,00,00,61,b8,43,20,00,41,52,43,48,44,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*a*t*h*o*l*i*c* *s*i*t*e*s*
    \Trad Sites]
    "Order "=hex:08,00,00,00,02,00,00,00,7a,08,00,00,01,00,00,00,0e,00,00,00,f8,00,
    00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,6e,80,7b,20,00,43,43,4c,2d,43,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*n*s*e*r*v*a*t*i*v*e*
    \Conservative Orgs]
    "Order "=hex:08,00,00,00,02,00,00,00,8e,09,00,00,01,00,00,00,0e,00,00,00,e0,00,
    00,00,00,00,00,00,d2,00,32,00,84,00,00,00,00,a4,55,34,20,00,43,41,50,49,54,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*o*n*s*e*r*v*a*t*i*v*e*
    \Mass. Conservative]
    "Order "=hex:08,00,00,00,02,00,00,00,0e,02,00,00,01,00,00,00,03,00,00,00,7e,00,
    00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,fc,e9,bb,20,00,4d,41,53,53,52,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\E*n*t*e*r*t*a*i*n*m*e*n*t*
    \Movies]
    "Order "=hex:08,00,00,00,02,00,00,00,46,04,00,00,01,00,00,00,07,00,00,00,4e,00,
    00,00,00,00,00,00,40,00,31,00,00,00,00,00,00,d4,ed,fa,10,00,58,00,30,00,08,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\E*n*t*e*r*t*a*i*n*m*e*n*t*
    \Movies\X]
    "Order "=hex:08,00,00,00,02,00,00,00,72,05,00,00,01,00,00,00,07,00,00,00,f8,00,
    00,00,04,00,00,00,ea,00,32,00,84,00,00,00,00,c9,0a,de,20,00,41,44,55,4c,54,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\E*n*t*e*r*t*a*i*n*m*e*n*t*
    \TV listings]
    "Order "=hex:08,00,00,00,02,00,00,00,62,02,00,00,01,00,00,00,04,00,00,00,80,00,
    00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,f1,47,af,20,00,47,49,53,54,54,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\G*o*v*e*r*n*m*e*n*t*
    \Fed Gov]
    "Order "=hex:08,00,00,00,02,00,00,00,02,05,00,00,01,00,00,00,07,00,00,00,cc,00,
    00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,5c,ce,e9,20,00,31,39,39,35,5f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\G*o*v*e*r*n*m*e*n*t*
    \State and Local]
    "Order "=hex:08,00,00,00,02,00,00,00,bc,08,00,00,01,00,00,00,0d,00,00,00,aa,00,
    00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,5c,be,9d,20,00,43,49,54,59,4f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*e*g*a*l*
    \BPL]
    "Order "=hex:08,00,00,00,02,00,00,00,9a,01,00,00,01,00,00,00,03,00,00,00,9e,00,
    00,00,00,00,00,00,90,00,32,00,84,00,00,00,00,64,2f,6a,20,00,42,50,4c,2d,51,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*e*g*a*l*
    \Federal]
    "Order "=hex:08,00,00,00,02,00,00,00,9c,02,00,00,01,00,00,00,04,00,00,00,7c,00,
    00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,7b,08,7c,20,00,43,55,4c,54,4f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*e*g*a*l*
    \General Legal Research]
    "Order "=hex:08,00,00,00,02,00,00,00,b0,05,00,00,01,00,00,00,09,00,00,00,a8,00,
    00,00,00,00,00,00,9a,00,32,00,84,00,00,00,00,33,b1,9f,20,00,41,4d,45,52,49,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*e*g*a*l*
    \Massachusetts]
    "Order "=hex:08,00,00,00,02,00,00,00,be,02,00,00,01,00,00,00,04,00,00,00,d6,00,
    00,00,00,00,00,00,c8,00,32,00,84,00,00,00,00,0f,b2,57,20,00,42,4f,41,52,44,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*b*r*a*r*i*e*s*
    \BPL]
    "Order "=hex:08,00,00,00,02,00,00,00,9a,01,00,00,01,00,00,00,03,00,00,00,9e,00,
    00,00,01,00,00,00,90,00,32,00,84,00,00,00,00,ad,1d,f8,20,00,42,50,4c,2d,51,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*s*c*
    \Computer maintenance]
    "Order "=hex:08,00,00,00,02,00,00,00,f6,11,00,00,01,00,00,00,1b,00,00,00,dc,00,
    00,00,00,00,00,00,ce,00,32,00,84,00,00,00,00,68,da,03,20,00,2d,43,4f,4d,50,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*s*c*
    \Dog sites]
    "Order "=hex:08,00,00,00,02,00,00,00,ba,04,00,00,01,00,00,00,06,00,00,00,c4,00,
    00,00,00,00,00,00,b6,00,32,00,84,00,00,00,00,0e,2c,17,20,00,43,52,4f,57,4e,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*s*c*
    \Free Software]
    "Order "=hex:08,00,00,00,02,00,00,00,a8,0b,00,00,01,00,00,00,11,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,11,d6,08,20,00,41,4c,4c,49,45,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*s*c*
    \Postal, UPS & Fedex Tracking]
    "Order "=hex:08,00,00,00,02,00,00,00,8a,03,00,00,01,00,00,00,06,00,00,00,76,00,
    00,00,05,00,00,00,68,00,32,00,84,00,00,00,00,04,46,70,20,00,46,45,44,45,58,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*s*c*
    \Telephone]
    "Order "=hex:08,00,00,00,02,00,00,00,70,04,00,00,01,00,00,00,06,00,00,00,ce,00,
    00,00,01,00,00,00,c0,00,32,00,84,00,00,00,00,9e,ca,67,20,00,35,35,35,2d,31,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\N*e*w*s*p*a*p*e*r*s* *&* *m*a*g*a*z*i*n*e*s*
    \International]
    "Order "=hex:08,00,00,00,02,00,00,00,e8,02,00,00,01,00,00,00,04,00,00,00,9e,00,
    00,00,00,00,00,00,90,00,32,00,84,00,00,00,00,d2,41,90,20,00,45,4c,45,43,54,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\N*e*w*s*p*a*p*e*r*s* *&* *m*a*g*a*z*i*n*e*s*
    \Local Newspapers]
    "Order "=hex:08,00,00,00,02,00,00,00,8c,05,00,00,01,00,00,00,09,00,00,00,86,00,
    00,00,00,00,00,00,78,00,32,00,84,00,00,00,00,f6,ba,21,20,00,42,4f,53,54,4f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\N*e*w*s*p*a*p*e*r*s* *&* *m*a*g*a*z*i*n*e*s*
    \Magazines]
    "Order "=hex:08,00,00,00,02,00,00,00,f6,01,00,00,01,00,00,00,04,00,00,00,76,00,
    00,00,00,00,00,00,68,00,31,00,00,00,00,00,00,ec,da,29,10,00,43,4f,4e,53,45,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\N*e*w*s*p*a*p*e*r*s* *&* *m*a*g*a*z*i*n*e*s*
    \Magazines\Conservative mags]
    "Order "=hex:08,00,00,00,02,00,00,00,5e,0a,00,00,01,00,00,00,11,00,00,00,88,00,
    00,00,00,00,00,00,7a,00,32,00,84,00,00,00,00,fb,f0,ce,20,00,41,4d,45,52,49,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\N*e*w*s*p*a*p*e*r*s* *&* *m*a*g*a*z*i*n*e*s*
    \Magazines\Lib Mags]
    "Order "=hex:08,00,00,00,02,00,00,00,54,03,00,00,01,00,00,00,05,00,00,00,90,00,
    00,00,00,00,00,00,82,00,32,00,84,00,00,00,00,72,fd,22,20,00,4e,45,57,59,4f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\N*e*w*s*p*a*p*e*r*s* *&* *m*a*g*a*z*i*n*e*s*
    \Misc. News]
    "Order "=hex:08,00,00,00,02,00,00,00,d2,02,00,00,01,00,00,00,05,00,00,00,6e,00,
    00,00,00,00,00,00,60,00,32,00,84,00,00,00,00,4a,37,9a,20,00,43,4e,4e,43,4f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\N*e*w*s*p*a*p*e*r*s* *&* *m*a*g*a*z*i*n*e*s*
    \National Newspapers]
    "Order "=hex:08,00,00,00,02,00,00,00,72,03,00,00,01,00,00,00,05,00,00,00,9e,00,
    00,00,00,00,00,00,90,00,32,00,84,00,00,00,00,69,c2,ad,20,00,46,52,4f,4e,54,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\R*e*f*e*r*e*n*c*e*
    \Dictionaries]
    "Order "=hex:08,00,00,00,02,00,00,00,ca,02,00,00,01,00,00,00,04,00,00,00,82,00,
    00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,e9,41,69,20,00,4f,58,46,4f,52,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* *O*n*l*i*n*e*
    \Books]
    "Order "=hex:08,00,00,00,02,00,00,00,7a,06,00,00,01,00,00,00,09,00,00,00,70,00,
    00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,70,38,11,20,00,41,62,65,62,6f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* *O*n*l*i*n*e*
    \CDS DVDS]
    "Order "=hex:08,00,00,00,02,00,00,00,d8,04,00,00,01,00,00,00,05,00,00,00,ec,00,
    00,00,04,00,00,00,de,00,32,00,84,00,00,00,00,1d,f0,ae,20,00,41,4d,41,5a,4f,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* *O*n*l*i*n*e*
    \Computer]
    "Order "=hex:08,00,00,00,02,00,00,00,a8,02,00,00,01,00,00,00,03,00,00,00,ac,00,
    00,00,00,00,00,00,9e,00,32,00,84,00,00,00,00,e5,d1,fb,20,00,41,58,49,4f,4e,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* *O*n*l*i*n*e*
    \Ebay Paypal]
    "Order "=hex:08,00,00,00,02,00,00,00,ca,01,00,00,01,00,00,00,03,00,00,00,aa,00,
    00,00,00,00,00,00,9c,00,32,00,84,00,00,00,00,55,d4,95,20,00,45,42,41,59,2d,\
    .
    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*h*o*p*p*i*n*g* *O*n*l*i*n*e*
    \prices & reviews]
    "Order "=hex:08,00,00,00,02,00,00,00,66,07,00,00,01,00,00,00,0b,00,00,00,78,00,
    00,00,00,00,00,00,6a,00,32,00,84,00,00,00,00,94,ad,a8,20,00,42,4f,54,54,4f,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
    c:\program files (x86)\Ralink\Common\RaRegistry.exe
    c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
    c:\windows\SysWOW64\SAgent4.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-11 21:01:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-12 01:01
    .
    Pre-Run: 77,734,952,960 bytes free
    Post-Run: 77,747,675,136 bytes free
    .
    - - End Of File - - 05E3CA1D8A040CEA6BEACFE
     
    wraithby,
    #9
  11. 2011/08/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not much there....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #10
  12. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    OTL Extras logfile created on: 8/11/2011 10:07:48 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\wraithby\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.49% Memory free
    8.00 Gb Paging File | 6.28 Gb Available in Paging File | 78.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 133.15 Gb Total Space | 77.87 Gb Free Space | 58.49% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 190.92 Gb Free Space | 40.99% Space Free | Partition Type: NTFS
    Drive E: | 164.94 Gb Total Space | 93.72 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
    Drive F: | 931.51 Gb Total Space | 701.98 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 95.43 Gb Free Space | 20.49% Space Free | Partition Type: NTFS
    Drive J: | 14.87 Gb Total Space | 9.35 Gb Free Space | 62.87% Space Free | Partition Type: FAT32
    Drive L: | 3.74 Gb Total Space | 2.93 Gb Free Space | 78.50% Space Free | Partition Type: FAT32

    Computer Name: WRAITHBY-PC | User Name: wraithby | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hta[@ = XnView.Image] -- C:\Program Files (x86)\XnView\xnview.exe (XnView, http://www.xnview.com)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .hta [@ = XnView.Image] -- C:\Program Files (x86)\XnView\xnview.exe (XnView, http://www.xnview.com)

    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
    Directory [Change Extension(s)] -- "C:\Program Files (x86)\File Extension Changer\File Extension Changer.exe" %1 (Abhishek)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
    Directory [Change Extension(s)] -- "C:\Program Files (x86)\File Extension Changer\File Extension Changer.exe" %1 (Abhishek)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01EE7C23-1993-4AC7-9032-7052E3462EB1}" = Nuance PDF Professional 5
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
    "{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AB1CF8F1-C0B8-4EDD-B5B1-E6B19B6CBCA4}" = PretonSaver Home Edition
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
    "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.7.0
    "MediaInfo" = MediaInfo 0.7.47
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{3A9FE5C3-799E-4E41-AF4E-943F9BC4C4BD}_is1" = All My Books 2.5
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
    "{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{58A49B80-2595-4C9D-B3EB-261E68A2C4D1}_is1" = Wallpaper SlideShow LT 1.4.5
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
    "{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
    "{BF52A2EB-92BB-473E-9070-9E7BBF568791}" = Active@ Hard Disk Monitor
    "{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
    "{C3379132-291E-4B3D-B1FE-BCFAD8157B46}" = Xmarks for IE
    "{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{E0B33E1E-9C0C-49A9-83A1-292DB457B7AB}" = Nuance PaperPort 12
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{FD6B234C-34F2-46DD-856B-A81C0A09538B}" = calibre
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
    "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
    "7-Zip" = 7-Zip 9.22beta
    "Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
    "Acoustica Photos Forever" = Acoustica Photos Forever
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced SystemCare 4_is1" = Advanced SystemCare 4
    "Aiseesoft Streaming Video Recorder_is1" = Aiseesoft Streaming Video Recorder
    "AnyDVD" = AnyDVD
    "Ares" = Ares 2.1.7
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CloneDVD2" = CloneDVD2
    "CodeStuff Starter" = CodeStuff Starter
    "Creative Media Lite" = Creative Media Lite
    "Daniusoft Digital Music Converter_is1" = Daniusoft Digital Music Converter(Build 2.6.2.1)
    "Daniusoft Video Converter Ultimate_is1" = Daniusoft Video Converter Ultimate(Build 3.1.1.0)
    "EASEUS Data Recovery Wizard Professional 5.0.1_is1" = EASEUS Data Recovery Wizard Professional 5.0.1
    "EASEUS Todo Backup Free 2.5.1_is1" = EASEUS Todo Backup Free 2.5.1
    "EasyBCD" = EasyBCD 2.0
    "EasyCapture_is1" = EasyCapture 1.2.0.0
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "Everything" = Everything 1.2.1.371
    "File Extension Changer_is1" = File Extension Changer 3.3.1
    "FormatFactory" = FormatFactory 2.70
    "ImgBurn" = ImgBurn
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "iReboot" = iReboot 1.1.0
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.8
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
    "Mp3tag" = Mp3tag v2.49
    "NirSoft Wireless Network Watcher" = NirSoft Wireless Network Watcher
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PC Wizard 2010_is1" = PC Wizard 2010.1.96
    "Playlist Creator 3.6.2" = Playlist Creator 3.6.2
    "PotPlayer" = Daum PotPlayer 1.5.28025
    "PowerISO" = PowerISO
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.92
    "Rhapsody" = Rhapsody
    "Roxio PhotoShow" = Roxio PhotoShow
    "TomTom HOME" = TomTom HOME 2.8.2.2264
    "USB Safely Remove_is1" = USB Safely Remove 4.5
    "uTorrent" = µTorrent
    "WinPcapInst" = WinPcap 4.1.2
    "XnView Shell Extension_is1" = XnView Shell Extension 3.1.0 (64bits)
    "XnView_is1" = XnView 1.98
    "Yankee Clipper III" = Yankee Clipper III
    "ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1421258916-798663230-501031145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "07140e809c2bb6df" = IPFilter Updater
    "LastPass" = LastPass (uninstall only)
    "Sansa Updater" = Sansa Updater

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/11/2011 10:02:42 AM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    Error - 8/11/2011 5:15:09 PM | Computer Name = wraithby-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time
    stamp: 0x4ce7abf9 Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp:
    0x4a8929b1 Exception code: 0xc0000005 Fault offset: 0x000000000005d272 Faulting process
    id: 0x14a4 Faulting application start time: 0x01cc586bbe85b3b4 Faulting application
    path: C:\Windows\system32\AUDIODG.EXE Faulting module path: C:\Windows\system32\VIASysFx.dll
    Report
    Id: fe11be15-c45e-11e0-9bfa-002215d0eb18

    Error - 8/11/2011 7:22:55 PM | Computer Name = wraithby-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time
    stamp: 0x4ce7abf9 Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp:
    0x4a8929b1 Exception code: 0xc0000005 Fault offset: 0x000000000005d272 Faulting process
    id: 0x894 Faulting application start time: 0x01cc587d9710bf03 Faulting application
    path: C:\Windows\system32\AUDIODG.EXE Faulting module path: C:\Windows\system32\VIASysFx.dll
    Report
    Id: d6fb8b80-c470-11e0-9bfa-002215d0eb18

    Error - 8/11/2011 7:25:48 PM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    Error - 8/11/2011 7:48:09 PM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    Error - 8/11/2011 8:12:07 PM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    Error - 8/11/2011 8:40:29 PM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    Error - 8/11/2011 8:54:04 PM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    Error - 8/11/2011 9:02:32 PM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    Error - 8/11/2011 9:16:28 PM | Computer Name = wraithby-PC | Source = PretonSaver | ID = 0
    Description = Failed to process session change. System.Runtime.Remoting.RemotingException:
    Failed to connect to an IPC Port: The system cannot find the file specified. Server
    stack trace: at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String
    portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)

    at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
    portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout) at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
    msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&
    responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage
    msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at Preton.RemoteDef.IPr...

    [ System Events ]
    Error - 8/6/2011 8:01:06 PM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/7/2011 6:33:54 AM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 8/7/2011 6:34:25 AM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/7/2011 9:23:26 AM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 8/7/2011 9:23:57 AM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/7/2011 8:00:49 PM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 8/7/2011 8:01:20 PM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/7/2011 8:49:27 PM | Computer Name = wraithby-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 8/7/2011 9:19:10 PM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 8/7/2011 9:19:41 PM | Computer Name = wraithby-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.


    < End of report >
     
    wraithby,
    #11
  13. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    OTL logfile created on: 8/11/2011 10:07:48 PM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\wraithby\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.49% Memory free
    8.00 Gb Paging File | 6.28 Gb Available in Paging File | 78.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 133.15 Gb Total Space | 77.87 Gb Free Space | 58.49% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 190.92 Gb Free Space | 40.99% Space Free | Partition Type: NTFS
    Drive E: | 164.94 Gb Total Space | 93.72 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
    Drive F: | 931.51 Gb Total Space | 701.98 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 95.43 Gb Free Space | 20.49% Space Free | Partition Type: NTFS
    Drive J: | 14.87 Gb Total Space | 9.35 Gb Free Space | 62.87% Space Free | Partition Type: FAT32
    Drive L: | 3.74 Gb Total Space | 2.93 Gb Free Space | 78.50% Space Free | Partition Type: FAT32

    Computer Name: WRAITHBY-PC | User Name: wraithby | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/11 22:04:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\wraithby\Desktop\OTL.exe
    PRC - [2011/07/12 23:22:39 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\wraithby\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/30 20:36:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/06/13 16:38:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/04/25 20:27:44 | 000,733,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
    PRC - [2011/04/22 18:26:18 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
    PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
    PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2011/02/05 10:55:48 | 001,092,808 | ---- | M] (Xmarks.com) -- C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
    PRC - [2011/01/28 02:12:38 | 001,802,584 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
    PRC - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    PRC - [2010/08/25 12:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
    PRC - [2010/07/28 19:00:48 | 007,485,792 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
    PRC - [2010/06/28 10:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    PRC - [2009/09/10 00:53:10 | 000,027,736 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    PRC - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    PRC - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2009/04/23 09:58:38 | 003,835,384 | ---- | M] ( LSoft Technologies Inc) -- C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe
    PRC - [2009/04/23 09:36:58 | 001,123,784 | ---- | M] (LSoft Technologies Inc) -- C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
    PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2008/03/15 11:55:24 | 001,626,112 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 5\PdfPro5Hook.exe
    PRC - [2008/02/02 02:20:34 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
    PRC - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
    PRC - [2006/12/20 00:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    PRC - [2005/03/10 19:58:06 | 001,368,064 | ---- | M] (inteleXual.com) -- C:\Program Files (x86)\YCIII\YankClip.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/11 22:04:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\wraithby\Desktop\OTL.exe
    MOD - [2010/12/19 00:03:42 | 000,318,976 | ---- | M] (Preton Ltd.) -- C:\Program Files\Preton\PretonSaver\PT32.dll
    MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/11 19:47:58 | 000,139,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2011/02/02 01:02:42 | 000,091,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/30 20:36:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
    SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
    SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011/01/28 02:12:42 | 000,539,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
    SRV - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
    SRV - [2010/07/16 06:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
    SRV - [2010/07/16 06:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
    SRV - [2010/06/28 10:51:00 | 000,211,808 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
    SRV - [2010/06/28 10:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
    SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/10 00:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
    SRV - [2009/04/23 09:36:58 | 001,123,784 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
    SRV - [2008/04/27 07:49:06 | 000,009,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe -- (iReboot)
    SRV - [2008/02/02 02:20:34 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
    SRV - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2006/12/20 00:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/03 19:40:39 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
    DRV:64bit: - [2011/08/03 19:40:38 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
    DRV:64bit: - [2011/07/28 06:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/06/30 20:36:36 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/06/30 20:36:36 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011/04/22 18:26:12 | 000,042,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
    DRV:64bit: - [2011/04/22 18:26:10 | 000,026,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eufs.sys -- (EUFS)
    DRV:64bit: - [2011/04/22 18:26:08 | 000,017,800 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
    DRV:64bit: - [2011/04/22 18:26:06 | 000,036,232 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
    DRV:64bit: - [2011/04/22 18:26:04 | 000,193,928 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\eudisk.sys -- (EUDISK)
    DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/09/19 10:01:36 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
    DRV:64bit: - [2010/09/19 10:01:36 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
    DRV:64bit: - [2010/09/19 10:01:36 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
    DRV:64bit: - [2010/09/19 10:01:36 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
    DRV:64bit: - [2010/09/19 10:01:36 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
    DRV:64bit: - [2010/06/29 09:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/08/17 19:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/02 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
    DRV:64bit: - [2009/06/02 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
    DRV:64bit: - [2009/06/02 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2011/07/28 06:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1421258916-798663230-501031145-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
    IE - HKU\S-1-5-21-1421258916-798663230-501031145-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-1421258916-798663230-501031145-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 C5 45 98 3C 25 CC 01 [binary data]
    IE - HKU\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1421258916-798663230-501031145-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com "
    FF - prefs.js..browser.search.defaultenginename: "Ask.com "
    FF - prefs.js..browser.search.order.1: "Ask.com "
    FF - prefs.js..browser.search.selectedEngine: "Google "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://drudgereport.com/ "


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/06 21:42:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/06 21:42:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011/06/20 12:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wraithby\AppData\Roaming\Mozilla\Extensions
    [2011/06/07 16:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wraithby\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/06/20 12:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wraithby\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2011/08/02 09:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\extensions
    [2011/06/19 15:01:51 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011/08/02 09:26:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/07/13 18:23:43 | 000,000,000 | ---D | M] ( "Xmarks ") -- C:\Users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\extensions\foxmarks@kei.com
    [2011/06/21 19:13:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\extensions\support@lastpass.com
    [2011/06/08 20:18:32 | 000,004,140 | ---- | M] () -- C:\Users\wraithby\AppData\Roaming\Mozilla\Firefox\Profiles\emzj8p8o.default\searchplugins\youtube.xml
    [2011/06/07 15:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) --
    () (No name found) -- C:\USERS\WRAITHBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EMZJ8P8O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\WRAITHBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EMZJ8P8O.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
    [2011/06/22 08:43:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/08/11 20:55:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [PretonClient] C:\Program Files\Preton\PretonSaver\PretonClient.exe (Preton Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe ()
    O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1001..\Run: [DiskMonitorAdmin] C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitor.exe ( LSoft Technologies Inc)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1001..\Run: [SansaDispatch] C:\Users\wraithby\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1001..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1001..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1421258916-798663230-501031145-1003..\RunOnce: [mctadmin] File not found
    O4 - Startup: C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yankee Clipper III.lnk = C:\Program Files (x86)\YCIII\YankClip.exe (inteleXual.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1421258916-798663230-501031145-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1421258916-798663230-501031145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-21-1421258916-798663230-501031145-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1421258916-798663230-501031145-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 5.0 - C:\Program Files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll ()
    O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - C:\Program Files (x86)\Nuance\PDF Professional 5\cnvres_eng.dll ()
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1421258916-798663230-501031145-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-1421258916-798663230-501031145-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/04/10 02:51:13 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/11 22:03:57 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\wraithby\Desktop\OTL.exe
    [2011/08/11 21:03:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/08/11 21:01:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/08/11 20:46:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/08/11 20:46:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/08/11 20:46:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/08/11 20:46:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/08/11 20:36:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/08/11 20:14:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/08/11 19:56:57 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\David Moore
    [2011/08/11 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Local\Deployment
    [2011/08/11 14:07:44 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\BBS Malware
    [2011/08/10 16:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
    [2011/08/10 14:00:06 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Soluto
    [2011/08/10 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
    [2011/08/10 13:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
    [2011/08/10 12:34:16 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\James Kelly
    [2011/08/10 10:40:24 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeStuff Starter
    [2011/08/10 10:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeStuff
    [2011/08/09 16:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spotmau
    [2011/08/09 16:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
    [2011/08/09 12:36:54 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
    [2011/08/09 12:36:54 | 000,000,000 | ---D | C] -- C:\Windows\Java
    [2011/08/09 12:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2011/08/09 12:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID
    [2011/08/06 21:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/08/06 21:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/08/06 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Voegelin Absolute Space and Relativity
    [2011/08/06 11:26:20 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Misc E-Books
    [2011/08/03 15:34:50 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica CD Label Maker
    [2011/08/03 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica CD Label Maker
    [2011/08/01 23:42:07 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Google
    [2011/07/29 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\WallpaperSS
    [2011/07/29 12:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Slideshow
    [2011/07/29 12:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WallpaperSS
    [2011/07/28 06:27:17 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys
    [2011/07/28 06:27:17 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys
    [2011/07/24 18:26:52 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Apple Computer
    [2011/07/24 18:26:52 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Local\Apple Computer
    [2011/07/24 18:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/07/24 18:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2011/07/24 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/07/24 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/07/24 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/07/24 18:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2011/07/24 18:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2011/07/24 18:24:42 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Local\Apple
    [2011/07/24 18:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2011/07/24 18:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/07/24 18:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/07/24 18:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/07/24 18:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2011/07/24 18:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2011/07/24 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\DVDFab
    [2011/07/24 09:47:49 | 000,000,000 | ---D | C] -- F:\My Documents\FormatFactory
    [2011/07/24 09:40:14 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
    [2011/07/23 14:41:53 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Boys Of The Lough
    [2011/07/22 23:41:36 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
    [2011/07/22 23:41:36 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
    [2011/07/22 23:29:17 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\VIA audio 7400a
    [2011/07/22 22:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
    [2011/07/22 22:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
    [2011/07/22 22:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhapsody
    [2011/07/22 21:24:45 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Mary Black
    [2011/07/22 20:54:36 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\REDO
    [2011/07/22 20:11:09 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Matt Molloy&Sean Keane
    [2011/07/22 15:13:53 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Joe Heaney
    [2011/07/22 13:46:01 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Patrick Street
    [2011/07/21 17:13:10 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\James Galway and the Chieftains S1
    [2011/07/21 15:01:19 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\NVIDIA
    [2011/07/20 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Joe & the Gabe_ Songs & Music of Galway
    [2011/07/20 12:37:53 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Maire Ni Cheidigh
    [2011/07/18 13:59:50 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\PotPlayerMini
    [2011/07/18 13:59:50 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Local\Daum
    [2011/07/18 13:52:03 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
    [2011/07/18 13:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
    [2011/07/18 13:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
    [2011/07/17 10:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
    [2011/07/17 10:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
    [2011/07/17 10:29:39 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Local\Downloaded Installations
    [2011/07/16 09:40:29 | 000,000,000 | ---D | C] -- C:\Users\wraithby\Desktop\Eric Voegelin Audio
    [2011/07/14 14:05:50 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
    [2011/07/14 14:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
    [2011/07/12 23:22:50 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
    [2011/07/12 23:22:15 | 000,000,000 | ---D | C] -- C:\Users\wraithby\AppData\Roaming\SanDisk
     
    wraithby,
    #12
  14. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    OTL Log file continued

    ========== Files - Modified Within 30 Days ==========

    [2011/08/11 22:08:19 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/08/11 22:08:19 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/08/11 22:06:17 | 002,321,890 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/08/11 22:06:17 | 000,702,362 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2011/08/11 22:06:17 | 000,651,768 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2011/08/11 22:06:17 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/08/11 22:06:17 | 000,130,068 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2011/08/11 22:06:17 | 000,129,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2011/08/11 22:06:17 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/08/11 22:04:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\wraithby\Desktop\OTL.exe
    [2011/08/11 22:00:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/08/11 22:00:18 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/11 20:55:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/08/11 20:14:34 | 247,456,893 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/08/11 18:58:26 | 001,016,033 | ---- | M] () -- C:\Users\wraithby\Desktop\90563738,NST1024.pdf
    [2011/08/10 13:42:54 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2011/08/10 13:17:46 | 000,870,128 | ---- | M] () -- C:\Users\wraithby\AppData\Roaming\mcs.rma
    [2011/08/10 13:17:46 | 000,000,004 | ---- | M] () -- C:\Users\wraithby\AppData\Roaming\F571D8
    [2011/08/10 12:52:45 | 000,244,528 | ---- | M] () -- C:\Users\wraithby\AppData\Local\rx_audio.Cache
    [2011/08/10 10:40:25 | 000,002,162 | ---- | M] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\CodeStuff Starter.lnk
    [2011/08/10 10:40:25 | 000,002,138 | ---- | M] () -- C:\Users\wraithby\Desktop\CodeStuff Starter.lnk
    [2011/08/09 12:36:54 | 000,001,127 | ---- | M] () -- C:\Users\wraithby\Desktop\PC Wizard 2010.lnk
    [2011/08/07 22:11:24 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/07 10:12:39 | 000,019,859 | ---- | M] () -- C:\Users\wraithby\Desktop\Waugh the Catholic.pdf
    [2011/08/06 20:17:13 | 000,114,608 | ---- | M] () -- C:\Users\wraithby\Desktop\VoegelinView Martin Luther and the Protestant Reformation _ from Th.pdf
    [2011/08/06 19:45:00 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 79900398-367b-4ae2-bf93-60d5b5761ad5.job
    [2011/08/05 13:36:06 | 001,412,144 | ---- | M] () -- C:\Users\wraithby\AppData\Local\rx_image32.Cache
    [2011/08/04 20:58:25 | 000,001,042 | ---- | M] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\All My Books .lnk
    [2011/08/03 15:08:44 | 000,000,705 | ---- | M] () -- C:\Windows\cdplayer.ini
    [2011/08/03 00:13:28 | 019,200,166 | ---- | M] () -- C:\Users\wraithby\Desktop\Kate Rusby - Blooming Heather.mp4
    [2011/07/30 22:09:09 | 045,417,231 | ---- | M] () -- C:\Users\wraithby\Desktop\Video_Marco_Rubio_vs_John_Kerry_on_the_debt_crisis_Hot_Air.flv
    [2011/07/29 13:22:48 | 000,004,096 | -HS- | M] () -- C:\{574172FC-F4AC-434D-B80C-04138A4AA987}.CBM
    [2011/07/29 13:06:58 | 000,273,408 | -HS- | M] () -- C:\EUMONBMP.SYS
    [2011/07/28 06:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys
    [2011/07/28 06:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys
    [2011/07/25 20:18:48 | 000,211,624 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/07/22 22:29:51 | 000,001,016 | ---- | M] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
    [2011/07/22 22:29:51 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
    [2011/07/21 15:00:16 | 023,330,807 | ---- | M] () -- C:\Users\wraithby\Desktop\DVDFab 8 platnium portable 2.exe
    [2011/07/20 16:38:45 | 000,002,110 | ---- | M] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2011/07/18 13:52:29 | 000,001,253 | ---- | M] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\PotPlayer.lnk
    [2011/07/14 00:35:57 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2011/07/13 11:33:00 | 000,457,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2011/08/11 20:46:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/08/11 20:46:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/08/11 20:46:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/08/11 20:46:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/08/11 20:46:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/08/11 20:14:34 | 247,456,893 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/08/11 18:58:25 | 001,016,033 | ---- | C] () -- C:\Users\wraithby\Desktop\90563738,NST1024.pdf
    [2011/08/10 13:42:54 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2011/08/10 10:40:25 | 000,002,162 | ---- | C] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\CodeStuff Starter.lnk
    [2011/08/10 10:40:25 | 000,002,138 | ---- | C] () -- C:\Users\wraithby\Desktop\CodeStuff Starter.lnk
    [2011/08/09 12:36:54 | 000,001,127 | ---- | C] () -- C:\Users\wraithby\Desktop\PC Wizard 2010.lnk
    [2011/08/07 22:11:24 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/07 10:12:39 | 000,019,859 | ---- | C] () -- C:\Users\wraithby\Desktop\Waugh the Catholic.pdf
    [2011/08/06 20:17:11 | 000,114,608 | ---- | C] () -- C:\Users\wraithby\Desktop\VoegelinView Martin Luther and the Protestant Reformation _ from Th.pdf
    [2011/08/03 19:45:27 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 79900398-367b-4ae2-bf93-60d5b5761ad5.job
    [2011/08/03 15:36:07 | 000,299,552 | ---- | C] () -- C:\Windows\wmsysprx.prx
    [2011/08/03 00:09:54 | 019,200,166 | ---- | C] () -- C:\Users\wraithby\Desktop\Kate Rusby - Blooming Heather.mp4
    [2011/07/30 21:57:56 | 045,417,231 | ---- | C] () -- C:\Users\wraithby\Desktop\Video_Marco_Rubio_vs_John_Kerry_on_the_debt_crisis_Hot_Air.flv
    [2011/07/26 20:41:28 | 000,000,705 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2011/07/25 20:18:48 | 000,211,624 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/07/24 18:24:42 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2011/07/22 22:36:22 | 000,870,128 | ---- | C] () -- C:\Users\wraithby\AppData\Roaming\mcs.rma
    [2011/07/22 22:36:22 | 000,000,004 | ---- | C] () -- C:\Users\wraithby\AppData\Roaming\F571D8
    [2011/07/22 22:29:51 | 000,001,016 | ---- | C] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
    [2011/07/22 22:29:51 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
    [2011/07/21 15:13:40 | 023,330,807 | ---- | C] () -- C:\Users\wraithby\Desktop\DVDFab 8 platnium portable 2.exe
    [2011/07/20 16:36:22 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    [2011/07/20 15:02:30 | 000,244,528 | ---- | C] () -- C:\Users\wraithby\AppData\Local\rx_audio.Cache
    [2011/07/20 15:02:12 | 001,412,144 | ---- | C] () -- C:\Users\wraithby\AppData\Local\rx_image32.Cache
    [2011/07/18 13:52:29 | 000,001,253 | ---- | C] () -- C:\Users\wraithby\Application Data\Microsoft\Internet Explorer\Quick Launch\PotPlayer.lnk
    [2011/07/07 15:11:16 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2011/07/07 15:11:02 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
    [2011/07/07 15:11:02 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
    [2011/07/07 15:11:02 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini
    [2011/07/06 12:33:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/07/06 12:33:31 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/07/06 12:33:31 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/07/06 12:33:31 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/06/23 18:52:14 | 000,001,057 | ---- | C] () -- C:\Users\wraithby\AppData\Roaming\vso_ts_preview.xml
    [2011/06/22 16:03:32 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
    [2011/06/22 15:52:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2011/06/22 15:52:57 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2011/06/22 15:52:54 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2011/06/22 15:52:54 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2011/06/15 12:04:27 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/13 15:57:18 | 000,007,168 | ---- | C] () -- C:\Users\wraithby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/10 14:39:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/06/09 14:49:35 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\WSContextMenu.dll
    [2011/06/09 13:23:03 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
    [2011/06/08 12:22:47 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/06/08 00:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2011/06/07 21:33:13 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/06/07 21:33:13 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/06/07 21:33:13 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/06/07 21:33:13 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/06/07 21:33:13 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/06/07 21:33:13 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/06/07 21:33:13 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/06/07 21:33:13 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/06/07 21:33:13 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/06/07 21:33:13 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/06/07 21:33:13 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/06/07 21:33:13 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/06/07 21:33:13 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/06/07 21:33:13 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/06/07 21:33:13 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/06/07 21:33:13 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/06/07 17:25:40 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/06/07 15:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2009/07/15 16:47:26 | 000,032,629 | R--- | C] () -- C:\Windows\MAXLINK.INI
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/06/07 23:25:44 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\.oit
    [2011/06/11 18:47:58 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Acoustica
    [2011/08/05 13:04:04 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Audacity
    [2011/08/06 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\calibre
    [2011/06/10 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Canneverbe Limited
    [2011/07/24 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\DVDFab
    [2011/06/07 23:39:14 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Epson
    [2011/07/03 20:43:47 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\freac
    [2011/08/03 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\ImgBurn
    [2011/06/20 20:18:27 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\IObit
    [2011/08/10 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Mp3tag
    [2011/06/07 23:09:45 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Nuance
    [2011/06/09 07:08:27 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Obsidium
    [2011/06/20 22:06:28 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\OverDrive
    [2011/07/18 13:59:50 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\PotPlayerMini
    [2011/06/13 11:48:33 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\rockbox.org
    [2011/07/12 23:22:15 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\SanDisk
    [2011/06/11 17:35:11 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Simple Star
    [2011/08/10 14:00:06 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Soluto
    [2011/06/07 16:50:11 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Thunderbird
    [2011/06/20 12:50:26 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\TomTom
    [2011/06/07 21:43:21 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\USBSafelyRemove
    [2011/08/11 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\uTorrent
    [2011/06/23 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Vso
    [2011/07/29 12:36:33 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\WallpaperSS
    [2011/08/03 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\XnView
    [2011/06/07 17:28:29 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Zeon
    [2011/06/21 23:15:54 | 000,000,000 | ---D | M] -- C:\Users\wraithby\AppData\Roaming\Zoner
    [2011/08/05 19:55:15 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/08/06 19:45:00 | 000,000,516 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 79900398-367b-4ae2-bf93-60d5b5761ad5.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/08/11 21:01:06 | 000,047,174 | ---- | M] () -- C:\ComboFix.txt
    [2011/07/29 13:06:58 | 000,273,408 | -HS- | M] () -- C:\EUMONBMP.SYS
    [2011/08/11 22:00:18 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/11 22:00:20 | 4294,037,504 | -HS- | M] () -- C:\pagefile.sys
    [2011/08/09 15:17:47 | 000,071,218 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_09.08.2011_15.17.16_log.txt
    [2011/07/29 13:22:48 | 000,004,096 | -HS- | M] () -- C:\{574172FC-F4AC-434D-B80C-04138A4AA987}.CBM

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/07 13:59:03 | 000,000,221 | -HS- | M] () -- C:\Users\wraithby\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/07/21 15:00:16 | 023,330,807 | ---- | M] () -- C:\Users\wraithby\Desktop\DVDFab 8 platnium portable 2.exe
    [2011/08/11 22:04:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\wraithby\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/07/01 09:40:45 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/07/01 09:40:45 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/06/07 15:19:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/06/07 15:19:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/07/01 09:40:45 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/06/07 15:20:30 | 000,000,402 | -HS- | M] () -- C:\Users\wraithby\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/14 00:35:57 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2011/08/10 13:42:54 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2011/06/07 17:25:43 | 000,000,358 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/06/19 16:05:52 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Torrents?) -- C:\Users\wraithby\Favorites\Torrents​
    [2011/06/07 16:29:57 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Verizon Links?) -- C:\Users\wraithby\Favorites\Verizon Links​
    [2011/06/07 16:29:57 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Verizon Central?) -- C:\Users\wraithby\Favorites\Verizon Central​
    [2011/06/07 16:29:57 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Unsorted Bookmarks?) -- C:\Users\wraithby\Favorites\Unsorted Bookmarks​
    [2011/06/07 16:29:57 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Trails and Parks?) -- C:\Users\wraithby\Favorites\Trails and Parks​
    [2011/06/07 16:29:56 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Shopping Online?) -- C:\Users\wraithby\Favorites\Shopping Online​
    [2011/06/07 16:29:56 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Search engines?) -- C:\Users\wraithby\Favorites\Search engines​
    [2011/06/07 16:29:56 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Reference?) -- C:\Users\wraithby\Favorites\Reference​
    [2011/06/07 16:29:56 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Real Estate?) -- C:\Users\wraithby\Favorites\Real Estate​
    [2011/06/07 16:29:56 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Newspapers & magazines?) -- C:\Users\wraithby\Favorites\Newspapers & magazines​
    [2011/06/07 16:29:56 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Music?) -- C:\Users\wraithby\Favorites\Music​
    [2011/06/07 16:29:56 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Misc3?) -- C:\Users\wraithby\Favorites\Misc3​
    [2011/06/07 16:29:55 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Misc2?) -- C:\Users\wraithby\Favorites\Misc2​
    [2011/06/07 16:29:55 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Misc?) -- C:\Users\wraithby\Favorites\Misc​
    [2011/06/07 16:29:55 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Literary?) -- C:\Users\wraithby\Favorites\Literary​
    [2011/06/07 16:29:55 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Libraries?) -- C:\Users\wraithby\Favorites\Libraries​
    [2011/06/07 16:29:55 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Legal?) -- C:\Users\wraithby\Favorites\Legal​
    [2011/06/07 16:29:55 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Job search?) -- C:\Users\wraithby\Favorites\Job search​
    [2011/06/07 16:29:55 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Irish?) -- C:\Users\wraithby\Favorites\Irish​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Home Pages?) -- C:\Users\wraithby\Favorites\Home Pages​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Health Medical & Dental?) -- C:\Users\wraithby\Favorites\Health Medical & Dental​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Government?) -- C:\Users\wraithby\Favorites\Government​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Entertainment?) -- C:\Users\wraithby\Favorites\Entertainment​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Email Lists?) -- C:\Users\wraithby\Favorites\Email Lists​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Dining?) -- C:\Users\wraithby\Favorites\Dining​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Dell?) -- C:\Users\wraithby\Favorites\Dell​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Credit Cards?) -- C:\Users\wraithby\Favorites\Credit Cards​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Conservative?) -- C:\Users\wraithby\Favorites\Conservative​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Clubs?) -- C:\Users\wraithby\Favorites\Clubs​
    [2011/06/07 16:29:54 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Catholic sites?) -- C:\Users\wraithby\Favorites\Catholic sites​
    [2011/06/07 16:29:53 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Mozilla Firefox?) -- C:\Users\wraithby\Favorites\Mozilla Firefox​
    [2011/06/07 16:29:53 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Car?) -- C:\Users\wraithby\Favorites\Car​
    [2011/06/07 16:29:53 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Blogs?) -- C:\Users\wraithby\Favorites\Blogs​
    [2011/06/07 16:29:53 | 000,000,000 | ---D | M](C:\Users\wraithby\Favorites\Banking & Investing & Taxes?) -- C:\Users\wraithby\Favorites\Banking & Investing & Taxes​

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:39413AC3
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:01C66DD9

    < End of report >
     
    wraithby,
    #13
  15. 2011/08/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We're not dealing with any infection here.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
    broni,
    #14
  16. 2011/08/11
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    thnx for your help
     
    wraithby,
    #15
  17. 2011/08/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome [​IMG]
     
    broni,
    #16
  18. 2011/09/05
    wraithby

    wraithby Inactive Thread Starter

    Joined:
    2009/02/18
    Messages:
    27
    Likes Received:
    0
    Resolved "explorer.exe" problem

    I was able to finally resolve this "explorer.exe" problem.

    I used IOBIT's Smart Defrag v.2.2. The "boot defrag" option defrags the MFT, pagefile, hibernation file and system files at boot-up.

    Desktop is running normally at boot-up.
     
    wraithby,
    #17
  19. 2011/09/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Thanks for the update :)
     
    broni,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...