Solved redirect virus again?

[Resolved] redirect virus again?

Hey now, I think I've got the bug again so I ran all the recomended software and will post logs from them. Thanks in advance for the help again. Here is the first, mbam

www.malwarebytes.org

Database version: v2012.07.18.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
jerry :: JERRY-PC [administrator]

7/18/2012 8:28:18 AM
mbam-log-2012-07-18 (08-28-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225025
Time elapsed: 42 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

next log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 18:15:42
-----------------------------
18:15:42.438 OS Version: Windows 6.0.6002 Service Pack 2
18:15:42.439 Number of processors: 1 586 0x7F02
18:15:42.440 ComputerName: JERRY-PC UserName: jerry
18:15:45.397 Initialize success
18:16:17.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
18:16:17.523 Disk 0 Vendor: WDC_WD16 1.10 Size: 152627MB BusType: 6
18:16:17.740 Disk 0 MBR read successfully
18:16:17.745 Disk 0 MBR scan
18:16:17.751 Disk 0 unknown MBR code
18:16:17.763 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
18:16:17.793 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71192 MB offset 20981760
18:16:17.891 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71189 MB offset 166782976
18:16:18.127 Disk 0 scanning sectors +312578048
18:16:18.580 Disk 0 scanning C:\Windows\system32\drivers
18:18:30.057 File: C:\Windows\system32\drivers\smb.sys **SUSPICIOUS**
18:19:25.191 Disk 0 trace - called modules:
18:19:25.405 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8e4ef698]<<
18:19:25.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85aac0a0]
18:19:25.893 3 CLASSPNP.SYS[89ba78b3] -> nt!IofCallDriver -> [0x841bb3a8]
18:19:25.920 \Driver\00001643[0x86b2f688] -> IRP_MJ_CREATE -> 0x8e4ef698
18:19:25.947 Scan finished successfully
19:02:47.718 Disk 0 MBR has been saved successfully to "C:\Users\jerry\Desktop\MBR.dat "
19:02:47.726 The log file has been saved successfully to "C:\Users\jerry\Desktop\aswMBR.txt "

 

next log


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jerry at 19:04:34 on 2012-07-18
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1244 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [CPN Notifier] c:\program files\colt poker\PokerNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home\PMBVolumeWatcher.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk "& "inst=NzctNzEzOTg1NTUyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ "& "prod=90 "& "ver=2012.0.1796 "& "mid=2d550cef69b574666674f3904c4cca9d-926113d46e07c1a10a54c687293e356df434df7e
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Arctic%20Quest%202/Images/armhelper.ocx
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{1E6644C9-C18A-4664-A766-F3140C986261} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{4936F3D3-BDF4-442B-B0A1-A396ACE2AEE6} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{B57DE832-10A4-4AB6-A41E-080FD9154FD3} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-12-15 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-3-16 476728]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2012-5-19 46184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-28 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-12 08:43:51 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:24:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-07-12 07:24:37 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-11 07:43:09 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 07:43:05 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:43:05 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:43:03 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:43:02 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:43:02 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-24 15:29:35 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 15:28:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 15:28:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 15:28:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-15 10:10:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-15 10:10:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 19:05:54.41 ===============

 

next log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 12/15/2008 1:48:52 PM
System Uptime: 7/18/2012 7:41:31 AM (12 hours ago)
.
Motherboard: Acer | | Nile
Processor: AMD Athlon(tm) Processor 2650e | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 26.056 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 68.259 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1164: 7/1/2012 8:59:47 AM - Scheduled Checkpoint
RP1165: 7/4/2012 12:58:01 PM - Scheduled Checkpoint
RP1166: 7/12/2012 3:01:43 AM - Windows Update
RP1167: 7/14/2012 9:37:13 AM - Scheduled Checkpoint
RP1168: 7/15/2012 12:00:02 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
Acer Assist
Acer Empowering Technology
Acer eRecovery Management
Acer Mobility Center Plug-In
Acer Registration
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Aloha Solitaire
Ancient Mosaic
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
Arctic Quest
ATI Catalyst Install Manager
ATT-PRT22
AVG 2012
BellSouth FastAccess DSL Help Center
Bonjour
C:\Program Files\Acer GameZone\GameConsole
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Colt Poker
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Cradle of Persia
Diamond Detective
ESET Online Scanner v3
Free Ride Games Player
Hotel Dash 2- Lost Luxuries
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Driver Diagnostics
HP Games
HP Photo Creations
HP Update
Ice Cream Craze: Natural Hero
Inspector Magnusson - Murder on the Titanic
InterVideo WinDVD 8
Intuit SiteBuilder
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest Mysteries - The Seventh Gate
Launch Manager
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe 1.4.142.1
Magic Encyclopedia: Illusions
Malwarebytes Anti-Malware version 1.62.0.1300
Micro Innovations Optical Scroll Mouse
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Small Business
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyDSC2
Mystic Emporium
Mystic Gallery
Ocean Express
Orion
PJ Pride Pet Detective Destination Europe
PlayMemories Home
Primo
Puzzle Express
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Roads of Rome
Runtime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skins
Skype Click to Call
Skype™ 5.9
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Street Atlas USA 8.0
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
The Treasures of Montezuma
Unlikely Suspects
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App
World Mosaics
Yahoo! Toolbar
ZEN Entertainment
.
==== End Of File ===========================

 

I think thats all of them, if not let me know

 

I almost forgot, I could not get the firewall in the computer to open to turn on or off, it had a message like "could not be opened due to some unknown reason" or something like that

 

I cant find the log? I tried searching my computer for it but it only found the program and shortcut?

I found it by reopening the tdss and click report. Posted below

 

06:04:57.0746 4644 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
06:04:58.0202 4644 ============================================================
06:04:58.0203 4644 Current date / time: 2012/07/19 06:04:58.0202
06:04:58.0203 4644 SystemInfo:
06:04:58.0203 4644
06:04:58.0203 4644 OS Version: 6.0.6002 ServicePack: 2.0
06:04:58.0203 4644 Product type: Workstation
06:04:58.0203 4644 ComputerName: JERRY-PC
06:04:58.0205 4644 UserName: jerry
06:04:58.0205 4644 Windows directory: C:\Windows
06:04:58.0205 4644 System windows directory: C:\Windows
06:04:58.0205 4644 Processor architecture: Intel x86
06:04:58.0205 4644 Number of processors: 1
06:04:58.0205 4644 Page size: 0x1000
06:04:58.0205 4644 Boot type: Normal boot
06:04:58.0205 4644 ============================================================
06:04:59.0706 4644 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:04:59.0710 4644 ============================================================
06:04:59.0710 4644 \Device\Harddisk0\DR0:
06:04:59.0711 4644 MBR partitions:
06:04:59.0711 4644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x8B0C000
06:04:59.0711 4644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F0E800, BlocksNum 0x8B0A800
06:04:59.0711 4644 ============================================================
06:04:59.0763 4644 C: <-> \Device\Harddisk0\DR0\Partition0
06:04:59.0874 4644 D: <-> \Device\Harddisk0\DR0\Partition1
06:04:59.0874 4644 ============================================================
06:04:59.0874 4644 Initialize success
06:04:59.0874 4644 ============================================================

 

20:51:38.0965 3304 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:51:39.0459 3304 ============================================================
20:51:39.0460 3304 Current date / time: 2012/07/20 20:51:39.0459
20:51:39.0460 3304 SystemInfo:
20:51:39.0460 3304
20:51:39.0460 3304 OS Version: 6.0.6002 ServicePack: 2.0
20:51:39.0460 3304 Product type: Workstation
20:51:39.0460 3304 ComputerName: JERRY-PC
20:51:39.0463 3304 UserName: jerry
20:51:39.0464 3304 Windows directory: C:\Windows
20:51:39.0464 3304 System windows directory: C:\Windows
20:51:39.0464 3304 Processor architecture: Intel x86
20:51:39.0464 3304 Number of processors: 1
20:51:39.0464 3304 Page size: 0x1000
20:51:39.0465 3304 Boot type: Normal boot
20:51:39.0465 3304 ============================================================
20:51:42.0090 3304 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:51:42.0095 3304 ============================================================
20:51:42.0095 3304 \Device\Harddisk0\DR0:
20:51:42.0102 3304 MBR partitions:
20:51:42.0102 3304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x8B0C000
20:51:42.0102 3304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F0E800, BlocksNum 0x8B0A800
20:51:42.0102 3304 ============================================================
20:51:42.0174 3304 C: <-> \Device\Harddisk0\DR0\Partition0
20:51:42.0262 3304 D: <-> \Device\Harddisk0\DR0\Partition1
20:51:42.0263 3304 ============================================================
20:51:42.0263 3304 Initialize success
20:51:42.0263 3304 ============================================================
20:52:37.0394 5092 ============================================================
20:52:37.0394 5092 Scan started
20:52:37.0394 5092 Mode: Manual;
20:52:37.0394 5092 ============================================================
20:52:38.0335 5092 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:52:38.0340 5092 !SASCORE - ok
20:52:38.0764 5092 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:52:38.0777 5092 ACPI - ok
20:52:38.0880 5092 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:52:38.0898 5092 AdobeARMservice - ok
20:52:38.0972 5092 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:52:38.0983 5092 adp94xx - ok
20:52:39.0020 5092 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:52:39.0041 5092 adpahci - ok
20:52:39.0065 5092 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:52:39.0068 5092 adpu160m - ok
20:52:39.0094 5092 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:52:39.0109 5092 adpu320 - ok
20:52:39.0187 5092 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:52:39.0188 5092 AeLookupSvc - ok
20:52:39.0228 5092 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
20:52:39.0230 5092 Afc - ok
20:52:39.0315 5092 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:52:39.0321 5092 AFD - ok
20:52:39.0372 5092 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:52:39.0375 5092 agp440 - ok
20:52:39.0440 5092 ahcix86s (4fa58a158c9d3769ff9248675b53d6a7) C:\Windows\system32\DRIVERS\ahcix86s.sys
20:52:39.0442 5092 ahcix86s - ok
20:52:39.0537 5092 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:52:39.0541 5092 aic78xx - ok
20:52:39.0570 5092 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:52:39.0572 5092 ALG - ok
20:52:39.0638 5092 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:52:39.0640 5092 aliide - ok
20:52:39.0699 5092 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:52:39.0701 5092 amdagp - ok
20:52:39.0738 5092 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:52:39.0740 5092 amdide - ok
20:52:39.0771 5092 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:52:39.0773 5092 AmdK7 - ok
20:52:39.0831 5092 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:52:39.0833 5092 AmdK8 - ok
20:52:39.0894 5092 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:52:39.0896 5092 Appinfo - ok
20:52:40.0053 5092 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:52:40.0056 5092 Apple Mobile Device - ok
20:52:40.0119 5092 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:52:40.0122 5092 arc - ok
20:52:40.0165 5092 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:52:40.0168 5092 arcsas - ok
20:52:40.0220 5092 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:40.0222 5092 AsyncMac - ok
20:52:40.0288 5092 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:52:40.0301 5092 atapi - ok
20:52:40.0645 5092 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
20:52:40.0678 5092 athr - ok
20:52:40.0788 5092 Ati External Event Utility (4604db6d5eca6362873cc3a76d2204ba) C:\Windows\system32\Ati2evxx.exe
20:52:40.0802 5092 Ati External Event Utility - ok
20:52:42.0098 5092 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
20:52:42.0196 5092 atikmdag - ok
20:52:42.0359 5092 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:52:42.0361 5092 AtiPcie - ok
20:52:42.0463 5092 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:52:42.0470 5092 AudioEndpointBuilder - ok
20:52:42.0496 5092 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:52:42.0500 5092 Audiosrv - ok
20:52:44.0285 5092 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:52:44.0388 5092 AVGIDSAgent - ok
20:52:44.0759 5092 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:52:44.0766 5092 AVGIDSDriver - ok
20:52:44.0828 5092 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:52:44.0831 5092 AVGIDSEH - ok
20:52:44.0854 5092 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:52:44.0859 5092 AVGIDSFilter - ok
20:52:44.0907 5092 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:52:44.0909 5092 AVGIDSShim - ok
20:52:44.0944 5092 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
20:52:44.0960 5092 Avgldx86 - ok
20:52:45.0017 5092 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
20:52:45.0019 5092 Avgmfx86 - ok
20:52:45.0082 5092 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
20:52:45.0088 5092 Avgrkx86 - ok
20:52:45.0137 5092 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
20:52:45.0148 5092 Avgtdix - ok
20:52:45.0246 5092 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:52:45.0250 5092 avgwd - ok
20:52:45.0396 5092 BCM43XX (c38077d14adf896ee1e1dbbcbcf77e14) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:52:45.0438 5092 BCM43XX - ok
20:52:45.0478 5092 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:52:45.0480 5092 Beep - ok
20:52:45.0634 5092 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:52:45.0649 5092 BITS - ok
20:52:45.0681 5092 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:52:45.0683 5092 blbdrive - ok
20:52:45.0800 5092 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
20:52:45.0823 5092 Bonjour Service - ok
20:52:45.0926 5092 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:52:45.0930 5092 bowser - ok
20:52:45.0973 5092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:52:45.0975 5092 BrFiltLo - ok
20:52:46.0002 5092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:52:46.0004 5092 BrFiltUp - ok
20:52:46.0053 5092 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:52:46.0059 5092 Browser - ok
20:52:46.0090 5092 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:52:46.0092 5092 Brserid - ok
20:52:46.0139 5092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:52:46.0142 5092 BrSerWdm - ok
20:52:46.0174 5092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:52:46.0176 5092 BrUsbMdm - ok
20:52:46.0210 5092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:52:46.0212 5092 BrUsbSer - ok
20:52:46.0238 5092 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:52:46.0241 5092 BTHMODEM - ok
20:52:46.0377 5092 catchme - ok
20:52:46.0410 5092 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:52:46.0416 5092 cdfs - ok
20:52:46.0478 5092 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:52:46.0481 5092 cdrom - ok
20:52:46.0554 5092 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:52:46.0556 5092 CertPropSvc - ok
20:52:46.0591 5092 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:52:46.0593 5092 circlass - ok
20:52:46.0678 5092 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:52:46.0702 5092 CLFS - ok
20:52:46.0819 5092 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:46.0825 5092 clr_optimization_v2.0.50727_32 - ok
20:52:46.0973 5092 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:46.0980 5092 clr_optimization_v4.0.30319_32 - ok
20:52:47.0030 5092 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:47.0032 5092 CmBatt - ok
20:52:47.0054 5092 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:52:47.0059 5092 cmdide - ok
20:52:47.0091 5092 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:52:47.0093 5092 Compbatt - ok
20:52:47.0115 5092 COMSysApp - ok
20:52:47.0143 5092 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:52:47.0146 5092 crcdisk - ok
20:52:47.0178 5092 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:52:47.0180 5092 Crusoe - ok
20:52:47.0254 5092 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:52:47.0271 5092 CryptSvc - ok
20:52:47.0418 5092 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:52:47.0441 5092 DcomLaunch - ok
20:52:47.0518 5092 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:52:47.0521 5092 DfsC - ok
20:52:47.0686 5092 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:52:47.0765 5092 DFSR - ok
20:52:47.0951 5092 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:52:47.0956 5092 Dhcp - ok
20:52:48.0030 5092 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:52:48.0041 5092 disk - ok
20:52:48.0106 5092 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:52:48.0109 5092 DKbFltr - ok
20:52:48.0245 5092 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:52:48.0256 5092 Dnscache - ok
20:52:48.0330 5092 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:52:48.0344 5092 dot3svc - ok
20:52:48.0403 5092 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:52:48.0420 5092 DPS - ok
20:52:48.0499 5092 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
20:52:48.0502 5092 DritekPortIO - ok
20:52:48.0553 5092 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:52:48.0554 5092 drmkaud - ok
20:52:48.0654 5092 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:52:48.0667 5092 DXGKrnl - ok
20:52:48.0715 5092 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:52:48.0727 5092 E1G60 - ok
20:52:48.0788 5092 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:52:48.0791 5092 EapHost - ok
20:52:48.0857 5092 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:52:48.0874 5092 Ecache - ok
20:52:48.0945 5092 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:52:48.0965 5092 elxstor - ok
20:52:49.0068 5092 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:52:49.0089 5092 EMDMgmt - ok
20:52:49.0113 5092 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:52:49.0115 5092 ErrDev - ok
20:52:49.0219 5092 ETService (f25247d0e011a643ee60052ce23be05e) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
20:52:49.0242 5092 ETService - ok
20:52:49.0327 5092 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:52:49.0334 5092 EventSystem - ok
20:52:49.0397 5092 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:52:49.0412 5092 exfat - ok
20:52:49.0474 5092 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:52:49.0491 5092 fastfat - ok
20:52:49.0531 5092 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:52:49.0533 5092 fdc - ok
20:52:49.0581 5092 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:52:49.0584 5092 fdPHost - ok
20:52:49.0607 5092 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:52:49.0616 5092 FDResPub - ok
20:52:49.0649 5092 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:52:49.0652 5092 FileInfo - ok
20:52:49.0682 5092 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:52:49.0684 5092 Filetrace - ok
20:52:49.0721 5092 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:52:49.0723 5092 flpydisk - ok
20:52:49.0765 5092 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:52:49.0780 5092 FltMgr - ok
20:52:49.0909 5092 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:52:49.0945 5092 FontCache - ok
20:52:50.0079 5092 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:52:50.0082 5092 FontCache3.0.0.0 - ok
20:52:50.0124 5092 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:52:50.0141 5092 Fs_Rec - ok
20:52:50.0189 5092 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:52:50.0205 5092 gagp30kx - ok
20:52:50.0382 5092 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
20:52:50.0390 5092 GamesAppService - ok
20:52:50.0446 5092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:52:50.0470 5092 GEARAspiWDM - ok
20:52:50.0556 5092 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:52:50.0576 5092 gpsvc - ok
20:52:50.0648 5092 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:52:50.0657 5092 HdAudAddService - ok
20:52:50.0742 5092 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:52:50.0753 5092 HDAudBus - ok
20:52:50.0801 5092 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:52:50.0804 5092 HidBth - ok
20:52:50.0830 5092 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:52:50.0834 5092 HidIr - ok
20:52:50.0891 5092 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:52:50.0894 5092 hidserv - ok
20:52:50.0946 5092 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:52:50.0947 5092 HidUsb - ok
20:52:50.0991 5092 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:52:50.0994 5092 hkmsvc - ok
20:52:51.0023 5092 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:52:51.0025 5092 HpCISSs - ok
20:52:51.0153 5092 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:52:51.0175 5092 HTTP - ok
20:52:51.0213 5092 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:52:51.0215 5092 i2omp - ok
20:52:51.0266 5092 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:52:51.0270 5092 i8042prt - ok
20:52:51.0317 5092 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:52:51.0323 5092 iaStorV - ok
20:52:51.0470 5092 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:52:51.0515 5092 idsvc - ok
20:52:51.0596 5092 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:52:51.0599 5092 iirsp - ok
20:52:51.0688 5092 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:52:51.0706 5092 IKEEXT - ok
20:52:51.0764 5092 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys
20:52:51.0766 5092 int15 - ok
20:52:51.0808 5092 IntcAzAudAddService - ok
20:52:51.0845 5092 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:52:51.0847 5092 intelide - ok
20:52:51.0880 5092 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:52:51.0883 5092 intelppm - ok
20:52:51.0933 5092 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:52:51.0937 5092 IPBusEnum - ok
20:52:51.0978 5092 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:51.0981 5092 IpFilterDriver - ok
20:52:51.0997 5092 IpInIp - ok
20:52:52.0042 5092 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:52:52.0062 5092 IPMIDRV - ok
20:52:52.0097 5092 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:52:52.0105 5092 IPNAT - ok
20:52:52.0130 5092 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:52:52.0132 5092 IRENUM - ok
20:52:52.0176 5092 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:52:52.0178 5092 isapnp - ok
20:52:52.0250 5092 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:52:52.0254 5092 iScsiPrt - ok
20:52:52.0277 5092 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:52:52.0279 5092 iteatapi - ok
20:52:52.0311 5092 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:52:52.0314 5092 iteraid - ok
20:52:52.0423 5092 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:52:52.0431 5092 IviRegMgr - ok
20:52:52.0460 5092 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:52:52.0462 5092 kbdclass - ok
20:52:52.0526 5092 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:52:52.0528 5092 kbdhid - ok
20:52:52.0558 5092 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:52:52.0562 5092 KeyIso - ok
20:52:52.0630 5092 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
20:52:52.0646 5092 KSecDD - ok
20:52:52.0727 5092 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:52:52.0750 5092 KtmRm - ok
20:52:52.0823 5092 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:52:52.0829 5092 LanmanServer - ok
20:52:52.0908 5092 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:52:52.0921 5092 LanmanWorkstation - ok
20:52:53.0036 5092 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:52:53.0038 5092 LightScribeService - ok
20:52:53.0082 5092 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:52:53.0087 5092 lltdio - ok
20:52:53.0145 5092 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:52:53.0157 5092 lltdsvc - ok
20:52:53.0183 5092 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:52:53.0186 5092 lmhosts - ok
20:52:53.0241 5092 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:52:53.0244 5092 LSI_FC - ok
20:52:53.0286 5092 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:52:53.0290 5092 LSI_SAS - ok
20:52:53.0333 5092 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:52:53.0341 5092 LSI_SCSI - ok
20:52:53.0383 5092 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:52:53.0387 5092 luafv - ok
20:52:53.0484 5092 McciCMService (67b6f4e0db57dd2020a2415294ba4ed8) C:\Program Files\Common Files\Motive\McciCMService.exe
20:52:53.0567 5092 McciCMService - ok
20:52:53.0603 5092 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:52:53.0609 5092 megasas - ok
20:52:53.0658 5092 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:52:53.0674 5092 MegaSR - ok
20:52:53.0722 5092 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:52:53.0730 5092 MMCSS - ok
20:52:53.0791 5092 MobilityService - ok
20:52:53.0832 5092 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:52:53.0835 5092 Modem - ok
20:52:53.0877 5092 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:52:53.0879 5092 monitor - ok
20:52:53.0908 5092 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:52:53.0909 5092 mouclass - ok
20:52:53.0938 5092 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:52:53.0940 5092 mouhid - ok
20:52:53.0969 5092 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:52:53.0971 5092 MountMgr - ok
20:52:54.0012 5092 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:52:54.0017 5092 mpio - ok
20:52:54.0049 5092 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:52:54.0052 5092 mpsdrv - ok
20:52:54.0085 5092 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:52:54.0088 5092 Mraid35x - ok
20:52:54.0134 5092 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:52:54.0138 5092 MREMP50 - ok
20:52:54.0156 5092 MREMP50a64 - ok
20:52:54.0186 5092 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:52:54.0189 5092 MRESP50 - ok
20:52:54.0208 5092 MRESP50a64 - ok
20:52:54.0278 5092 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:52:54.0280 5092 MRxDAV - ok
20:52:54.0342 5092 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:54.0357 5092 mrxsmb - ok
20:52:54.0425 5092 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:54.0432 5092 mrxsmb10 - ok
20:52:54.0471 5092 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:54.0489 5092 mrxsmb20 - ok
20:52:54.0549 5092 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:52:54.0551 5092 msahci - ok
20:52:54.0593 5092 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:52:54.0595 5092 msdsm - ok
20:52:54.0658 5092 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:52:54.0664 5092 MSDTC - ok
20:52:54.0720 5092 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:52:54.0722 5092 Msfs - ok
20:52:54.0766 5092 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:52:54.0768 5092 msisadrv - ok
20:52:54.0827 5092 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:52:54.0833 5092 MSiSCSI - ok
20:52:54.0855 5092 msiserver - ok
20:52:54.0887 5092 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:52:54.0889 5092 MSKSSRV - ok
20:52:54.0927 5092 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:54.0929 5092 MSPCLOCK - ok
20:52:54.0951 5092 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:52:54.0953 5092 MSPQM - ok
20:52:55.0015 5092 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:52:55.0024 5092 MsRPC - ok
20:52:55.0059 5092 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:52:55.0061 5092 mssmbios - ok
20:52:55.0094 5092 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:52:55.0096 5092 MSTEE - ok
20:52:55.0123 5092 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:52:55.0126 5092 Mup - ok
20:52:55.0198 5092 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:52:55.0210 5092 napagent - ok
20:52:55.0271 5092 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:52:55.0287 5092 NativeWifiP - ok
20:52:55.0352 5092 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:52:55.0365 5092 NDIS - ok
20:52:55.0415 5092 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:55.0418 5092 NdisTapi - ok
20:52:55.0444 5092 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:55.0449 5092 Ndisuio - ok
20:52:55.0497 5092 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:55.0507 5092 NdisWan - ok
20:52:55.0540 5092 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:52:55.0542 5092 NDProxy - ok
20:52:55.0589 5092 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:52:55.0591 5092 NetBIOS - ok
20:52:55.0654 5092 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:52:55.0666 5092 netbt - ok
20:52:55.0703 5092 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:52:55.0705 5092 Netlogon - ok
20:52:55.0771 5092 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:52:55.0786 5092 Netman - ok
20:52:55.0842 5092 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:52:55.0849 5092 netprofm - ok
20:52:55.0951 5092 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:55.0965 5092 NetTcpPortSharing - ok
20:52:56.0016 5092 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:52:56.0019 5092 nfrd960 - ok
20:52:56.0050 5092 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:52:56.0065 5092 NlaSvc - ok
20:52:56.0120 5092 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:52:56.0122 5092 Npfs - ok
20:52:56.0155 5092 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

 

20:52:56.0158 5092 nsi - ok
20:52:56.0195 5092 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:52:56.0197 5092 nsiproxy - ok
20:52:56.0319 5092 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:52:56.0366 5092 Ntfs - ok
20:52:56.0444 5092 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:52:56.0446 5092 NTIDrvr - ok
20:52:56.0481 5092 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:52:56.0483 5092 ntrigdigi - ok
20:52:56.0548 5092 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:52:56.0550 5092 NuidFltr - ok
20:52:56.0574 5092 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:52:56.0576 5092 Null - ok
20:52:56.0630 5092 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:52:56.0637 5092 nvraid - ok
20:52:56.0667 5092 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:52:56.0671 5092 nvstor - ok
20:52:56.0705 5092 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:52:56.0709 5092 nv_agp - ok
20:52:56.0730 5092 NwlnkFlt - ok
20:52:56.0752 5092 NwlnkFwd - ok
20:52:56.0800 5092 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:52:56.0820 5092 ohci1394 - ok
20:52:56.0916 5092 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:56.0933 5092 p2pimsvc - ok
20:52:56.0962 5092 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:56.0972 5092 p2psvc - ok
20:52:57.0013 5092 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:52:57.0026 5092 Parport - ok
20:52:57.0082 5092 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:52:57.0085 5092 partmgr - ok
20:52:57.0111 5092 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:52:57.0116 5092 Parvdm - ok
20:52:57.0161 5092 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:52:57.0165 5092 PcaSvc - ok
20:52:57.0232 5092 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:52:57.0235 5092 pci - ok
20:52:57.0280 5092 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:52:57.0283 5092 pciide - ok
20:52:57.0330 5092 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:52:57.0335 5092 pcmcia - ok
20:52:57.0446 5092 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:52:57.0468 5092 PEAUTH - ok
20:52:57.0669 5092 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:52:57.0724 5092 pla - ok
20:52:57.0868 5092 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:52:57.0883 5092 PlugPlay - ok
20:52:58.0078 5092 PMBDeviceInfoProvider (fe6fd94886d25adb554ec8ddf3c47caa) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
20:52:58.0094 5092 PMBDeviceInfoProvider - ok
20:52:58.0179 5092 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:58.0187 5092 PNRPAutoReg - ok
20:52:58.0222 5092 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:52:58.0235 5092 PNRPsvc - ok
20:52:58.0308 5092 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:52:58.0325 5092 PolicyAgent - ok
20:52:58.0416 5092 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:52:58.0420 5092 PptpMiniport - ok
20:52:58.0523 5092 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:52:58.0532 5092 Processor - ok
20:52:58.0607 5092 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:52:58.0614 5092 ProfSvc - ok
20:52:58.0666 5092 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:52:58.0668 5092 ProtectedStorage - ok
20:52:58.0735 5092 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:52:58.0737 5092 PSched - ok
20:52:58.0790 5092 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
20:52:58.0793 5092 PxHelp20 - ok
20:52:58.0919 5092 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:52:58.0948 5092 ql2300 - ok
20:52:59.0000 5092 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:52:59.0018 5092 ql40xx - ok
20:52:59.0074 5092 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:52:59.0086 5092 QWAVE - ok
20:52:59.0120 5092 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:52:59.0122 5092 QWAVEdrv - ok
20:52:59.0146 5092 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:52:59.0150 5092 RasAcd - ok
20:52:59.0188 5092 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:52:59.0193 5092 RasAuto - ok
20:52:59.0247 5092 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:59.0250 5092 Rasl2tp - ok
20:52:59.0313 5092 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:52:59.0332 5092 RasMan - ok
20:52:59.0394 5092 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:59.0396 5092 RasPppoe - ok
20:52:59.0421 5092 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:52:59.0425 5092 RasSstp - ok
20:52:59.0492 5092 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:52:59.0507 5092 rdbss - ok
20:52:59.0543 5092 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:59.0545 5092 RDPCDD - ok
20:52:59.0607 5092 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:52:59.0619 5092 rdpdr - ok
20:52:59.0642 5092 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:52:59.0644 5092 RDPENCDD - ok
20:52:59.0719 5092 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:52:59.0731 5092 RDPWD - ok
20:52:59.0787 5092 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:52:59.0789 5092 regi - ok
20:52:59.0841 5092 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:52:59.0848 5092 RemoteAccess - ok
20:52:59.0909 5092 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:52:59.0923 5092 RemoteRegistry - ok
20:52:59.0966 5092 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:52:59.0971 5092 RpcLocator - ok
20:53:00.0056 5092 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
20:53:00.0064 5092 RpcSs - ok
20:53:00.0119 5092 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:53:00.0122 5092 rspndr - ok
20:53:00.0171 5092 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:53:00.0187 5092 RTL8169 - ok
20:53:00.0219 5092 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:53:00.0222 5092 SamSs - ok
20:53:00.0316 5092 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:53:00.0343 5092 SASDIFSV - ok
20:53:00.0379 5092 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:53:00.0403 5092 SASKUTIL - ok
20:53:00.0434 5092 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:53:00.0438 5092 sbp2port - ok
20:53:00.0581 5092 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:53:00.0616 5092 SBSDWSCService - ok
20:53:00.0693 5092 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:53:00.0698 5092 SCardSvr - ok
20:53:00.0787 5092 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:53:00.0804 5092 Schedule - ok
20:53:00.0851 5092 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:53:00.0853 5092 SCPolicySvc - ok
20:53:00.0895 5092 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:53:00.0904 5092 SDRSVC - ok
20:53:00.0985 5092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:53:01.0007 5092 secdrv - ok
20:53:01.0037 5092 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:53:01.0046 5092 seclogon - ok
20:53:01.0072 5092 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:53:01.0077 5092 SENS - ok
20:53:01.0123 5092 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:53:01.0126 5092 Serenum - ok
20:53:01.0164 5092 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:53:01.0167 5092 Serial - ok
20:53:01.0194 5092 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:53:01.0197 5092 sermouse - ok
20:53:01.0268 5092 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:53:01.0273 5092 SessionEnv - ok
20:53:01.0308 5092 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:53:01.0311 5092 sffdisk - ok
20:53:01.0340 5092 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:53:01.0343 5092 sffp_mmc - ok
20:53:01.0384 5092 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:53:01.0386 5092 sffp_sd - ok
20:53:01.0429 5092 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:53:01.0432 5092 sfloppy - ok
20:53:01.0504 5092 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:53:01.0525 5092 ShellHWDetection - ok
20:53:01.0565 5092 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:53:01.0569 5092 sisagp - ok
20:53:01.0602 5092 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:53:01.0604 5092 SiSRaid2 - ok
20:53:01.0643 5092 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:53:01.0659 5092 SiSRaid4 - ok
20:53:01.0757 5092 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
20:53:01.0760 5092 SkypeUpdate - ok
20:53:02.0098 5092 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:53:02.0169 5092 slsvc - ok
20:53:02.0315 5092 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:53:02.0319 5092 SLUINotify - ok
20:53:02.0425 5092 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:53:02.0428 5092 Smb - ok
20:53:02.0498 5092 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:53:02.0502 5092 SNMPTRAP - ok
20:53:02.0550 5092 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:53:02.0553 5092 spldr - ok
20:53:02.0598 5092 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:53:02.0603 5092 Spooler - ok
20:53:02.0669 5092 SQTECH905C (5e8bd271747d43bc2d656c1f956fddaf) C:\Windows\system32\Drivers\Capt905c.sys
20:53:02.0696 5092 SQTECH905C - ok
20:53:02.0751 5092 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:53:02.0771 5092 srv - ok
20:53:02.0848 5092 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:53:02.0865 5092 srv2 - ok
20:53:02.0929 5092 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:53:02.0933 5092 srvnet - ok
20:53:02.0986 5092 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:53:02.0997 5092 SSDPSRV - ok
20:53:03.0042 5092 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:53:03.0056 5092 SstpSvc - ok
20:53:03.0134 5092 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:53:03.0151 5092 stisvc - ok
20:53:03.0188 5092 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:53:03.0190 5092 swenum - ok
20:53:03.0274 5092 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:53:03.0281 5092 swprv - ok
20:53:03.0312 5092 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:53:03.0317 5092 Symc8xx - ok
20:53:03.0348 5092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:53:03.0351 5092 Sym_hi - ok
20:53:03.0377 5092 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:53:03.0382 5092 Sym_u3 - ok
20:53:03.0437 5092 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
20:53:03.0450 5092 SynTP - ok
20:53:03.0534 5092 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:53:03.0556 5092 SysMain - ok
20:53:03.0609 5092 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:53:03.0614 5092 TabletInputService - ok
20:53:03.0690 5092 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:53:03.0703 5092 TapiSrv - ok
20:53:03.0738 5092 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:53:03.0743 5092 TBS - ok
20:53:03.0857 5092 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:53:03.0899 5092 Tcpip - ok
20:53:03.0987 5092 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:53:04.0006 5092 Tcpip6 - ok
20:53:04.0109 5092 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:53:04.0112 5092 tcpipreg - ok
20:53:04.0156 5092 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:53:04.0158 5092 TDPIPE - ok
20:53:04.0194 5092 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:53:04.0197 5092 TDTCP - ok
20:53:04.0260 5092 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:53:04.0263 5092 tdx - ok
20:53:04.0326 5092 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:53:04.0328 5092 TermDD - ok
20:53:04.0401 5092 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:53:04.0415 5092 TermService - ok
20:53:04.0483 5092 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:53:04.0488 5092 Themes - ok
20:53:04.0542 5092 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:53:04.0545 5092 THREADORDER - ok
20:53:04.0588 5092 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:53:04.0605 5092 TrkWks - ok
20:53:04.0687 5092 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:53:04.0689 5092 TrustedInstaller - ok
20:53:04.0742 5092 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:53:04.0744 5092 tssecsrv - ok
20:53:04.0780 5092 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:53:04.0782 5092 tunmp - ok
20:53:04.0850 5092 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:53:04.0856 5092 tunnel - ok
20:53:04.0895 5092 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:53:04.0898 5092 uagp35 - ok
20:53:04.0936 5092 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:53:04.0950 5092 udfs - ok
20:53:05.0009 5092 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:53:05.0014 5092 UI0Detect - ok
20:53:05.0044 5092 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:53:05.0047 5092 uliagpkx - ok
20:53:05.0094 5092 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:53:05.0110 5092 uliahci - ok
20:53:05.0151 5092 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:53:05.0166 5092 UlSata - ok
20:53:05.0199 5092 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:53:05.0217 5092 ulsata2 - ok
20:53:05.0247 5092 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:53:05.0249 5092 umbus - ok
20:53:05.0288 5092 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:53:05.0297 5092 upnphost - ok
20:53:05.0365 5092 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:53:05.0372 5092 USBAAPL - ok
20:53:05.0425 5092 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:53:05.0429 5092 usbaudio - ok
20:53:05.0469 5092 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:53:05.0473 5092 usbccgp - ok
20:53:05.0514 5092 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:53:05.0517 5092 usbcir - ok
20:53:05.0586 5092 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:53:05.0590 5092 usbehci - ok
20:53:05.0629 5092 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:53:05.0642 5092 usbhub - ok
20:53:05.0677 5092 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:53:05.0680 5092 usbohci - ok
20:53:05.0727 5092 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:53:05.0730 5092 usbprint - ok
20:53:05.0771 5092 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:53:05.0777 5092 usbscan - ok
20:53:05.0844 5092 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:53:05.0851 5092 USBSTOR - ok
20:53:05.0877 5092 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:53:05.0879 5092 usbuhci - ok
20:53:05.0925 5092 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:53:05.0941 5092 usbvideo - ok
20:53:05.0988 5092 USB_RNDIS_XP (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
20:53:05.0993 5092 USB_RNDIS_XP - ok
20:53:06.0051 5092 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:53:06.0056 5092 UxSms - ok
20:53:06.0137 5092 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:53:06.0155 5092 vds - ok
20:53:06.0202 5092 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:53:06.0205 5092 vga - ok
20:53:06.0231 5092 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:53:06.0234 5092 VgaSave - ok
20:53:06.0265 5092 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:53:06.0268 5092 viaagp - ok
20:53:06.0300 5092 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:53:06.0307 5092 ViaC7 - ok
20:53:06.0337 5092 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:53:06.0339 5092 viaide - ok
20:53:06.0383 5092 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:53:06.0386 5092 volmgr - ok
20:53:06.0465 5092 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:53:06.0480 5092 volmgrx - ok
20:53:06.0550 5092 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:53:06.0564 5092 volsnap - ok
20:53:06.0605 5092 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:53:06.0620 5092 vsmraid - ok
20:53:06.0740 5092 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:53:06.0786 5092 VSS - ok
20:53:06.0909 5092 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:53:06.0918 5092 W32Time - ok
20:53:06.0985 5092 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:53:06.0988 5092 WacomPen - ok
20:53:07.0016 5092 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:53:07.0019 5092 Wanarp - ok
20:53:07.0036 5092 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:53:07.0038 5092 Wanarpv6 - ok
20:53:07.0101 5092 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:53:07.0110 5092 wcncsvc - ok
20:53:07.0158 5092 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:53:07.0162 5092 WcsPlugInService - ok
20:53:07.0202 5092 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:53:07.0204 5092 Wd - ok
20:53:07.0265 5092 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:53:07.0287 5092 Wdf01000 - ok
20:53:07.0325 5092 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:53:07.0331 5092 WdiServiceHost - ok
20:53:07.0351 5092 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:53:07.0356 5092 WdiSystemHost - ok
20:53:07.0430 5092 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:53:07.0451 5092 WebClient - ok
20:53:07.0519 5092 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:53:07.0524 5092 Wecsvc - ok
20:53:07.0557 5092 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:53:07.0562 5092 wercplsupport - ok
20:53:07.0623 5092 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:53:07.0630 5092 WerSvc - ok
20:53:07.0661 5092 WinHttpAutoProxySvc - ok
20:53:07.0735 5092 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:53:07.0740 5092 Winmgmt - ok
20:53:07.0927 5092 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:53:07.0999 5092 WinRM - ok
20:53:08.0113 5092 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:53:08.0135 5092 Wlansvc - ok
20:53:08.0215 5092 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:53:08.0216 5092 WmiAcpi - ok
20:53:08.0321 5092 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:53:08.0337 5092 wmiApSrv - ok
20:53:08.0525 5092 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:53:08.0554 5092 WMPNetworkSvc - ok
20:53:08.0600 5092 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:53:08.0606 5092 WPCSvc - ok
20:53:08.0671 5092 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:53:08.0679 5092 WPDBusEnum - ok
20:53:08.0776 5092 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:53:08.0779 5092 WpdUsb - ok
20:53:08.0998 5092 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:53:09.0026 5092 WPFFontCache_v0400 - ok
20:53:09.0079 5092 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:53:09.0081 5092 ws2ifsl - ok
20:53:09.0096 5092 WSearch - ok
20:53:09.0297 5092 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:53:09.0381 5092 wuauserv - ok
20:53:09.0523 5092 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:53:09.0541 5092 WUDFRd - ok
20:53:09.0596 5092 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:53:09.0602 5092 wudfsvc - ok
20:53:09.0689 5092 X6XSEx (ad9dee1257c7659083268f298890ce16) C:\Program Files\Free Ride Games\X6XSEx.Sys
20:53:09.0691 5092 X6XSEx - ok
20:53:09.0789 5092 MBR (0x1B8) (ef9cdc51b437d322d54016b68f003416) \Device\Harddisk0\DR0
20:53:14.0823 5092 \Device\Harddisk0\DR0 - ok
20:53:14.0834 5092 Boot (0x1200) (63f327a36223d433b39752a6beed9c0c) \Device\Harddisk0\DR0\Partition0
20:53:14.0836 5092 \Device\Harddisk0\DR0\Partition0 - ok
20:53:14.0883 5092 Boot (0x1200) (22accf51562c3da3b2f87f7963d0f906) \Device\Harddisk0\DR0\Partition1
20:53:14.0885 5092 \Device\Harddisk0\DR0\Partition1 - ok
20:53:14.0890 5092 ============================================================
20:53:14.0891 5092 Scan finished
20:53:14.0891 5092 ============================================================
20:53:14.0918 4176 Detected object count: 0
20:53:14.0918 4176 Actual detected object count: 0

 

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jerry [Admin rights]
Mode: Scan -- Date: 07/21/2012 05:34:26

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD16 00BEVT-22ZCT0 SCSI Disk Device +++++
--- User ---
[MBR] 3cc9fe40bde09045362c2c919a02afed
[BSP] 0f071cfbe77f754bc10c577fc5353435 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10244 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20981760 | Size: 71192 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166782976 | Size: 71189 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

ComboFix 12-07-21.01 - jerry 07/22/2012 7:31.3.1 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1969 [GMT -4:00]
Running from: c:\users\jerry\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB32993$
c:\windows\$NtUninstallKB32993$\2656313013\L\00000004.@
c:\windows\$NtUninstallKB32993$\2656313013\L\1afb2d56
c:\windows\$NtUninstallKB32993$\2656313013\L\201d3dde
c:\windows\$NtUninstallKB32993$\2656313013\L\ogejidap
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 11:46 . 2012-07-22 11:52 -------- d-----w- c:\users\jerry\AppData\Local\temp
2012-07-22 11:46 . 2012-07-22 11:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-22 11:46 . 2012-07-22 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 09:37 . 2012-07-19 09:37 -------- dc----w- C:\TDSSKiller_Quarantine
2012-07-12 08:43 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:24 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 07:24 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-11 07:43 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 07:43 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:43 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:43 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:43 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:43 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-24 15:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 15:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 15:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 15:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 15:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 15:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 15:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 15:28 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 15:28 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 09:39 . 2009-09-04 12:44 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-07-03 17:46 . 2010-12-26 16:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-15 10:10 . 2012-05-16 23:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 10:10 . 2011-05-16 08:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 14:03 . 2012-06-13 20:14 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 20:20 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 20:20 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 20:20 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Exetender "= "c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx "= "c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"PMBVolumeWatcher "= "c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-03-17 728120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender "= "c:\program files\Free Ride Games\GPlayer.exe" [2012-03-21 4862384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2012-03-21 23:02 4862384 ----a-w- c:\program files\Free Ride Games\GPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2009-07-20 22:09 356352 ----a-w- c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-23 03:05 846344 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 17:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 17:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotiveReportAgent]
2004-06-25 18:14 204800 ----a-w- c:\program files\Common Files\Motive\McciBootStrapper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 03:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2005-06-11 04:41 1277952 ----a-w- c:\program files\Support.com\BellSouth\hcenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-CPN Notifier - c:\program files\Colt Poker\PokerNotifier.exe
SafeBoot-17532800.sys
AddRemove-WT066361 - c:\program files\WildGames\Burger Island 2\Uninstall.exe
AddRemove-WT068116 - c:\program files\WildGames\Agatha Christie - Peril at End House\Uninstall.exe
AddRemove-WT068241 - c:\program files\WildGames\Babysitting Mania\Uninstall.exe
AddRemove-WT068509 - c:\program files\WildGames\Candace Kane's Candy Factory\Uninstall.exe
AddRemove-WT069039 - c:\program files\WildGames\Diner Dash\Uninstall.exe
AddRemove-WT069193 - c:\program files\WildGames\Beach Party Craze\Uninstall.exe
AddRemove-WT069221 - c:\program files\WildGames\Doggie Dash\Uninstall.exe
AddRemove-WT069761 - c:\program files\WildGames\Fitness Dash\Uninstall.exe
AddRemove-WT071131 - c:\program files\WildGames\Restaurant Rush\Uninstall.exe
AddRemove-WT071149 - c:\program files\WildGames\Roller Rush\Uninstall.exe
AddRemove-WT071409 - c:\program files\WildGames\SpongeBob Diner Dash\Uninstall.exe
AddRemove-WTA-ace97637-b56e-4aa5-9bf6-fd5ef4456a1f - c:\program files\WildGames\Ice Cream Craze Natural Hero\uninstall\uninstaller.exe
AddRemove-{71C2828F-2678-4675-BDEC-895424861262}_is1 - c:\program files\Acer GameZone\GameConsole\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 07:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
.
**************************************************************************
.
Completion time: 2012-07-22 08:05:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 12:05
ComboFix2.txt 2011-09-07 10:44
.
Pre-Run: 30,514,135,040 bytes free
Post-Run: 30,898,991,104 bytes free
.
- - End Of File - - 47CBE849B094018751192171F6C4CF79

 

running great

OTL logfile created on: 7/22/2012 1:59:30 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\jerry\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 43.99% Memory free
5.72 Gb Paging File | 3.85 Gb Available in Paging File | 67.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 28.48 Gb Free Space | 40.97% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 68.26 Gb Free Space | 98.18% Space Free | Partition Type: NTFS
Drive E: | 640.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JERRY-PC | User Name: jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 13:59:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\jerry\Downloads\OTL (1).exe
PRC - [2012/07/22 08:27:32 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
PRC - [2012/07/22 08:27:31 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/21 05:51:40 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/06/13 03:48:04 | 000,990,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgscanx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/21 19:02:24 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/03/16 21:39:58 | 000,476,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/03/16 21:34:50 | 000,728,120 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 22:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/28 14:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/11/28 14:56:02 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2007/12/06 20:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/22 09:00:28 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/22 09:00:28 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/22 08:27:34 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\SiteSafety.dll
MOD - [2012/07/22 08:27:31 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/15 04:16:59 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/15 04:16:53 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/15 04:14:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/15 04:14:05 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 03:46:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:38:03 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 03:37:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/03 22:16:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/03 22:16:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2010/03/18 13:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx
MOD - [2008/12/15 14:53:13 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3013.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008/12/15 14:53:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/12/15 14:53:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/12/15 14:53:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008/07/03 23:37:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/07/22 08:27:32 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe -- (vToolbarUpdater12.1.3)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/16 21:39:58 | 000,476,728 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/28 14:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 20:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/07/22 08:27:36 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/22 09:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X6XSEx.sys -- (X6XSEx)
DRV - [2009/04/11 00:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2009/01/26 18:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/10/01 14:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/06 22:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/07/28 03:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/10 06:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/05/03 11:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002A7US&apn_uid=29261208-1004-47CA-9C3F-F37F3F6A393C&apn_sauid=3471DD4D-425F-48F4-BF0F-5986A3B3D409
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60195
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{3952C606-56D2-4A99-A1F6-4CFFAB45756F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={853F32EB-E421-44B3-AE14-3D4495532402}&mid=2d550cef69b574666674f3904c4cca9d-926113d46e07c1a10a54c687293e356df434df7e&lang=en&ds=AVG&pr=fr&d=2012-07-22 08:27:39&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80227language
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4d147f3d&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/22 08:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.20\ [2012/07/22 08:27:57 | 000,000,000 | ---D | M]

[2011/09/13 17:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/06 22:39:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/13 17:36:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 10:38:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/21 09:21:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/04 18:04:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/25 13:45:18 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2011/03/18 13:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1777_0\plugins/avgnpss.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Homestead SiteBuilder Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1777_0\

O1 HOSTS File: ([2012/07/22 07:49:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab (WWHearts Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab (GameHouse Games Player)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Arctic%20Quest%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E6644C9-C18A-4664-A766-F3140C986261}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4936F3D3-BDF4-442B-B0A1-A396ACE2AEE6}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B57DE832-10A4-4AB6-A41E-080FD9154FD3}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/07/28 04:50:14 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 08:30:25 | 000,000,000 | ---D | C] -- C:\Users\jerry\AppData\Roaming\AVG2012
[2012/07/22 08:28:18 | 000,000,000 | ---D | C] -- C:\Users\jerry\AppData\Local\AVG Secure Search
[2012/07/22 08:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/22 08:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/22 08:27:36 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/22 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/22 08:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/22 08:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/22 08:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/22 08:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/22 08:05:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/22 07:59:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/22 07:46:00 | 000,000,000 | ---D | C] -- C:\Users\jerry\AppData\Local\temp
[2012/07/22 07:18:02 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\jerry\Desktop\ComboFix.exe
[2012/07/21 05:32:32 | 000,000,000 | ---D | C] -- C:\Users\jerry\Desktop\RK_Quarantine
[2012/07/19 05:37:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/16 22:11:26 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jerry\Desktop\TDSSKiller.exe
[2012/07/12 04:43:51 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/12 03:25:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/12 03:25:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/12 03:25:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/12 03:25:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/12 03:25:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/12 03:25:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/12 03:24:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 03:43:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/06/24 11:29:35 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/24 11:29:35 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/24 11:28:41 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/24 11:28:40 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/24 11:28:40 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/24 11:28:09 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/24 11:28:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files - Modified Within 30 Days ==========

[2012/07/22 12:57:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 12:57:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 12:32:56 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/22 12:32:56 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/22 08:57:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/07/22 08:57:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 08:45:12 | 064,314,805 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/22 08:28:02 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/22 08:27:36 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/22 07:49:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/22 07:18:32 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\jerry\Desktop\ComboFix.exe
[2012/07/21 19:36:03 | 000,003,024 | ---- | M] () -- C:\Windows\SA8.ini
[2012/07/21 19:36:03 | 000,000,421 | ---- | M] () -- C:\Windows\SA4_WKSP.INI
[2012/07/19 20:35:39 | 000,002,487 | ---- | M] () -- C:\Users\jerry\Desktop\startup.sa8
[2012/07/19 05:34:19 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jerry\Desktop\TDSSKiller.exe
[2012/07/18 20:17:13 | 000,000,045 | ---- | M] () -- C:\Windows\SA4_DRAW.INI
[2012/07/18 08:25:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 05:18:42 | 000,302,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/22 08:28:02 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/31 11:28:15 | 000,000,364 | ---- | C] () -- C:\Users\jerry\AppData\Roaming\wklnhst.dat
[2011/09/07 06:26:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/07 06:26:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/07 06:26:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/07 06:26:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/07 06:26:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/23 08:41:36 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/06/23 08:41:36 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/03/22 22:51:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/25 13:45:06 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2010/02/15 16:27:21 | 000,001,356 | ---- | C] () -- C:\Users\jerry\AppData\Local\d3d9caps.dat
[2009/07/29 11:51:28 | 000,003,762 | ---- | C] () -- C:\Users\jerry\profiles.xml
[2009/06/07 14:52:25 | 000,003,840 | ---- | C] () -- C:\Users\jerry\AppData\Local\slot1.mm1
[2009/02/03 23:44:41 | 000,008,192 | ---- | C] () -- C:\Users\jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Colt Poker:MID

< End of report >

 

on the first oOTL Extras logfile created on: 7/22/2012 1:59:30 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\jerry\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 43.99% Memory free
5.72 Gb Paging File | 3.85 Gb Available in Paging File | 67.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 28.48 Gb Free Space | 40.97% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 68.26 Gb Free Space | 98.18% Space Free | Partition Type: NTFS
Drive E: | 640.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JERRY-PC | User Name: jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4814A074-250B-4939-841A-F21DA1686020}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53E7263E-D344-4981-A869-F82F0C4C973D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5CDB42C5-47E0-41AB-AAD0-AE3738E8FF93}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CAAD079-BABB-4F28-98BB-BDA971C909D2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A9331CC-B047-4F0A-AF5B-6334590B7D85}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8DE0F027-40AB-485D-8C65-7109CE348FDE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8992978-94BC-406F-B0A6-F29BA29559C6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DF78E673-2712-4403-B50C-7D9B7036527C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{9691F4B8-0782-4344-B482-730A905437AE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{67AC5CBD-CE8C-4C33-B364-EB59C2A60557}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{071EA6A1-4189-3D9C-6B3F-0BE15495CE80}" = Catalyst Control Center Core Implementation
"{08137BF5-9879-EBDA-6462-79D3C6D113B2}" = Catalyst Control Center Localization Portuguese
"{09621381-D4B0-2D6A-AB14-E8CE4CD424D9}" = Catalyst Control Center Graphics Previews Vista
"{09D3675D-E1BB-1B3D-3F35-0338F7AAB0FD}" = Catalyst Control Center Localization Czech
"{0AD63C23-3DE8-82FF-4DF2-BDD0784F3348}" = Diamond Detective
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DE63D16-8A5E-74AB-1A5F-6E1834234229}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{254C0471-5FDF-D591-1219-112ABECED882}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{285432CE-2033-7317-27FC-DFB027E24F33}" = Catalyst Control Center Localization French
"{29E1DB75-A926-D7A5-6773-E24477526D49}" = CCC Help Chinese Traditional
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2B82EEF1-A86E-CE6A-E7E6-ED114131E383}" = Catalyst Control Center Graphics Full New
"{2F3FC1A5-37B4-7685-7295-37FD1B3FE806}" = CCC Help Danish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32EBA2B9-23F8-82A8-E229-0F283EE902B0}" = CCC Help Portuguese
"{3A2536D9-53FF-CD79-F46C-9E3902D2EEBA}" = CCC Help English
"{3A6CE5E6-7416-37A1-1DA2-2BCB0A9CF444}" = Catalyst Control Center Localization Japanese
"{3A7D9B34-E8A9-A352-20C1-0607B1D5F8B6}" = Catalyst Control Center Localization Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9544A3-63B0-E523-D212-5C010368E492}" = Catalyst Control Center Localization Spanish
"{41802C9A-1BF6-9A4E-D903-C6587560D758}" = Catalyst Control Center Localization Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5339885F-4597-4343-BD3B-74280CC79424}" = ArcSoft VideoImpression 2
"{58D9BD9C-C96F-F308-5D72-371A9D3CC939}" = CCC Help Dutch
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6165BE73-8AC5-A2B6-8910-963387FE5B9B}" = Catalyst Control Center Localization Russian
"{6190B8CA-366D-A8E1-9976-7EE50B7DC39E}" = Aloha Solitaire
"{67A8747E-0517-75EF-244F-9E219C440107}" = ATI Catalyst Install Manager
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A25BA91-82D1-0841-FC65-57CE27540922}" = Catalyst Control Center Localization Danish
"{6A41CE62-8379-2A4D-E690-AA5D4DA8A279}" = ccc-core-static
"{6BB99DE2-D79C-B223-8D4F-E3D80A478D0F}" = CCC Help Polish
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E52D2FB-5FB5-334E-86F9-4316EEDC2926}" = ccc-utility
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BBB36F-D323-0746-4F92-083E4C5EAC52}" = CCC Help Czech
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DDF474C-2AF9-4A3B-57E0-FBF31ED2C913}" = Catalyst Control Center Localization Polish
"{7E992D2F-5D9F-0A2A-302E-E4AC8FB79F47}" = Catalyst Control Center Graphics Full Existing
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{822B325F-9CDD-4E78-87A2-35E6F0DDEEA2}" = HP Deskjet 1000 J110 series Product Improvement Study
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{84DB8DAE-531B-FDA4-E683-8C82F0F81F26}" = Catalyst Control Center Localization Turkish
"{865A7423-1322-E68E-4604-BEB0EEBFB624}" = Catalyst Control Center Localization Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9B35344F-7FA4-B6BA-E64B-930A5BDB9585}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FFC6670-6711-387B-3566-7D0DA1808531}" = CCC Help Swedish
"{A8176277-4272-EA16-CDAE-1E37C62E14B2}" = CCC Help Italian
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9E38025-D8D8-FB5E-0DDB-12691243EF1F}" = CCC Help Norwegian
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFE52E73-FADF-7AEC-9F2E-9C490C77AB61}" = Catalyst Control Center Localization German
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B16469A5-D2FA-A0C8-D371-2F4C8D5707D4}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B463846D-85B8-5B31-59BD-AA68307ECC69}" = CCC Help Spanish
"{B483D67F-8223-F1C5-1CBD-59B13676019E}" = CCC Help Greek
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7BA5747-159E-B1E7-B73D-E3B7575D783A}" = CCC Help Thai
"{BC4FBC02-B2B7-ACCA-C983-FFF31FC3C1C9}" = CCC Help Japanese
"{C08B098D-E9A6-649F-120D-9263C0527C2E}" = Catalyst Control Center Localization Swedish
"{C22EDAB3-B9C3-3189-6FE5-8DC4CFADED81}" = CCC Help Hungarian
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4FA4F86-63E8-9CD5-8CD3-25E4AC0E8861}" = Catalyst Control Center Localization Finnish
"{C63225DD-4956-D968-E563-30371AA23FD8}" = Skins
"{C7D5F833-4603-B3A3-4DB7-178022D73CC6}" = Catalyst Control Center Localization Dutch
"{CC4AD2ED-C8C8-6548-BAB0-59058B3FA658}" = Catalyst Control Center Localization Greek
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D04DA284-0680-277B-832E-B795D9302F8D}" = CCC Help Turkish
"{D5B90069-DC5F-E482-D86A-B0CBBBD0E50E}" = CCC Help Russian
"{D9029DA7-CFA1-AC76-018D-AE0E596374D5}" = Cradle of Persia
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DF7A3C71-08FD-9154-BF1C-81BC491F4C2C}" = CCC Help French
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA78289C-35D1-10D4-CA0D-7C653B2E212A}" = Catalyst Control Center Localization Hungarian
"{EAE06CC6-8838-CA77-347C-BD3E9DEC6C93}" = Catalyst Control Center Localization Italian
"{EB18E9CE-A633-1192-BDF6-4EA15DA97785}" = Catalyst Control Center Graphics Light
"{ECA47E2A-51B0-2F2F-67D3-A2A0639092B1}" = Catalyst Control Center Localization Korean
"{ED5085E1-BA8E-1464-2E3D-400086526EDE}" = Catalyst Control Center Localization Thai
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}" = HP Deskjet 1000 J110 series Basic Device Software
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFA58E6D-8053-18D7-C9BB-C76312C1E12C}" = CCC Help Korean
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATT-PRT22" = ATT-PRT22
"AVG" = AVG 2012
"BellSouth" = BellSouth FastAccess DSL Help Center
"Canon MP280 series User Registration" = Canon MP280 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Colt Poker" = Colt Poker
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"exent_417950" = Arctic Quest
"exent_445950" = Puzzle Express
"exent_446350" = Ocean Express
"exent_466550" = The Treasures of Montezuma
"exent_575750" = Ancient Mosaic
"exent_610150" = World Mosaics
"exent_623250" = PJ Pride Pet Detective Destination Europe
"exent_636050" = Mystic Emporium
"exent_687750" = Magic Encyclopedia: Illusions
"exent_690850" = Mystic Gallery
"exent_706250" = Roads of Rome
"exent_708650" = Unlikely Suspects
"exent_723650" = Jewel Quest Mysteries - The Seventh Gate
"exent_739350" = Hotel Dash 2- Lost Luxuries
"HP Photo Creations" = HP Photo Creations
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Intuit SiteBuilder" = Intuit SiteBuilder
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Micro Innovations Optical Scroll Mouse" = Micro Innovations Optical Scroll Mouse
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Street Atlas USA 8.0" = Street Atlas USA 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-bff3a26e-07c4-4582-8ceb-824e7792c55e" = Inspector Magnusson - Murder on the Titanic
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ZEN Entertainment" = ZEN Entertainment

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2011 4:26:54 AM | Computer Name = jerry-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, time stamp 0x4df127ab,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception
code 0xc0000005, fault offset 0x00015703, process id 0x81c, application start time
0x01cc9f81bfcd698a.

Error - 11/10/2011 3:15:55 PM | Computer Name = jerry-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2011 3:21:09 PM | Computer Name = jerry-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.6.1, time stamp 0x4df127ab,
faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception
code 0xc0000005, fault offset 0x00015703, process id 0xf1c, application start time
0x01cc9fdd301ce350.

Error - 11/15/2011 10:04:29 PM | Computer Name = jerry-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module Flash11c.ocx, version 11.0.1.152, time stamp 0x4e7d1782,
exception code 0xc0000005, fault offset 0x0011ab34, process id 0xfdc, application
start time 0x01cca3b5cb876d40.

Error - 11/18/2011 10:07:53 AM | Computer Name = jerry-PC | Source = Application Hang | ID = 1002
Description = The program Ribbons.scr version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14a0 Start Time: 01cca5fb4fb77820 Termination Time: 11071

Error - 11/18/2011 11:20:57 PM | Computer Name = jerry-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/21/2011 2:32:36 PM | Computer Name = jerry-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00065f4f, process id 0x17f8, application
start time 0x01cca8457f84d010.

Error - 11/26/2011 10:01:20 PM | Computer Name = jerry-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/30/2011 3:09:54 AM | Computer Name = jerry-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 178c Start Time: 01ccaeeef18ee8d0 Termination Time: 297

Error - 11/30/2011 6:43:47 AM | Computer Name = jerry-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/30/2011 6:45:52 AM | Computer Name = jerry-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 2/1/2009 7:36:19 AM | Computer Name = jerry-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =


< End of report >
tc scan here is the second (extra) scan results. i will wait for your reply to do your last recomdation in case you make a change