Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Posts Closed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Posts Closed

Unread postby Robinski123 » December 16th, 2011, 1:10 am

Dakeyras and Administrators: I have removed ALL Offending programs.....and any related files....I did not real the forum rules...my mistake
am I allowed to get help with my infection. here is the latest ckfiles.txt file.......I hope that we can work together now.
ps...theses are all related to LEGAL Cakewalk and are all audio related.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\cakewalk\plug-ins\plug-in settings\x-crackle settings.xps
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack5.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack6.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack7.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack4.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack1.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack2.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack3.flac
c:\program files (x86)\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack4.flac
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\waves\plug-ins\xcrackle.dll
c:\program files (x86)\waves\plug-ins\documents\xcrackle.pdf
c:\program files (x86)\waves\plug-ins\plug-in settings\x-crackle settings.xps
c:\users\robin\appdata\local\virtualstore\program files (x86)\cakewalk\plug-ins\plug-in settings\x-crackle settings.xps
c:\users\robin\appdata\local\virtualstore\program files (x86)\waves\plug-ins\plug-in settings\x-crackle settings.xps
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\battery\groove monkee free midi\twisted\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\battery\groove monkee free midi\twisted\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\dfh\twisted samples dfh\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\dfh\twisted samples dfh\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\fl studio freepak\groove monkee fpc midi samples\twisted samples fpc\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\fl studio freepak\groove monkee fpc midi samples\twisted samples fpc\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\multi-track\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\multi-track\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track type 0\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\gm mapped\twisted\single track type 0\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\groove agent\twisted samples ga\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\groove agent\twisted samples ga\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\imap\twisted samples imap\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\imap\twisted samples imap\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\larry seyers\twisted samples ls ext\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\larry seyers\twisted samples ls ext\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\live sd\twisted samples live sd\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\live sd\twisted samples live sd\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\drum kits refill\twisted samples samples dkr\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\drum kits refill\twisted samples samples dkr\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\nnxt kits\twisted samples nnxt\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\reason\nnxt kits\twisted samples nnxt\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\session drummer\twisted samples session drummer\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\session drummer\twisted samples session drummer\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\steven slate drums\twisted samples ssd\rnb\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\steven slate drums\twisted samples ssd\rnb\110 cracky 01.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\superior\twisted samples superior\02@rnb grooves\110 cracky 01 f3.mid
c:\users\robin\drum stuff\groove monkee-samples-pc\other midi mappings\superior\twisted samples superior\02@rnb grooves\110 cracky 01.mid
scanner sequence 3.ZZ.11.MBABAU
----- EOF -----
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm
Advertisement
Register to Remove

Re: Posts Closed

Unread postby Dakeyras » December 19th, 2011, 6:10 am

Hi. :)

OK fair play I am prepared to assist you further...

Re-scan with OTL:

Please delete your current version of OTL and all logs if present, then download a new copy of OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Comp Info

Unread postby Robinski123 » December 19th, 2011, 2:39 pm

Hello Dakeyras!!.....I am grateful for your assistance again, sorry for previous issues...problems are basically the same Reposted:, here are my answers as requested: My HP seems to be running OK but I still have the following known issues,
Updates will run and install...but the same update immedietly shows up again, (I have it set to inform me of updates, not Automatic download)
"turn windows features on or off" is still blank, there are many services issues.I forgot specifics but some will not start...relating to updates and others.
when I run "Generate system health report"....the report "looks" different than before.has a diff name...and shows many services issues.
Some of my admin tool don't work right......when I run performance monitor i get a list of errors "Unable to add these counters" 3 Processor Information, 2 Physical Disk and 1
network interface.....in event viewer there is a "Subcriptions" error....."The windows event collector service must be running and configured"
basically i think that many system drivers etc are missing or corrupted???....everything seems fine otherwise....but infection caused many problems.
I do have my win 7 disc, however I bought my HP with vista 64 installed and got a HP win 7 upgrade disc a few months later and custom installed it....I was prompted (During Installation) to make a backup of my vista first, so I did and made 3 DVDs....Many Thanks!!!!!!
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

OTL Log

Unread postby Robinski123 » December 19th, 2011, 2:40 pm

OTL logfile created on: 12/19/11 12:22:39 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

8.00 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.35% Memory free
10.00 Gb Paging File | 8.16 Gb Available in Paging File | 81.67% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 241.63 Gb Free Space | 41.44% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robin\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe (Ant.com)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L6UX1) -- C:\Windows\SysNative\drivers\L6UX164.sys (Line 6)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L6TPortGX) -- C:\Windows\SysNative\drivers\L6TPortGX64.sys (Line 6)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (L6PODX3) -- C:\Windows\SysNative\drivers\L6PODX364.sys (Line 6)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NVR0FLASHDev) -- C:\Windows\nvflsh64.sys (NVIDIA Corp.)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Startpage (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: cybersearch@cybernetnews.com:2.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: {8FFE139B-90A7-4460-A972-9D2738997F6D}:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: zigboom.designs@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.6.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/28 15:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/16 20:35:34 | 000,000,000 | ---D | M]

[2010/07/15 23:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Extensions
[2011/12/17 23:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\anttoolbar@ant.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\cybersearch@cybernetnews.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\foxdie_ext_ocelot@foxdie.us
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\googletube@googletube.com
[2011/12/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\staged
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2011/11/11 16:36:31 | 000,002,325 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage-ssl.xml
[2011/12/17 23:34:46 | 000,005,457 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage.xml
[2011/12/14 11:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/28 15:50:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/20 20:52:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/09 02:46:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/09 02:46:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 02:46:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/09 02:46:17 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/09 02:46:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/18 04:37:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1003..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64.exe - Shortcut.lnk = C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O8 - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 12:20:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.scr
[2011/12/18 22:30:12 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Robin\Desktop\aswMBR.exe
[2011/12/18 14:39:33 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\RK-Reports
[2011/12/18 12:38:02 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\dds.pif
[2011/12/18 12:37:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\dds.scr
[2011/12/18 06:17:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/18 04:42:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/18 04:06:16 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\RK_Quarantine
[2011/12/17 22:45:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Student Loan-Info
[2011/12/17 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{C5BCC622-9AA3-40AB-A625-1DA1BB0FF156}
[2011/12/17 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{FA612BA2-9B45-43EC-8491-CE323E1A936A}
[2011/12/12 02:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/12/12 02:27:38 | 000,000,000 | ---D | C] -- C:\WinDDK
[2011/12/12 01:39:29 | 004,425,880 | ---- | C] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\ElevatedDiagnostics
[2011/12/12 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/12/12 00:16:23 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/12/12 00:16:22 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/12/12 00:16:22 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/12/12 00:16:22 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/12/12 00:16:22 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/12/12 00:12:54 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
[2011/12/12 00:12:54 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011/12/12 00:12:54 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011/12/12 00:12:49 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/12/12 00:12:49 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/12/12 00:12:49 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/12/12 00:12:49 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/12/12 00:12:48 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/12/12 00:12:48 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/12/12 00:12:48 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/12/12 00:12:48 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/12/12 00:12:48 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/12/12 00:12:48 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/12/12 00:12:48 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/12/12 00:12:48 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/12/12 00:12:48 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/12/12 00:12:48 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/12/12 00:12:48 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/12/12 00:12:48 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/12/12 00:12:48 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/12/12 00:12:48 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/12/12 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\NVIDIA Corporation
[2011/12/11 23:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/12/11 22:35:38 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/12/11 22:35:38 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/12/11 16:34:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{745527A5-28F0-4E35-8F12-7A441032FA8C}
[2011/12/11 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{11692236-B597-432A-B574-148B1F106410}
[2011/12/11 03:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/12/11 03:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/09 05:22:02 | 000,000,000 | ---D | C] -- C:\41f7dcba618342895cab
[2011/12/08 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/12/08 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/12/08 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
[2011/12/07 22:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/12/07 22:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/07 22:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/07 22:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/07 22:20:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 22:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/07 21:24:36 | 004,342,882 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/07 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/07 03:33:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/07 03:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/06 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/04 10:13:09 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
[2011/12/04 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
[2011/12/01 13:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn825699552
[2011/11/30 17:41:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-CRA-Info+Forms
[2011/11/29 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\$60 COST EACH
[2011/11/29 23:08:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\10 Bags=$490+$55=$544+$31=$576
[2011/11/28 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-IE-Help and Info
[2011/11/28 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Robin\CyberLink
[2011/11/28 17:12:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\zoominto
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\zoomintoIE
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoominto IePlugin
[2011/11/28 16:17:56 | 000,000,000 | R--D | C] -- C:\Users\Robin\pentadactyl
[2011/11/28 13:48:30 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\S7H0W4
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\selling5699552stuff
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn82@gmail.com
[2011/11/25 19:59:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
[2011/11/25 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
[2011/11/24 19:16:46 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Saskatoon Country Western Music Association
[2011/11/22 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
[2011/11/22 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
[2011/11/20 00:11:01 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Metis-Info
[2011/11/19 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Banking-Credit Card & Credit-Info
[2010/01/30 21:06:32 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2009/10/11 19:26:40 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
[2009/10/11 19:26:35 | 000,442,368 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-DX 5.7.dll
[2009/10/11 19:26:24 | 000,417,792 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.2.dll
[2009/10/11 19:26:19 | 000,098,304 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.0.dll
[2009/10/11 19:26:14 | 000,557,056 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.7.dll
[2009/10/11 19:26:09 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.5.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 12:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.scr
[2011/12/19 12:11:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
[2011/12/19 12:06:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/19 11:44:37 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 11:44:37 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 11:37:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 22:30:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Robin\Desktop\aswMBR.exe
[2011/12/18 20:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
[2011/12/18 12:38:02 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\dds.pif
[2011/12/18 12:37:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\dds.scr
[2011/12/18 04:37:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/18 04:22:03 | 004,342,882 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/18 04:08:15 | 000,771,072 | ---- | M] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/18 04:02:57 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2011/12/17 14:29:33 | 000,201,728 | ---- | M] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 22:15:22 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2011/12/15 22:15:22 | 000,007,859 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2011/12/15 22:15:22 | 000,001,167 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2011/12/14 08:04:02 | 000,458,240 | ---- | M] () -- C:\Users\Robin\Desktop\CKScanner.exe
[2011/12/13 01:30:02 | 000,001,854 | ---- | M] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 17:25:08 | 005,075,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 12:47:12 | 000,000,850 | ---- | M] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | M] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\cd
[2011/12/12 01:39:32 | 004,425,880 | ---- | M] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 00:12:15 | 000,001,996 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/12/11 20:41:06 | 000,007,616 | ---- | M] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/11 03:48:40 | 000,001,598 | ---- | M] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:24:56 | 000,000,065 | ---- | M] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:25 | 000,000,194 | ---- | M] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/08 23:11:02 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/07 15:02:56 | 000,684,297 | ---- | M] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/06 16:29:32 | 000,896,046 | ---- | M] () -- C:\Users\Robin\Desktop\001-Shaw Digital Phone - Quick Reference Guide [May2010].pdf
[2011/12/02 21:48:02 | 014,857,716 | ---- | M] () -- C:\Users\Robin\Desktop\Fox_On_The_Run_-Sweet.mp4
[2011/12/01 14:01:09 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/11/29 10:53:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/28 15:51:53 | 000,001,905 | ---- | M] () -- C:\Users\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 09:44:49 | 000,000,000 | ---- | M] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | M] () -- C:\Users\Robin\.recently-used.xbel
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/18 04:07:58 | 000,771,072 | ---- | C] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/18 04:02:57 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2011/12/16 21:49:28 | 000,896,046 | ---- | C] () -- C:\Users\Robin\Desktop\001-Shaw Digital Phone - Quick Reference Guide [May2010].pdf
[2011/12/16 20:35:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/14 08:04:02 | 000,458,240 | ---- | C] () -- C:\Users\Robin\Desktop\CKScanner.exe
[2011/12/12 12:47:12 | 000,000,850 | ---- | C] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 12:46:23 | 000,001,854 | ---- | C] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | C] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\cd
[2011/12/11 03:48:40 | 000,001,598 | ---- | C] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:32:32 | 000,007,616 | ---- | C] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/10 23:24:56 | 000,000,065 | ---- | C] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:23 | 000,000,194 | ---- | C] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/10 16:28:53 | 000,684,297 | ---- | C] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/10 16:28:33 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\iExplore.exe
[2011/12/10 16:28:22 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\rkill.exe
[2011/12/08 23:10:41 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/07 23:19:03 | 000,014,726 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Shortcut Icons.JPG
[2011/12/07 23:19:03 | 000,009,804 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Apps Currently Running-NOT MANY.JPG
[2011/12/07 22:32:11 | 000,006,416 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:32:11 | 000,006,416 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:20:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/07 22:20:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/07 22:20:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/07 22:20:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/07 22:20:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/02 21:47:11 | 014,857,716 | ---- | C] () -- C:\Users\Robin\Desktop\Fox_On_The_Run_-Sweet.mp4
[2011/11/28 09:44:49 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | C] () -- C:\Users\Robin\.recently-used.xbel
[2011/11/18 02:42:14 | 000,001,456 | ---- | C] () -- C:\Users\Robin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/09 17:27:11 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/09 17:27:11 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/09 17:27:10 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/09 17:27:10 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/09 17:27:10 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/09/30 15:59:21 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/09/22 15:36:20 | 000,001,996 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/01/28 20:44:36 | 000,000,377 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/01/27 17:12:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/11 00:28:11 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2010/12/19 22:41:44 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/23 21:04:44 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\prvlcl.dat
[2010/09/13 19:43:27 | 000,023,127 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/09/02 01:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2010/09/02 01:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/07/16 16:19:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\19C2AC9A03.sys
[2010/07/16 16:19:52 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 16:40:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/14 22:21:12 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/06/14 22:21:12 | 000,002,145 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/04/29 09:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/15 14:54:46 | 000,023,336 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/04 23:31:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/02/04 23:28:03 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010/01/30 21:06:32 | 000,007,859 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2010/01/30 21:06:32 | 000,001,167 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2010/01/27 20:01:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/01/27 15:51:20 | 000,201,728 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 15:24:30 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/12/15 15:24:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/10/16 12:27:30 | 000,000,486 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\wklnhst.dat
[2009/10/10 22:38:21 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2009/10/08 22:41:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/03 15:39:02 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/03/03 15:39:02 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/04/18 23:07:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2005/02/03 01:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[1980/01/01 01:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\bootstat.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CF778051

< End of report >
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Extras Log

Unread postby Robinski123 » December 19th, 2011, 2:41 pm

OTL Extras logfile created on: 12/19/11 12:22:39 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

8.00 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.35% Memory free
10.00 Gb Paging File | 8.16 Gb Available in Paging File | 81.67% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 241.63 Gb Free Space | 41.44% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.4.0
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Sandboxie" = Sandboxie 3.46 (64-bit)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}" = Blue Cat's Stereo Flanger VST 2.4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner Pro v1.8.0.225
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.11
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{363AA0EF-7672-42C2-AA43-237E1DBFB827}_is1" = Moyea FLV Editor Pro Version: 3.1.13.0
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE03D46-ACE6-467E-9B15-1CB1ACAF69CD}" = Blue Cat's Flanger VST 2.4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{43DD482E-0A99-43F6-AC8F-E00C7156BAAB}" = Blue Cat's Phaser VST 2.4
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C4D25EB-6513-4702-8355-F4194DE2E1D9}" = Waves 4.0
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{5620D5AF-A931-4ce5-B533-F70861266BC4}" = Blue Cat's Freeware Pack VST 1.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711B5A2A-73A0-4AFF-BC47-8B84E80FEA00}" = Blue Cat's Gain Suite VST 2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{74EA8572-283C-45DA-97E7-2EA75B95D893}" = Blue Cat's Triple EQ VST 3.3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A687852A-B864-408F-96B7-439A46B2E64B}" = Blue Cat's Chorus - VST
"{A71F3F58-30B3-4A65-A653-71784E4C2F51}" = Blue Cat's FreqAnalyst VST 1.3
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8CFEA15-A660-4742-9AAB-BC659C491046}" = ZoomInto
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 (Advanced) Free
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D93399F6-C902-47E8-B2A4-9C38ACAC03B5}" = EZplayer
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E699454B-70AE-4483-A6ED-8C9AC9E23446}" = Blue Cat's Stereo Chorus VST 3.4
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED3BFB52-21FA-406F-A1F1-E915169E9C03}" = Ant.com IE add-on
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F07F0BCD-5C6D-4499-9F05-6ED747078A72}" = Windows Support Tools
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F181EED0-8A75-4615-8351-AB9CC018BA39}" = Windows7SBS
"{F18FB90C-2DC4-4CFF-908F-2FB7DEEF26E0}" = Musical Scales
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F571A2CC-57D3-4AB6-9FD5-5AF14775E516}" = Ant.com IE add-on
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.94
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Addictive Drums" = Addictive Drums
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"alotToolbar" = ALOT Toolbar
"Ant.com IE add-on" = Ant.com IE add-on
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 1.2.6
"AudioCreator_is1" = Audio Creator LE 1.5
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BBE D82 Sonic Maximizer VST RTAS_is1" = BBE D82 Sonic Maximizer VST RTAS v2.0
"Belarc Advisor" = Belarc Advisor 8.1
"Blu-ray to DVD_is1" = Blu-ray to DVD 1.2.0.14
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Brainworx BX Digital VST_is1" = Brainworx BX Digital VST v1.09
"Cakewalk Dimension Pro_is1" = Dimension Pro
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeStuff Starter" = CodeStuff Starter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DelinvFile_is1" = DelinvFile - 4.03
"DreamStation DXi2" = DreamStation DXi2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Game Booster_is1" = Game Booster
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Photo Creations" = HP Photo Creations
"ImgBurn" = ImgBurn
"Indeo® software" = Indeo® software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Line 6 Uninstaller" = Line 6 Uninstaller
"LookInMyPC" = LookInMyPC
"LUXONIX_LFX-1310" = LUXONIX LFX-1310
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MKVtoolnix" = MKVtoolnix 2.2.0
"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Precision" = EVGA Precision 2.1.1
"Recover Keys_is1" = Recover Keys
"ReValver Mk III_is1" = ReValver Mk III
"Revo Uninstaller" = Revo Uninstaller 1.93
"Roger Nichols Digital FREQUAL-IZER VST RTAS_is1" = Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2
"SONAR85Producer_is1" = SONAR 8.5 Producer
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"SONARHome7_is1" = SONAR Home Studio 7
"Sonitus:fx Plugin Suite" = Sonitus:fx Plugin Suite
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"sp41099" = sp41099
"SpeedFan" = SpeedFan (remove only)
"Ultra DVD Creator_is1" = Ultra DVD Creator 2.7.0827
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 1.0.5
"VSO Burning SDK_is1" = VSO Burning SDK 4.0.10.472
"VST Bridge_is1" = VST Bridge 1.1
"Waves Mercury Bundle" = Waves Mercury Bundle
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.3.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/11 2:04:33 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/18/11 2:05:14 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/18/11 2:05:14 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/19/11 1:16:57 AM | Computer Name = Robin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.8.986, time stamp:
0x4e560224 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0002e3fb Faulting process id:
0x1914 Faulting application start time: 0x01ccbe09f2d312a0 Faulting application path:
C:\Users\Robin\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: ab648df0-2a00-11e1-9d6f-002354f13228

Error - 12/19/11 1:36:14 AM | Computer Name = Robin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.8.986, time stamp:
0x4e560224 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0002e3fb Faulting process id:
0x810 Faulting application start time: 0x01ccbe0d9d20f990 Faulting application path:
C:\Users\Robin\Desktop\aswMBR.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 5d5a8f30-2a03-11e1-9d6f-002354f13228

Error - 12/19/11 1:38:09 PM | Computer Name = Robin-HP | Source = Application Error | ID = 1000
Description = Faulting application name: nvcplui.exe, version: 3.9.731.0, time stamp:
0x4e991f88 Faulting module name: NVCPL.DLL_unloaded, version: 0.0.0.0, time stamp:
0x4e992483 Exception code: 0xc0000005 Fault offset: 0x000000006d1de870 Faulting process
id: 0x198 Faulting application start time: 0x01ccbe74f7671ee0 Faulting application
path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting
module path: NVCPL.DLL Report Id: 36f21e20-2a68-11e1-95f1-002354f13228

Error - 12/19/11 1:39:30 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 12/19/11 1:39:30 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 12/19/11 1:41:36 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/19/11 1:41:36 PM | Computer Name = Robin-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

[ Media Center Events ]
Error - 5/04/10 12:15:11 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 PM - Error connecting to the internet. 10:15:06 PM - Unable
to contact server..

Error - 5/04/10 1:41:38 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:41:38 PM - Error connecting to the internet. 11:41:38 PM - Unable
to contact server..

Error - 5/04/10 1:41:45 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:41:43 PM - Error connecting to the internet. 11:41:43 PM - Unable
to contact server..

Error - 5/04/10 3:29:12 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:29:11 AM - Error connecting to the internet. 1:29:11 AM - Unable
to contact server..

Error - 5/04/10 3:29:18 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:29:17 AM - Error connecting to the internet. 1:29:17 AM - Unable
to contact server..

Error - 5/08/10 1:07:21 PM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 11:07:06 AM - Error connecting to the internet. 11:07:07 AM - Unable
to contact server..

Error - 5/09/10 2:01:24 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 12:01:24 AM - Error connecting to the internet. 12:01:24 AM - Unable
to contact server..

Error - 5/09/10 2:01:35 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 12:01:29 AM - Error connecting to the internet. 12:01:29 AM - Unable
to contact server..

Error - 5/09/10 3:01:40 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:01:40 AM - Error connecting to the internet. 1:01:40 AM - Unable
to contact server..

Error - 5/09/10 3:01:47 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0
Description = 1:01:46 AM - Error connecting to the internet. 1:01:46 AM - Unable
to contact server..


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Dakeyras » December 20th, 2011, 7:22 am

Hi. :)

Thanks for the update, we have a fair few preliminary steps to carry first as follows. Just take your time. Any problems encountered stop what you are doing and inform myself straight away, thank you.

Add the Run... box for Windows 7:

We will be using this shortly, plus it will be used again when I give the all clear so ComboFix can be uninstalled correctly.

  • Click on Start(Windows 7 Orb) >> right click on a empty space on the Start Menu and select Properties.
  • Now click on the Start Menu >> then on Customize....
  • Scroll down and select the Run Command box >> OK >> Apply >> OK.

Disable Sandboxie:

This is so it will not hinder the malware removal process, you may re-enable this service when I give the all clear.(I can provide intructions how to if unsure etc)

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start(Windows 7 Orb) >> Run... type in notepad and select OK
Code: Select all
@Echo Off
SC Stop SbieSvc
SC Config SbieSvc start= disabled
Shutdown -R -T 1
Del %0
  • Go to File >> Save As
  • Save File name as "Disable.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similiar to this: Image

Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

Note: your machine should automatically reboot after running the above batch file. If it does not, reboot your machine manually.

Next:

Please go to StartWindows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

ALOT Toolbar

To do so, click once on the above to highlight then click on Uninstall/Change and follow the prompts.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next:

Please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-
Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=58649
Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Windows\SysNative\1323580246.lock

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Next:

Post back in this topic when all of the above is completed please.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

New Instructions-Reply 1

Unread postby Robinski123 » December 20th, 2011, 8:55 pm

Hello again Dakeyras!!...First I don't want to sound like a "smart a**" but I can use Run by selecting "Win+R" and i don't need
run to open a .txt file...I just right-clicked on desktop and created one....anyways..I followed Instructions...ran .bat..win
restarted....sandboxie is still in notification bit has a ! on it...should I just uninstall it??....now for your other your requests:..I do
not think I have ALOT installed...Can't find it...went online...got info..to check: %ProgramFiles%\alot....not there......and also:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5AA2BA46-9913-4dc7-
9620-69AB0FA17AE7}<< no reg key exists....just HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Explorer\SharedTaskScheduler and I checked both ie & firefox...neither had the ALOT add-on.....plus: I do not have this folder:
C:\Windows\SysNative\1323580246.lock...in fact there is NO C:\Windows\SysNative\ folder. Registry is backed up.
Thanks for your assistance...Over!
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Dakeyras » December 20th, 2011, 9:30 pm

Hi. :)

No I do not think you are being a smart alec to word it differently. ;) :lol:

OK levity aside, do please uninstall Sandboxie(you can reinstall when I give the all clear). Thanks for the concise update also...what you mentioned not a problem at this time I will further add.

For now I would like a new OTL log to review after uninstalling Sandboxie and we can go from there, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

OTL Log and Puzzled!!!

Unread postby Robinski123 » December 20th, 2011, 10:50 pm

Hello Dakeyras....WOW fast reply!!!......Before I post recent OTL Log...I gave it a quick look over and found this in .txt:
C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:25 | 000,000,194 | ---- | M] () -- C:\Windows\SysNative\1323580223.lock
I am puzzled, because when I go to C:\Windows, this ^^^^ ..Folder is not there???...I have comp set to see ALL Folders &
Files..(& extentions)....there are: C:\Windows\Speech and then: C:\Windows\system...and nothing in between???? am I
looking in the wrong place???....Well, though I don't like it....I believe that if you are even just asking about said folder, that
alone insinuates to me that the folder & contents are Infection related....eek!!!....will follow Step by Step Instructions....
OTL to follow..........
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

OTL Log........

Unread postby Robinski123 » December 20th, 2011, 10:55 pm

OTL logfile created on: 12/20/11 7:58:54 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

7.75 Gb Total Physical Memory | 6.15 Gb Available Physical Memory | 79.35% Memory free
9.75 Gb Paging File | 8.08 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.02 Gb Total Space | 241.60 Gb Free Space | 41.44% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS

Computer Name: ROBIN-HP | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robin\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe (Ant.com)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L6UX1) -- C:\Windows\SysNative\drivers\L6UX164.sys (Line 6)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L6TPortGX) -- C:\Windows\SysNative\drivers\L6TPortGX64.sys (Line 6)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (L6PODX3) -- C:\Windows\SysNative\drivers\L6PODX364.sys (Line 6)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Startpage (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: cybersearch@cybernetnews.com:2.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: {8FFE139B-90A7-4460-A972-9D2738997F6D}:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: zigboom.designs@gmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.6.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/28 15:50:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/16 20:35:34 | 000,000,000 | ---D | M]

[2010/07/15 23:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Extensions
[2011/12/17 23:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\anttoolbar@ant.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\cybersearch@cybernetnews.com
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\foxdie_ext_ocelot@foxdie.us
[2011/12/07 04:50:26 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\googletube@googletube.com
[2011/12/17 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\staged
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/07/15 23:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2011/11/11 16:36:31 | 000,002,325 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage-ssl.xml
[2011/12/17 23:34:46 | 000,005,457 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\t64xcrhc.default\searchplugins\startpage.xml
[2011/12/14 11:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROBIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T64XCRHC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/28 15:50:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/20 20:52:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/09 02:46:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/09 02:46:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 02:46:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/09 02:46:17 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/09 02:46:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/18 04:37:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RAVCpl64.exe - Shortcut.lnk = C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O8 - Extra context menu item: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C06628-9292-4122-8AF0-B6BBD25AA72C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 18:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/20 18:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/12/20 18:21:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Robin\Desktop\erunt-setup.exe
[2011/12/19 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/12/19 23:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/12/19 21:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/12/19 21:13:16 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/12/19 21:13:16 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/12/19 21:13:16 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/12/19 21:13:15 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/12/19 21:13:15 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/12/19 21:10:05 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/12/19 21:10:05 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/12/19 21:10:05 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/12/19 21:10:05 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/12/19 21:10:05 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/12/19 21:10:05 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/12/19 21:10:05 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011/12/19 21:10:05 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/12/19 21:10:05 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/12/19 21:10:05 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/12/19 21:10:05 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011/12/19 21:10:05 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/12/19 21:10:05 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/12/19 21:10:05 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/12/19 21:10:05 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/12/19 21:10:05 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/12/19 21:10:05 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/12/19 21:10:05 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/12/19 21:10:05 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/12/19 21:10:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/12/19 12:20:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.scr
[2011/12/18 22:30:12 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Robin\Desktop\aswMBR.exe
[2011/12/18 12:38:02 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\dds.pif
[2011/12/18 12:37:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\dds.scr
[2011/12/18 06:17:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/18 04:42:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/17 22:45:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-Student Loan-Info
[2011/12/17 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{C5BCC622-9AA3-40AB-A625-1DA1BB0FF156}
[2011/12/17 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{FA612BA2-9B45-43EC-8491-CE323E1A936A}
[2011/12/12 02:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2011/12/12 02:27:38 | 000,000,000 | ---D | C] -- C:\WinDDK
[2011/12/12 01:39:29 | 004,425,880 | ---- | C] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/12 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\ElevatedDiagnostics
[2011/12/12 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/12/12 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\NVIDIA Corporation
[2011/12/11 23:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/12/11 16:34:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{745527A5-28F0-4E35-8F12-7A441032FA8C}
[2011/12/11 16:33:57 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{11692236-B597-432A-B574-148B1F106410}
[2011/12/11 03:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/12/11 03:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/09 05:22:02 | 000,000,000 | ---D | C] -- C:\41f7dcba618342895cab
[2011/12/08 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/12/08 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/12/08 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\DeepBurner Pro
[2011/12/07 22:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/07 22:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/07 22:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/07 22:20:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 22:17:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/07 21:24:36 | 004,342,882 | R--- | C] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/07 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/07 03:33:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/07 03:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/06 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/04 10:13:09 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{0C600D9C-D585-43A4-BBBB-FA17E2B37F44}
[2011/12/04 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1C8E0A02-2C5B-4D85-973D-BA2A2907EFF1}
[2011/12/01 13:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn825699552
[2011/11/30 17:41:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\01-CRA-Info+Forms
[2011/11/29 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\$60 COST EACH
[2011/11/29 23:08:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\10 Bags=$490+$55=$544+$31=$576
[2011/11/28 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-IE-Help and Info
[2011/11/28 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Robin\CyberLink
[2011/11/28 17:12:37 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\zoominto
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\zoomintoIE
[2011/11/28 17:12:33 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoominto IePlugin
[2011/11/28 16:17:56 | 000,000,000 | R--D | C] -- C:\Users\Robin\pentadactyl
[2011/11/28 13:48:30 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\S7H0W4
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\selling5699552stuff
[2011/11/27 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\robynn82@gmail.com
[2011/11/25 19:59:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{CE91FB52-1138-455D-AB9A-AC16E01CE8E6}
[2011/11/25 19:59:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{03E44292-4352-4868-B221-9A2AFABDA503}
[2011/11/24 19:16:46 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\1-Saskatoon Country Western Music Association
[2011/11/22 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{A800477D-372E-42B5-AF06-4B8ADFC0C755}
[2011/11/22 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\{1546113B-3CE4-4339-8BCB-F83682801DAD}
[2010/01/30 21:06:32 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2009/10/11 19:26:40 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\Vocal_WaveShell-VST 1.1.dll
[2009/10/11 19:26:35 | 000,442,368 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-DX 5.7.dll
[2009/10/11 19:26:24 | 000,417,792 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.2.dll
[2009/10/11 19:26:19 | 000,098,304 | ---- | C] (Waves Audio Ltd) -- C:\Program Files (x86)\WaveShell-VST 5.0.dll
[2009/10/11 19:26:14 | 000,557,056 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.7.dll
[2009/10/11 19:26:09 | 000,405,504 | ---- | C] (Waves Audio Ltd.) -- C:\Program Files (x86)\WaveShell-VST 5.5.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 20:00:55 | 000,006,400 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 20:00:55 | 000,006,400 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 19:53:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 19:11:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000UA.job
[2011/12/20 19:06:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 19:00:29 | 000,080,384 | ---- | M] () -- C:\Users\Robin\Desktop\MBRCheck.exe
[2011/12/20 18:35:17 | 000,000,886 | ---- | M] () -- C:\Users\Robin\Desktop\NTREGOPT.lnk
[2011/12/20 18:35:17 | 000,000,867 | ---- | M] () -- C:\Users\Robin\Desktop\ERUNT.lnk
[2011/12/20 18:21:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Robin\Desktop\erunt-setup.exe
[2011/12/19 21:51:38 | 000,208,896 | ---- | M] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 20:11:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-488319240-1603442040-3962435957-1000Core.job
[2011/12/19 12:20:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.scr
[2011/12/18 22:30:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Robin\Desktop\aswMBR.exe
[2011/12/18 12:38:02 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\dds.pif
[2011/12/18 12:37:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\dds.scr
[2011/12/18 04:37:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/18 04:22:03 | 004,342,882 | R--- | M] (Swearware) -- C:\Users\Robin\Desktop\ComboFix.exe
[2011/12/18 04:08:15 | 000,771,072 | ---- | M] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/18 04:02:57 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2011/12/15 22:15:22 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Robin\AppData\Roaming\pcouffin.sys
[2011/12/15 22:15:22 | 000,007,859 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2011/12/15 22:15:22 | 000,001,167 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2011/12/14 08:04:02 | 000,458,240 | ---- | M] () -- C:\Users\Robin\Desktop\CKScanner.exe
[2011/12/13 01:30:02 | 000,001,854 | ---- | M] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 17:25:08 | 005,075,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 12:47:12 | 000,000,850 | ---- | M] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | M] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\cd
[2011/12/12 01:39:32 | 004,425,880 | ---- | M] (Innovative Solutions ) -- C:\Users\Robin\Desktop\drivermax.exe
[2011/12/11 20:41:06 | 000,007,616 | ---- | M] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/11 03:48:40 | 000,001,598 | ---- | M] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:24:56 | 000,000,065 | ---- | M] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | M] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:25 | 000,000,194 | ---- | M] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/08 23:11:02 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/08 13:12:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/07 15:02:56 | 000,684,297 | ---- | M] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/06 16:29:32 | 000,896,046 | ---- | M] () -- C:\Users\Robin\Desktop\001-Shaw Digital Phone - Quick Reference Guide [May2010].pdf
[2011/12/01 14:01:09 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/11/29 10:53:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/28 15:51:53 | 000,001,905 | ---- | M] () -- C:\Users\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 09:44:49 | 000,000,000 | ---- | M] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | M] () -- C:\Users\Robin\.recently-used.xbel
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 19:00:28 | 000,080,384 | ---- | C] () -- C:\Users\Robin\Desktop\MBRCheck.exe
[2011/12/20 18:35:17 | 000,000,886 | ---- | C] () -- C:\Users\Robin\Desktop\NTREGOPT.lnk
[2011/12/20 18:35:17 | 000,000,867 | ---- | C] () -- C:\Users\Robin\Desktop\ERUNT.lnk
[2011/12/19 23:34:58 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/19 17:43:12 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/19 17:42:52 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/18 04:07:58 | 000,771,072 | ---- | C] () -- C:\Users\Robin\Desktop\RogueKiller.exe
[2011/12/18 04:02:57 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2011/12/16 21:49:28 | 000,896,046 | ---- | C] () -- C:\Users\Robin\Desktop\001-Shaw Digital Phone - Quick Reference Guide [May2010].pdf
[2011/12/16 20:35:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/14 08:04:02 | 000,458,240 | ---- | C] () -- C:\Users\Robin\Desktop\CKScanner.exe
[2011/12/12 12:47:12 | 000,000,850 | ---- | C] () -- C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 12:46:23 | 000,001,854 | ---- | C] () -- C:\Users\Robin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/12 03:04:02 | 000,000,042 | ---- | C] () -- C:\Windows\SysNative\1323680642.lock
[2011/12/12 02:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\windbg.exe
[2011/12/12 02:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\cd
[2011/12/11 03:48:40 | 000,001,598 | ---- | C] () -- C:\Users\Robin\Desktop\Hijack.exe - Shortcut.lnk
[2011/12/10 23:32:32 | 000,007,616 | ---- | C] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2011/12/10 23:24:56 | 000,000,065 | ---- | C] () -- C:\Windows\SysNative\1323581096.lock
[2011/12/10 23:24:32 | 000,000,068 | ---- | C] () -- C:\Windows\SysNative\1323581072.lock
[2011/12/10 23:13:16 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580396.lock
[2011/12/10 23:12:39 | 000,000,067 | ---- | C] () -- C:\Windows\SysNative\1323580359.lock
[2011/12/10 23:10:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\1323580246.lock
[2011/12/10 23:10:23 | 000,000,194 | ---- | C] () -- C:\Windows\SysNative\1323580223.lock
[2011/12/10 16:28:53 | 000,684,297 | ---- | C] () -- C:\Users\Robin\Desktop\unhide.exe
[2011/12/10 16:28:33 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\iExplore.exe
[2011/12/10 16:28:22 | 001,008,092 | ---- | C] () -- C:\Users\Robin\Desktop\rkill.exe
[2011/12/08 23:10:41 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_optionalfeatures.exe.etl
[2011/12/07 23:19:03 | 000,014,726 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Shortcut Icons.JPG
[2011/12/07 23:19:03 | 000,009,804 | ---- | C] () -- C:\Users\Robin\Desktop\Taskbar-Apps Currently Running-NOT MANY.JPG
[2011/12/07 22:32:11 | 000,006,400 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:32:11 | 000,006,400 | ---- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 22:20:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/07 22:20:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/07 22:20:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/07 22:20:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/07 22:20:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/28 09:44:49 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\{A68F38EA-0815-4D70-8EAA-EEE3F4F36F8F}
[2011/11/22 19:20:27 | 000,002,219 | ---- | C] () -- C:\Users\Robin\.recently-used.xbel
[2011/11/18 02:42:14 | 000,001,456 | ---- | C] () -- C:\Users\Robin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/09 17:27:11 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/10/09 17:27:11 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/10/09 17:27:10 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/10/09 17:27:10 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/10/09 17:27:10 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/09/30 15:59:21 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2011/01/28 20:44:36 | 000,000,377 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/01/27 17:12:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/11 00:28:11 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2010/12/19 22:41:44 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/23 21:04:44 | 000,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\prvlcl.dat
[2010/09/13 19:43:27 | 000,023,127 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/09/02 01:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2010/09/02 01:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/08/10 16:06:02 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/07/16 16:19:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\19C2AC9A03.sys
[2010/07/16 16:19:52 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/05 16:40:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/14 22:21:12 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/06/14 22:21:12 | 000,002,145 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/04/29 09:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/15 14:54:46 | 000,023,336 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/04 23:31:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/02/04 23:28:03 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010/01/30 21:06:32 | 000,007,859 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.cat
[2010/01/30 21:06:32 | 000,001,167 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\pcouffin.inf
[2010/01/27 15:51:20 | 000,208,896 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 15:24:30 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2009/12/15 15:24:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2009/10/16 12:27:30 | 000,000,486 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\wklnhst.dat
[2009/10/10 22:38:21 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2009/10/08 22:41:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/03 15:39:02 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/03/03 15:39:02 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/04/18 23:07:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2006/11/02 09:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2005/02/03 01:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[1980/01/01 01:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\bootstat.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CF778051

< End of report >
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Dakeyras » December 21st, 2011, 7:39 am

Hi. :)

With regard to those SysNative files, basically the folder they are residing in is a type of virtual directory for 32 bit applications to use on your machine when they need to be ran with a 64 bit Operating System. So defacto it acts like a File System Redirector. Depending on any one machines configuration and or use they may not be visible even when say hidden files are made visible. This can also be down to the fact Windows 7 is more secure in what it allows to be done/view even when say using a admin account. That's my explanation anyway for what its worth. ;)

Now as for those files, I have never seen such before being totally honest. You do have a lot of software installed that I am not really familiar with that may have been created by any of the editing type software for example. Plus some of the installed software may not be truly 64 bit compatible. Anyway for now I am going to leave them in-place and see what my scans reveal rather than just remove them arbitrarily to err on the side of caution.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q="
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-488319240-1603442040-3962435957-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-488319240-1603442040-3962435957-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2011/12/07 00:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Robin\*.tmp files -> C:\Users\Robin\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Robin\AppData\Local\*.tmp files -> C:\Users\Robin\AppData\Local\*.tmp -> ]
[2011/01/27 17:12:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/07/16 16:19:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\19C2AC9A03.sys
[2010/07/16 16:19:52 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
@Alternate Data Stream - 500 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CF778051

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...Click on Scan Now
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • Eset Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Computer Problems Update

Unread postby Robinski123 » December 21st, 2011, 5:17 pm

Hello Dakeyras!!, My HP SEEMS to be running fine, but there are still alot of System related problems:
"Turn Windows Features On Or Off" is still blank......updates download and install but the same updates still show up..as new.
Basically, Win 7 is not fully functional. In Event Viewer...there are many Critical>> Errors+Warnings.....under Security..there is a
big red X>> Event Viewer: Event Viewer cannot open the event log or custom view....etc....not recognized as valid by a WMI
data provider (4201). Many errors in Setup........System= The Windows Modules Installer service entered the stopped state.
etc....Performance Monitor: I get a small window>> Unable to add these counters: there are 6 listed..Processor Time, Interupt
Time, Parking Status (???), Idle Time, Disc Queue Length + Bytes Total/sec. Now it will not even close!! I have to end process to
do so..alot of Admin Tools will not open, but I can get Services and Configuration. The infection really messed up Win 7 system
drivers and apps :( It could have been worse I guess...from first post: "Immediatly my screen changed/flashed to a Black
screen. Then a bunch (over 20) of rectangular windows showed up...all indicating that my hard drive was failing!!!.there was an
option to "Fix" by selecting "OK"....However I didnot..I just forced shutdown by pressing the Start Buttion on my HP."
I guess that if I had pressed "OK"....it would have been worse??? (Canada Post Fake email w/ 1 .pdf and several .txt (0 bytes))
I am seriously considering that I maybe will do a Clean Install.....BUT I want to make sure that my user files are infection free
before I back them up....This would be my last resort, however. It would be nice to have a totally clean system though!!
anyways Dakeyras, here are the logs as requested.......again many THANX!!!!
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Robinski123 » December 21st, 2011, 5:18 pm

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: "http://search.avg.com/route/?d=4b6526ae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-GB&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\PCDrProfiler deleted successfully.
C:\Program Files\PC-Doctor for Windows\RunProfiler.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\line6.net\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-488319240-1603442040-3962435957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\ProgramData\IObit\IObit Security 360 folder moved successfully.
C:\ProgramData\IObit\Advanced Spyware Remover folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Users\Robin\PP_MOTION.TMP folder deleted successfully.
C:\Users\Robin\PP_ROTATE_SLIDE.TMP folder deleted successfully.
File delete failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be deleted on reboot.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Robin\AppData\Local\BIT4A86.tmp deleted successfully.
C:\ProgramData\.zreglib moved successfully.
C:\ProgramData\19C2AC9A03.sys moved successfully.
C:\ProgramData\KGyGaAvL.sys moved successfully.
Unable to delete ADS C:\ProgramData\Temp:05EE1EEF .
Unable to delete ADS C:\ProgramData\Temp:CF778051 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Robin\Desktop\cmd.bat deleted successfully.
C:\Users\Robin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Da Hood
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: From T5234

User: Public
->Temp folder emptied: 0 bytes

User: Robin
->Temp folder emptied: 80752007 bytes
->Temporary Internet Files folder emptied: 196169214 bytes
->Java cache emptied: 866735 bytes
->FireFox cache emptied: 50168098 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2194 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: TEMP.ROBIN-HP

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 524992 bytes
->Flash cache emptied: 38784 bytes

User: UpdatusUser.ROBIN-HP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 5326 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2845225 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67963 bytes
RecycleBin emptied: 16107086 bytes

Total Files Cleaned = 332.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 12212011_094935

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be moved on reboot.
C:\Users\Robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLXAI3GU\AjaxHistoryFrame[2].htm moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLXAI3GU\null[4].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLXAI3GU\xmlProxy[1].htm moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W73AS970\4743433[5].js moved successfully.
File\Folder C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W73AS970\EditMessageLight[1].htm not found!
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W73AS970\Empty[1].js moved successfully.
File\Folder C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W73AS970\RteFrame_16.2.2978.1206[1].htm not found!
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W73AS970\xmlProxy[2].htm moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPE3RU78\event[7].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPE3RU78\Messenger[1].htm moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RH69MSDJ\resourcespreload[1].htm moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBYCFGQ8\resourcespreload[1].htm moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWST89Q2\4743433[4].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWST89Q2\null[5].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LKK6FFGE\eventCA6V7PP9.js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LKK6FFGE\eventCAZ8VO42.js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ECEVQJ7X\presignin[2].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CRP66I7W\null[2].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CRP66I7W\viewtopic[1].htm moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\74N39DB0\seg[1].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1O5Q28H8\24025546[5].js moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File\Folder C:\Windows\temp\etilqs_bFufvYFZfi7U9eO8c2Kr not found!
File\Folder C:\Windows\temp\etilqs_f1p25hUkl5ki9mmadmqt not found!

Registry entries deleted on Reboot...
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Robinski123 » December 21st, 2011, 5:19 pm

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122104

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/21/11 10:06:05 AM
mbam-log-2011-12-21 (10-06-05).txt

Scan type: Quick scan
Objects scanned: 240208
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

ESET Log

Unread postby Robinski123 » December 21st, 2011, 5:20 pm

C:\Users\Robin\.thumbnails\For Tammy\Programs-Computer Maintanance\Eraser\cnet_Eraser 6_0_8_2273_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Robin\1-Temp\001-Vidz Made for Tammy\Eraser\cnet_Eraser 6_0_8_2273_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Robin\BACKUPS-Info\Paragon Backup and Recovery (Advanced) Free\Paragon Backup and Recovery.exe a variant of Win32/InstallCore.D application
C:\Users\Robin\BACKUPS-Info\Paragon-Partition Manager 11 Free Edition\cnet_pm_free_msi.exe a variant of Win32/InstallCore.D application
C:\Users\Robin\Desktop-Computer Maintanance\001-Windows Vista Problem Fixes-MICROSOFT\media.player.codec.pack.v3.6.0.setup.exe Win32/Adware.Toolbar.Dealio application
C:\Users\Robin\HP-Solutions\.00-CLEAN INSTALL-What is needed\ubcd511.iso Win32/PSWTool.KonBoot.A application
C:\Users\Robin\Programs-Audio\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Users\Robin\Programs-Computer Maintanance\EaseUS Partition Master Home Edition-FREE\cnet_partition_recovery_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Robin\Programs-Computer Maintanance\zzzzParagon-Partition Manager 11 Free Edition\Paragon-Partition Manager 11 Free Edition.exe a variant of Win32/InstallCore.D application
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware