Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Strange IE popups, Volume stuck on mute, speed decrease, etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Strange IE popups, Volume stuck on mute, speed decrease, etc

Unread postby rlmark » June 17th, 2012, 8:36 pm

The computer I'm posting from is a desktop that I keep in my basement, and I leave it running almost 100% of the time. Yesterday I came home to find it, oddly enough, shutting down. I wondered how that happened, and figured that it was some automatic Windows Update or something. I booted it back up, and between now and then, have noticed a number of extremely strange symptoms that lead me to believe there's something going on here...
  • "Script Unresponsive" errors popping up from IE (and I don't use IE- I use Chrome) from suspicious looking URLS
  • The "mute" button is checked in my Volume Control, and I can't unmute it! I keep clicking, and it keeps staying mute. No sort of Control Panel settings have fixed this either.
  • The computer has slowed down tremendously, much slower than normal
  • Had a strange internet outage earlier this afternoon that only affected this computer (my other computers ran internet fine)


Here are my logs, hopefully you can help me out!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ryan at 20:22:17 on 2012-06-17
.
============== Running Processes ===============
.
C:\Windows\TEMP\mrt4.tmp\stdrt.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Windows\system32\nvsvc32.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Windows\System32\alg.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\Program Files\SB Pro\subliminalblasterpro.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Ryan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k WudfServiceGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [TypingSatellite] "c:\program files\typingmaster\KBOOST.EXE"
uRun: [Google Update] "c:\documents and settings\ryan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\documents and settings\ryan\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DSS] c:\windows\bbstore\dss\DSSAGENT.EXE
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Subliminal blaster Pro] c:\program files\sb pro\subliminalblasterpro.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Driver Genius]
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home\PMBVolumeWatcher.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\ryan\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{AD9C3F28-4C0E-43A1-91BB-D6608479494E} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{EB41ED32-2F4D-4C79-B138-DFF2DDCB5D2A} : DhcpNameServer = 10.0.1.1
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R? Adobe Licensing Console;Adobe Licensing Console
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gkmixern;gkmixern
R? ICDUSB2;Sony IC Recorder (P)
R? idmc1aud;Intel(r) Play(tm) USB Audio Filter (WDM)
R? IDMC1Blk;Intel Play DMC Download Driver
R? IDMC1Vxp;Intel(r) Play(tm) DMC Camera
R? KORGUMDS;KORG USB-MIDI Driver for Windows
R? MEMSWEEP2;MEMSWEEP2
R? STVqx3;Intel Play QX3 Microscope
R? SwitchBoard;Adobe SwitchBoard
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service
S? LBeepKE;Logitech Beep Suppression Driver
S? MBAMSwissArmy;MBAMSwissArmy
S? PMBDeviceInfoProvider;PMBDeviceInfoProvider
S? WDDMService;WD SmartWare Drive Manager
S? WDSmartWareBackgroundService;WD SmartWare Background Service
.
=============== Created Last 30 ================
.
2012-06-17 23:40:27 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-17 23:38:59 -------- d-sh--w- c:\documents and settings\ryan\IECompatCache
2012-06-15 03:23:16 -------- d-----w- c:\documents and settings\all users\application data\Sony Corporation
2012-06-13 08:18:27 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-10 23:54:03 1554944 ----a-w- c:\windows\system32\SET336.tmp
2012-06-10 23:45:04 915879 ----a-w- c:\windows\system32\lnsecsl.exe
2012-06-03 20:30:11 -------- d-----w- c:\program files\Dropbox
2012-06-01 17:31:36 -------- d-----w- c:\program files\iTunes
2012-06-01 17:25:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-01 17:25:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-01 17:25:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-01 17:25:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-01 17:25:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-01 17:25:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-01 17:25:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-19 21:46:18 -------- d-----w- c:\program files\AnalogX
2012-05-19 21:46:01 -------- d-----w- c:\program files\iZotope
2012-05-19 21:41:13 -------- d-----w- c:\program files\YoGen
2012-05-19 02:47:38 -------- d-----w- c:\documents and settings\ryan\application data\Sony Creative Software Inc
2012-05-19 02:37:46 107864 ----a-w- c:\windows\system32\tsccvid.dll
2012-05-19 02:37:45 -------- d-----w- c:\windows\system32\QuickTime
2012-05-19 02:37:09 -------- d-----w- c:\program files\common files\TechSmith Shared
2012-05-19 01:34:50 -------- d-----w- c:\program files\common files\PACE Anti-Piracy
2012-05-19 01:34:50 -------- d-----w- c:\documents and settings\ryan\local settings\application data\PACE Anti-Piracy
2012-05-19 01:34:50 -------- d-----w- c:\documents and settings\ryan\application data\PACE Anti-Piracy
2012-05-19 01:34:50 -------- d-----w- c:\documents and settings\all users\application data\PACE Anti-Piracy
.
==================== Find3M ====================
.
2012-06-10 16:45:25 16 ----a-w- c:\windows\system32\msvcsv60.dll
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ------w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-18 21:08:41 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe
2012-04-05 04:22:12 11881936 ----a-w- c:\documents and settings\ryan\gosetup.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 05:53:58 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-04 05:53:56 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
.
============= FINISH: 20:28:43.34 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/22/2005 10:13:31 PM
System Uptime: 6/17/2012 6:47:31 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 125 GiB total, 12.164 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 59.109 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\B2B24FD00356
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\B2B24FD00356
Service: NIC1394
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DF PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DF PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Service: Modem
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection #2
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
Description: Standard floppy disk controller
Device ID: ACPI\PNP0700\4&1506BB2E&0
Manufacturer: (Standard floppy disk controllers)
Name: Standard floppy disk controller
PNP Device ID: ACPI\PNP0700\4&1506BB2E&0
Service: fdc
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: DV Ts(Video)
Device ID: ROOT\IMAGE\0000
Manufacturer:
Name: DV Ts(Video)
PNP Device ID: ROOT\IMAGE\0000
Service: CoachVc
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
2C-Audio Aether
7-Zip 4.65
924PLC32
AAC Decoder
AceReader Pro (Server)
ACID Pro 7.0
Acoustica Effects Pack
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Adobe Widget Browser
AnalogX Vocal Remover
AndreaMosaic 3.33.0
Antares Autotune VST v5.09
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artillery2
Arturia Arp2600 V v1.0
Arturia CS-80V v1.2
Arturia Minimoog V v1.0
ASAPI
ASIO4ALL
Audacity 1.2.3
AudioPaint
AutoUpdate
AviSynth 2.5
Belkin 54Mbps Wireless Network Adapter
Bonjour
BrainWave Generator
Buzan's iMindMap V3
Cakewalk Music Creator 2003
Camtasia Studio 6
CCleaner (remove only)
CM Vocoder
CoffeeCup Flash FireStarter
Compatibility Pack for the 2007 Office system
ConverterLite 0.1
Deckadance
Defraggler
Dell Driver Reset Tool
Dell System Restore
Deluge 1.3.3
Digital Video Repair 2.2.0.1
Digital Voice Editor 3
DirectWave
DivX Converter
DivX Version Checker
DreamStation DXi
Driver Genius Professional Edition
Dropbox
DVD Decrypter (Remove Only)
EarMaster Pro 5
eyeQ
FileZilla Client 3.5.3
Finale 2009
FL Studio 10
FL Studio 8
foobar2000 v1.1.11
Free YouTube Download version 3.1.22.319
Freecorder 5
Freecorder Toolbar
Garritan Instruments for Finale 2009
GEAR 32bit Driver Installer
GEAR Video 8.02
GForce - Minimonsta
GlaceVerb 1.01
Google Chrome
GoToMyPC
GTK2-Runtime
H.264 Decoder
Handbrake 4415 Nightly
HighC 2.861
Hitler's End
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HymnSoft Player Module 2.05
Hypnotic Writer's Swipe File 1.0
Hypnotic Writing Wizard 2.0
IL Download Manager
IL Juice Pack
Image Line ToxicIII v1.41 VSTi
Install Creator
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 16.8.46.0
Intel(r) Play(tm) Digital Movie Creator
Intel(r) System Information Viewer
Interlok driver setup x32
Internet Explorer Default Page
iPod for Windows 2005-09-23
ISO Recorder
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 31
Junction Link Magic 2.0
KORG Legacy Collection - LegacyCell
KORG Legacy Collection - M1
KORG Legacy Collection - MDE-X
KORG Legacy Collection - MonoPoly
KORG Legacy Collection - MS-20
KORG Legacy Collection - Polysix
KORG Legacy Collection - WAVESTATION
KORG microKORG XL Sound Editor
KORG USB-MIDI Driver Tools for Windows
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
LinPlug FreeAlpha
Logitech SetPoint 6.32
Lucid Dream Preparation
Lucid Dreaming Kit
M30 Reverb
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.61.0.1400
Maximus
MediaFACE 4.2
MediaFACE 4.2 Image Library
MediaInfo 0.7.53
MeldaProduction MFreeEffectsBundle 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Dictation
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MixMeister Studio Demo 7.4.4
MKV Splitter
MKVToolNix 5.2.1
Modem Event Monitor
Modem Helper
Modem On Hold
Monopoly Tycoon
Morphine
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
My DSC
My Ideal Relationship With Money
N.I Pro-53 v3.0-OxYGeN
Native Instruments B4 v1.11
Native Instruments FM7
Native Instruments FM8
Native Instruments Kontakt v1.02
Native Instruments Limelite Solo
Native Instruments Pro52 v2.5
Network Play System (Patching)
Neuro-Programmer Professional 2.4.2
Norton PartitionMagic
Norton PartitionMagic 8.0
NoteWorthy Composer 2
Novation V-Station v1.20-H2O
NVIDIA Drivers
Ogg Codecs 0.81.15562
OhmForce Ohmygod VST2
Oregon Trail II
PDF Settings CS5
PDFCreator
Pinnacle device drivers
Pinnacle Systems USB-2 Device Drivers
Pinnacle Video Driver
PlayMemories Home
PoiZone
PowerDVD 5.5
PowerISO
PrimoPDF -- brought to you by Nitro PDF Software
PSP SpringVerb CM
Quick Screen Recorder 1.5
QuickTime
QuickTime 3.0
RealPlayer Basic
ReBirth RB-338 2.0
Revo Uninstaller 1.93
rgc:audio z3ta+ VSTi v1.4
Robotronic
Roll
RollerCoaster Tycoon 2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Shockwave
SimCity 3000
SimSynth 2.7 - ZONE
Slayer2 Demo 2.5
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonik Synth 2
Sonnox Oxford TransMod Native VST v1.3.1
Sony DVD Architect Studio 3.0b
Sony USB Driver
Sony Vegas Movie Studio 6.0
Sony Vocal Eraser
Spin It Again
Spotify
Star Wars DroidWorks
Subliminal Blaster Pro
Sytrus
TC Electronic Near Native Plugins VST v1.0
The Rosetta Stone
Tone2 Gladiator VSTi v2.2
TypingMaster Pro
Unique
Unphuck
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
VC80CRTRedist - 8.0.50727.762
Vegas Pro 10.0
Vertigo VSC-2 1.0
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.0.1
Vogue
WD SmartWare
WebFldrs XP
WIBU-KEY Setup (WIBU-KEY Remove)
Winamp
WinDirStat 1.1.2
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WOW
XP Codec Pack
Xteq-dotec X-Setup Pro 6.6.300.Final1
YoGen Vocal Remover
Zero-X BeatSlicer
.
==== Event Viewer Messages From Past Week ========
.
6/17/2012 8:29:03 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm
Advertisement
Register to Remove

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 19th, 2012, 10:42 am

Hi rlmark,
-----------------------------------------------------------
Need to remove this old Java. It will (or maybe did) get your computer infected.
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Java 2 Runtime Environment, SE v1.4.2_03

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • CKFiles.txt
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 19th, 2012, 2:12 pm

I've removed the old Java installation as requested. Here's a brief update on the symptoms and a theory I have:
  • I can't download files from Google Chrome in any way (whether I click on them, or right click and select "Save Link As"). I can, however, download files from Internet Explorer, but it's running so ridiculously slow that it's actually suspicious.
  • I think I've made a connection between the "Script Unresponsive" errors popping up from IE (even when IE isn't running) and the Volume Control mute thing. When I reboot my computer, before all processes have started up, etc., I can actually unmute the volume control. However, once things get going, it remutes itself and won't allow me to un-mute again. Now, if I rapidly click on the "Mute" checkbox once it's been muted, I can actually hear things going on, even when no other programs are running. That, combined with the advertisement-looking URLS that the Script Unresponsive windows mention, leads me to believe that maybe the malware I have is secretly using my computer as a host to falsely display advertisements, without letting me see or hear them (hence the muting), raking in ad revenue.

Here are the log files you requested:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\ryan\my documents\my music\downloaded3\the golden torch story(33)\the golden torch story(33)\11 crackin' up over yoy.mxm
c:\program files\acoustica spin it again\presets\vinyl declick & decrackle.preset
c:\program files\common files\native instruments\shared content\sounds\fm8\fm7 factory\beam cracker bass.ksd
c:\program files\common files\native instruments\shared content\sounds\fm8\fm7 factory\cracklephone.ksd
c:\program files\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\fl studio 10\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 10\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 8\data\patches\packs\fpc\the machine - a vintage drum collection\the machine\multimoog\maxv - fm crack.aiff
scanner sequence 3.DD.11.DIABCB
----- EOF -----


OTL logfile created on: 6/19/2012 1:10:10 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 55.99% Memory free
2.11 Gb Paging File | 1.39 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.42 Gb Total Space | 12.34 Gb Free Space | 9.84% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 59.11 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
Drive L: | 7.47 Gb Total Space | 2.17 Gb Free Space | 29.01% Space Free | Partition Type: FAT32

Computer Name: BASEMENT | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
PRC - [2012/06/19 12:20:03 | 000,372,736 | ---- | M] ( ) -- C:\WINDOWS\Temp\mrt6.tmp\stdrt.exe
PRC - [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/02/15 20:10:56 | 000,688,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/03/30 01:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/12/29 06:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 23:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2006/04/05 03:59:28 | 001,403,392 | ---- | M] () -- C:\Program Files\SB Pro\subliminalblasterpro.exe
PRC - [1999/04/19 10:44:02 | 000,546,304 | ---- | M] (Brøderbund Software) -- C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/19 12:20:03 | 000,307,200 | ---- | M] () -- C:\WINDOWS\Temp\mrt6.tmp\mmfs2.dll
MOD - [2012/06/19 12:20:03 | 000,059,392 | ---- | M] () -- C:\WINDOWS\Temp\mrt6.tmp\Yaso.mfx
MOD - [2012/06/19 12:20:03 | 000,012,800 | ---- | M] () -- C:\WINDOWS\Temp\mrt6.tmp\Get.mfx
MOD - [2012/06/17 03:37:00 | 011,817,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/17 03:36:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/17 03:36:30 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/17 03:34:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/17 03:34:13 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/17 03:28:42 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/17 03:28:23 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/13 03:33:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/13 03:31:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:29:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:27:57 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/13 03:21:07 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:20:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/02 20:48:41 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/02 20:48:41 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/26 12:45:34 | 000,188,416 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinwcuiDLL.dll
MOD - [2007/10/30 23:29:24 | 000,151,617 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\blkwcapi.dll
MOD - [2006/04/05 03:59:28 | 001,403,392 | ---- | M] () -- C:\Program Files\SB Pro\subliminalblasterpro.exe
MOD - [2006/02/24 11:40:56 | 000,061,440 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinHWStatus.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\Security.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\GTW32N50.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\lnsecsl.exe -- (Adobe Licensing Console)
SRV - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/27 16:07:25 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/04/01 23:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\7.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ryan\LOCALS~1\Temp\gkmixern.sys -- (gkmixern)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (arznj3ff)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/06/28 18:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/03/30 01:13:00 | 000,024,056 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/24 13:03:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/10/02 05:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/26 11:30:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/11/28 22:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/09/26 18:10:00 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001/07/05 15:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp) Intel(r) Play(tm)
DRV - [2001/07/05 15:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 15:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud) Intel(r) Play(tm) USB Audio Filter (WDM)
DRV - [2001/04/27 09:28:02 | 000,131,776 | ---- | M] (Intel ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: I:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/17 19:17:06 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Private Browsing = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhgehldmbojedoeglnclpglgoggonjg\0.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/19 13:07:38 | 000,000,103 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 ood.opsource.net
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE (Brøderbund Software)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Subliminal blaster Pro] C:\Program Files\SB Pro\subliminalblasterpro.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKU\S-1-5-21-1810697113-279428050-2671847038-1007..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1810697113-279428050-2671847038-1007..\Run: [Spotify Web Helper] C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1810697113-279428050-2671847038-1007..\Run: [TypingSatellite] C:\Program Files\TypingMaster\KBOOST.EXE (TypingMaster Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD9C3F28-4C0E-43A1-91BB-D6608479494E}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB41ED32-2F4D-4C79-B138-DFF2DDCB5D2A}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 12:32:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/17 20:18:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 19:40:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2012/06/17 19:38:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ryan\IECompatCache
[2012/06/17 12:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/06/17 12:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/06/14 23:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Sony PMB
[2012/06/14 23:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Sony Corporation
[2012/06/14 23:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PlayMemories Home
[2012/06/14 23:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012/06/13 04:18:27 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dllcache\jsdbgui.dll
[2012/06/10 19:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line
[2012/06/03 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/01 13:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/01 13:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 12:55:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007UA.job
[2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/19 12:32:05 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/19 12:25:03 | 000,506,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/19 12:25:03 | 000,088,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/19 12:24:19 | 000,061,797 | ---- | M] () -- C:\Windows\System32\tubekey.dat
[2012/06/19 12:23:54 | 000,000,105 | ---- | M] () -- C:\Windows\System32\get.dat
[2012/06/19 12:20:45 | 000,000,104 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2012/06/19 12:19:59 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/19 02:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-BASEMENT-Ryan.job
[2012/06/18 21:55:55 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007Core.job
[2012/06/17 20:18:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 20:05:09 | 000,833,086 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 14:00:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:41:23 | 003,666,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 15:01:55 | 000,226,816 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 11:53:33 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/06/15 10:12:54 | 000,114,392 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 09:33:03 | 000,086,624 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 23:16:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/06/14 13:35:15 | 000,090,440 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:29:12 | 001,641,672 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:21:40 | 023,136,224 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:12:21 | 006,253,782 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/12 01:00:17 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/12 01:00:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Google Chrome.lnk
[2012/06/10 19:56:40 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012/06/09 14:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\Superbas.ini
[2012/06/05 07:05:46 | 005,190,388 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/03 16:30:45 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 16:29:37 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Dropbox.lnk
[2012/06/01 13:33:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllcache\crypt32.dll
[2012/05/29 17:55:33 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/24 21:40:27 | 010,736,888 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Texture-Collegiate Feelings.mp3
[2012/05/20 17:39:06 | 265,023,465 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\kickstarter wmv5.wmv
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/19 12:32:01 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/17 20:05:02 | 000,833,086 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 19:17:48 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/06/17 14:00:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:46:30 | 000,061,797 | ---- | C] () -- C:\Windows\System32\tubekey.dat
[2012/06/17 12:46:15 | 000,000,105 | ---- | C] () -- C:\Windows\System32\get.dat
[2012/06/15 00:43:27 | 000,114,392 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 00:43:27 | 000,086,624 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 23:24:08 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PlayMemories Home.lnk
[2012/06/14 12:29:03 | 001,641,672 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:23:09 | 000,090,440 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:21:36 | 023,136,224 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:11:21 | 006,253,782 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/10 19:56:40 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:56 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | C] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/05 07:05:31 | 005,190,388 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/01 13:33:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 17:54:27 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/24 21:39:48 | 010,736,888 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Texture-Collegiate Feelings.mp3
[2012/05/20 16:12:52 | 265,023,465 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\kickstarter wmv5.wmv
[2012/04/18 17:08:25 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/04/02 15:58:59 | 000,650,657 | ---- | C] () -- C:\Program Files\lame3.99.5 (1).zip
[2012/03/25 15:28:13 | 000,078,960 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/03 20:21:51 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/03/01 14:01:36 | 000,003,072 | ---- | C] () -- C:\Windows\System32\iacenc.dll
[2012/02/29 23:17:28 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPluginConfiguration.xml
[2012/02/29 23:01:01 | 000,197,014 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAnalyzerpresets.xml
[2012/02/29 23:01:01 | 000,013,964 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFlangerpresets.xml
[2012/02/29 23:01:01 | 000,013,158 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MOscillatorpresets.xml
[2012/02/29 23:01:01 | 000,009,119 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFreqShifterpresets.xml
[2012/02/29 23:01:01 | 000,007,130 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerpresets.xml
[2012/02/29 23:01:01 | 000,006,687 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\menvelopepresets.xml
[2012/02/29 23:01:01 | 000,006,444 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MCompressorpresets.xml
[2012/02/29 23:01:01 | 000,005,622 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MNoiseGeneratorpresets.xml
[2012/02/29 23:01:01 | 000,005,138 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MWaveShaperpresets.xml
[2012/02/29 23:01:01 | 000,004,362 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPhaserpresets.xml
[2012/02/29 23:01:01 | 000,003,771 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MRingModulatorpresets.xml
[2012/02/29 23:01:01 | 000,002,820 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerAreasEditorpresets.xml
[2012/02/29 23:01:01 | 000,002,775 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MStereoExpanderpresets.xml
[2012/02/29 23:01:01 | 000,002,666 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MVibratopresets.xml
[2012/02/29 23:01:01 | 000,002,492 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MSpectralAnalyzerPrefilterpresets.xml
[2012/02/29 23:01:01 | 000,002,366 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MTremolopresets.xml
[2012/02/29 23:01:01 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAutopanpresets.xml
[2012/02/29 23:01:01 | 000,001,381 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MLimiterpresets.xml
[2012/02/29 23:01:01 | 000,001,235 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\mbasestyleconfigurationpresets.xml
[2012/02/29 23:01:01 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MValueToColor5presets.xml
[2012/02/19 21:54:27 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2012/01/28 17:03:20 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\x264_x64.ini
[2012/01/21 15:06:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2012/01/21 15:06:14 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011/08/11 19:40:44 | 000,074,340 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.2.2.exe
[2011/07/25 05:48:58 | 000,074,293 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.1.2.exe
[2011/07/16 15:43:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/06/28 18:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/05/31 16:46:14 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2011/05/31 16:46:14 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2011/05/31 16:46:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2011/05/28 19:15:56 | 000,000,040 | ---- | C] () -- C:\Windows\Superbas.ini
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/09 15:38:51 | 000,008,776 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2010/08/31 20:27:00 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll
[2010/07/05 13:56:38 | 000,001,077 | ---- | C] () -- C:\Windows\unins000.dat
[2010/07/04 22:25:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll
[2010/07/04 22:25:31 | 000,000,093 | ---- | C] () -- C:\Windows\netctrl.ini

========== LOP Check ==========

[2012/02/24 18:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2012/04/05 00:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2009/04/13 15:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/01/24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/02/25 19:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2007/03/25 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EarMaster
[2006/03/19 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2012/02/19 23:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2011/05/30 21:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2012/02/29 23:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTexturedStyles
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/02/25 19:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/02/25 18:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/06 11:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD
[2012/03/14 20:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/30 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/30 21:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/05/18 21:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/13 15:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/05/18 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/08/27 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/07 19:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/02/25 13:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/24 17:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2012/02/05 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/11/28 16:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiptune\Application Data\Publish Providers
[2008/11/28 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiptune\Application Data\Sony
[2012/02/29 17:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiptune\Application Data\Western Digital
[2009/07/03 17:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Antares
[2005/12/23 17:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Atari
[2009/04/21 02:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\BitTorrent
[2012/02/05 12:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ConverterLite
[2012/02/25 17:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Cytomic
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools
[2009/01/24 13:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Lite
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Pro
[2012/02/24 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\deluge
[2012/02/25 19:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DriverFinder
[2012/06/19 12:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox
[2012/03/28 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoft
[2012/03/28 23:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers
[2009/04/03 21:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EarMaster
[2012/06/05 22:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\FileZilla
[2012/04/10 22:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\fltk.org
[2012/06/14 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2009/03/28 17:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Garritan
[2006/07/15 11:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GEAR Video 8.01
[2012/02/24 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0
[2012/05/19 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HandBrake
[2012/04/10 15:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\highc
[2012/02/20 00:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\KORG
[2005/12/23 17:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MeldaProduction
[2012/01/28 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\mkvtoolnix
[2011/05/30 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSNInstaller
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSPS
[2012/02/29 23:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MTexturedStyles
[2009/07/03 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\NetMedia Providers
[2011/07/16 15:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Noteworthy Software
[2009/01/25 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Nuance
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PACE Anti-Piracy
[2009/03/28 18:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Plogue
[2012/06/19 12:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PriceGong
[2012/03/29 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PrimoPDF
[2006/09/04 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Publish Providers
[2012/01/21 16:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RipIt4Me
[2008/01/17 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\rockbox.org
[2006/07/08 08:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Seven Zip
[2010/06/25 15:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Smartelectronix
[2012/05/18 22:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony
[2012/05/18 22:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Creative Software Inc
[2009/05/25 12:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Setup
[2012/06/09 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Spotify
[2011/06/16 17:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TypingMaster7
[2012/02/19 23:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Waldorf
[2011/09/07 19:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Western Digital

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1345 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ir9t5FRGMAoEbKynWTUG
@Alternate Data Stream - 1205 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:h9qzo7gClt6bKLOK2mD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A

< End of report >
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 19th, 2012, 2:15 pm

Extras.txt:


OTL Extras logfile created on: 6/19/2012 1:10:11 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 55.99% Memory free
2.11 Gb Paging File | 1.39 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.42 Gb Total Space | 12.34 Gb Free Space | 9.84% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 59.11 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
Drive L: | 7.47 Gb Total Space | 2.17 Gb Free Space | 29.01% Space Free | Partition Type: FAT32

Computer Name: BASEMENT | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:tor1
"443:TCP" = 443:TCP:*:Enabled:tor2
"7935:TCP" = 7935:TCP:*:Enabled:Adobe Flash Builder 4.5

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\VirtualDJ\virtualdj.exe" = C:\Program Files\VirtualDJ\virtualdj.exe:*:Enabled:VirtualDJ
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi
"C:\Program Files\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe" = C:\Program Files\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe:*:Enabled:Adobe Flash Builder 4.5 -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Ryan\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Ryan\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{020032F6-05D6-42CE-9835-F24BDF8D4F7F}" = KORG microKORG XL Sound Editor
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6A7971-0F11-4A79-A0E9-133D0963A570}" = ISO Recorder
"{10B39DCD-0325-49FE-BFBC-8EC011CB7CA8}" = ACID Pro 7.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{128D2873-DDAA-4D4C-A177-2D4876C86807}" = Intel(r) Play(tm) Digital Movie Creator
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EC82637-F2BD-4F2F-B4DE-F38B70D0DDC3}" = KORG Legacy Collection - LegacyCell
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D6DFE76-A197-4337-90BA-8DCB840CA84B}" = MediaFACE 4.2 Image Library
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F866D37-22D0-435D-94F1-31A64D566D0E}" = Pinnacle device drivers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}" = Intel(r) System Information Viewer
"{5EB2FF32-B281-45A4-A283-778D63315BD2}" = Sonik Synth 2
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6423EF42-19F9-4FF6-83D7-177B391D96B6}" = KORG Legacy Collection - M1
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.46.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68CC2E6B-B159-4A49-BD27-0B488C54E466}" = Buzan's iMindMap V3
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7E9F464A-4118-4A5D-85D9-F50FDAD1754F}" = AudioPaint
"{7F025596-53EC-421A-BB05-742A4D6CC8E3}" = KORG Legacy Collection - WAVESTATION
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{836361D1-D74F-416F-B8B2-DCB7ED89B111}" = KORG Legacy Collection - MS-20
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI
"{8B047D71-1901-4415-BE66-15D2DFA0B2B9}" = GEAR Video 8.02
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{9870C7AE-7C6A-478D-9A75-35827382220F}" = Pinnacle Systems USB-2 Device Drivers
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B208107-DCBC-4815-A85D-E7151CFD454C}" = KORG Legacy Collection - MonoPoly
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{9FFCBA8E-365C-454B-B841-5D37E1DB5ECF}" = YoGen Vocal Remover
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7D95B65-E05B-4B05-B669-7A1AC21BAB67}" = KORG Legacy Collection - Polysix
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E129EC5D-FC37-4260-B6B7-1113D8613A89}" = MediaFACE 4.2
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E8FD2DF4-CF22-4996-BBF5-FE37D13A420E}" = KORG Legacy Collection - MDE-X
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B8271B-1FC0-48AA-A4E7-8991AEDAEC1A}" = Sony DVD Architect Studio 3.0b
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"7-Zip" = 7-Zip 4.65
"AceReader Pro (Server)" = AceReader Pro (Server)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Aether" = 2C-Audio Aether
"AnalogX Vocal Remover" = AnalogX Vocal Remover
"AndreaMosaic" = AndreaMosaic 3.33.0
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"Artillery2" = Artillery2
"Arturia Arp2600 V v1.0" = Arturia Arp2600 V v1.0
"Arturia CS-80V v1.2" = Arturia CS-80V v1.2
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.3
"AviSynth" = AviSynth 2.5
"BrainWave Generator" = BrainWave Generator
"Cakewalk Music Creator 2003" = Cakewalk Music Creator 2003
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CM Vocoder" = CM Vocoder
"CoffeeCup Flash FireStarter" = CoffeeCup Flash FireStarter
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ConverterLite" = ConverterLite 0.1
"Deckadance" = Deckadance
"Defraggler" = Defraggler
"Deluge" = Deluge 1.3.3
"Digital Video Repair_is1" = Digital Video Repair 2.2.0.1
"DirectWave" = DirectWave
"DreamStation DXi" = DreamStation DXi
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EarMaster Pro 5_is1" = EarMaster Pro 5
"FileZilla Client" = FileZilla Client 3.5.3
"Finale 2009" = Finale 2009
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"foobar2000" = foobar2000 v1.1.11
"Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.11" = Freecorder 5
"Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009
"GlaceVerb_is1" = GlaceVerb 1.01
"GTK2-Runtime" = GTK2-Runtime
"Handbrake" = Handbrake 4415 Nightly
"HighC_is1" = HighC 2.861
"Hitler's End" = Hitler's End
"HymnSoft_Professional_2.02" = HymnSoft Player Module 2.05
"Hypnotic Writer's Swipe File_is1" = Hypnotic Writer's Swipe File 1.0
"Hypnotic Writing Wizard_is1" = Hypnotic Writing Wizard 2.0
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"IL Juice Pack" = IL Juice Pack
"Image Line ToxicIII v1.41 VSTi" = Image Line ToxicIII v1.41 VSTi
"Install Creator" = Install Creator
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{2D6DFE76-A197-4337-90BA-8DCB840CA84B}" = MediaFACE 4.2 Image Library
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{E129EC5D-FC37-4260-B6B7-1113D8613A89}" = MediaFACE 4.2
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Junction Link Magic_is1" = Junction Link Magic 2.0
"LinPlug FreeAlpha" = LinPlug FreeAlpha
"Lucid Dream Preparation_is1" = Lucid Dream Preparation
"Lucid Dreaming Kit_is1" = Lucid Dreaming Kit
"M30 Reverb" = M30 Reverb
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Maximus" = Maximus
"MediaInfo" = MediaInfo 0.7.53
"MeldaProduction MFreeEffectsBundle 6" = MeldaProduction MFreeEffectsBundle 6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Minimonsta" = GForce - Minimonsta
"MKVToolNix" = MKVToolNix 5.2.1
"mmssetup_is1" = MixMeister Studio Demo 7.4.4
"Morphine" = Morphine
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MSDict" = Microsoft Dictation
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"My Ideal Relationship With Money_is1" = My Ideal Relationship With Money
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"Native Instruments B4 v1.11" = Native Instruments B4 v1.11
"Native Instruments FM7" = Native Instruments FM7
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Kontakt v1.02" = Native Instruments Kontakt v1.02
"Native Instruments Limelite Solo" = Native Instruments Limelite Solo
"Native Instruments Pro52 v2.5" = Native Instruments Pro52 v2.5
"Network Play System (Patching)" = Network Play System (Patching)
"Neuro-Programmer 2 Professional_is1" = Neuro-Programmer Professional 2.4.2
"NoteWorthy Composer 2" = NoteWorthy Composer 2
"Novation V-Station v1.20-H2O" = Novation V-Station v1.20-H2O
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Ohmygod VST2" = OhmForce Ohmygod VST2
"Oregon Trail II" = Oregon Trail II
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PSP SpringVerbCM" = PSP SpringVerb CM
"Quick Screen Recorder 1.5_is1" = Quick Screen Recorder 1.5
"QuickTime 3.0" = QuickTime 3.0
"RealPlayer 6.0" = RealPlayer Basic
"ReBirth RB-338 2.0" = ReBirth RB-338 2.0
"Revo Uninstaller" = Revo Uninstaller 1.93
"rgc:audio z3ta+ VSTi_is1" = rgc:audio z3ta+ VSTi v1.4
"Robotronic" = Robotronic
"RollerCoaster Tycoon Setup" = Roll
"Shockwave" = Shockwave
"SimCity 3000" = SimCity 3000
"SimSynth 2.7 - ZONE" = SimSynth 2.7 - ZONE
"Slayer2 Demo_is1" = Slayer2 Demo 2.5
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"Sony Vocal Eraser_is1" = Sony Vocal Eraser
"sp6" = Logitech SetPoint 6.32
"Spin It Again" = Spin It Again
"ST6UNST #3" = Unphuck
"Star Wars DroidWorks" = Star Wars DroidWorks
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Subliminal Blaster Pro" = Subliminal Blaster Pro
"Sytrus" = Sytrus
"TC Electronic Near Native Plugins_is1" = TC Electronic Near Native Plugins VST v1.0
"The Rosetta Stone" = The Rosetta Stone
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Unique" = Unique
"Vertigo VSC-2_is1" = Vertigo VSC-2 1.0
"VLC media player" = VLC media player 2.0.1
"Vogue" = Vogue
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOW" = WOW
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"xqdcXSP_is1" = Xteq-dotec X-Setup Pro 6.6.300.Final1
"Zero-X BeatSlicer" = Zero-X BeatSlicer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2012 3:08:50 AM | Computer Name = BASEMENT | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/17/2012 3:08:52 AM | Computer Name = BASEMENT | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\Windows\TEMP\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log.

Error - 6/17/2012 3:08:53 AM | Computer Name = BASEMENT | Source = NativeWrapper | ID = 5000
Description =

Error - 6/17/2012 12:42:08 PM | Computer Name = BASEMENT | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6/17/2012 6:57:44 PM | Computer Name = BASEMENT | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/17/2012 6:57:47 PM | Computer Name = BASEMENT | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\Ryan\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 6/17/2012 6:57:50 PM | Computer Name = BASEMENT | Source = NativeWrapper | ID = 5000
Description =

Error - 6/17/2012 6:58:57 PM | Computer Name = BASEMENT | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/17/2012 6:59:01 PM | Computer Name = BASEMENT | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{0213C6AF-5562-4D09-884C-2ADCFC8C2F35}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\Ryan\LOCALS~1\Temp\NDP1.1sp1-KB2656353-X86\NDP1.1sp1-KB2656353-X86-msi.0.log.

Error - 6/17/2012 6:59:02 PM | Computer Name = BASEMENT | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/19/2012 1:19:04 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 20th, 2012, 4:18 pm

rlmark,
Your C: drive does not really have enough free space.
Windows needs about 15% minimum free.
You can check free space by right clicking C: drive and choosing properties.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-------------------------------------------------
Run the ESET Online Scanner
Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.
(You can use either Internet Explorer or Mozilla FireFox for this scan).
You will, however, need to disable your current installed Anti-Virus. Additional information on how to do it is shown here.

  • Please go HERE to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 21st, 2012, 6:27 pm

Hi!

I ran TFC and Eset, and the logs are below. I wanted to scan for viruses with ESET first, but now I'm working on moving some files off of the C: drive to create enough free space.

Symptoms Update: Everything remains the way I described them in my last post, except now they're only happening like 80% of the time as opposed to 100% of the time- occasionally I can get volume back on for a few minutes, or download a file in Chrome.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6981d5466bdf6348a03f91d1b83241e0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-21 09:16:09
# local_time=2012-06-21 05:16:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=491951
# found=12
# cleaned=0
# scan_time=21456
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (unable to clean) 00000000000000000000000000000000 I
C:\UBCD4Win\RL\programs\IPScan\ipscan.exe Win32/NetTool.Portscan.C application (unable to clean) 00000000000000000000000000000000 I
C:\UBCD4Win\RL\programs\Keyfinder\keyfinderpe.exe a variant of Win32/PSWTool.RAS.A application (unable to clean) 00000000000000000000000000000000 I
C:\UBCD4Win\RYAN1\programs\IPScan\ipscan.exe Win32/NetTool.Portscan.C application (unable to clean) 00000000000000000000000000000000 I
C:\UBCD4Win\RYAN1\programs\Keyfinder\keyfinderpe.exe a variant of Win32/PSWTool.RAS.A application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE Win32/Adware.DSSAgent application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\Brett\My Documents\Downloads\CheatEngine55.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\Brett\My Documents\Downloads\HC2Setup(6).exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I
D:\Documents and Settings\Brett\My Documents\Downloads\HC2Setup(7).exe Win32/Somoto application (unable to clean) 00000000000000000000000000000000 I
D:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Adware.DSSAgent application 00000000000000000000000000000000 I
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 22nd, 2012, 3:39 pm

rlmark,
Freecorder is a product of Conduit.
It may be responsible for some of the garbage you are experiencing.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Freecorder Toolbar
Freecorder 5

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    
    @Alternate Data Stream - 1345 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ir9t5FRGMAoEbKynWTUG
    @Alternate Data Stream - 1205 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:h9qzo7gClt6bKLOK2mD
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A
    O4 - HKLM..\Run: [Driver Genius] File not found
    IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-1810697113-279428050-2671847038-1007\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    
    :Files
    C:\Program Files\Freecorder\
    C:\Documents and Settings\Ryan\Application Data\PriceGong
    C:\Documents and Settings\Ryan\Application Data\BitTorrent
    C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll
    C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
    C:\WINDOWS\system32\Process.exe
    D:\Documents and Settings\Brett\My Documents\Downloads\CheatEngine55.exe
    D:\Documents and Settings\Brett\My Documents\Downloads\HC2Setup(6).exe
    D:\Documents and Settings\Brett\My Documents\Downloads\HC2Setup(7).exe
    D:\WINDOWS\pss\PowerReg Scheduler.exe
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 22nd, 2012, 4:34 pm

I think I was able to uninstall those two Freecorder things- not 100% sure though. Once the computer has been up and running for a little longer, I'll let you know if I can confirm symptoms have gone away- looks good right now, but want to make sure!

Here's the log from the OTL fix:


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFree.dll not found.
Registry value HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Freecorder FLV Service deleted successfully.
C:\Program Files\Freecorder\FLVSrvc.exe moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:ir9t5FRGMAoEbKynWTUG deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:h9qzo7gClt6bKLOK2mD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Genius deleted successfully.
HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1810697113-279428050-2671847038-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFree.dll not found.
========== FILES ==========
C:\Program Files\Freecorder folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\PriceGong\tmp folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\BitTorrent\locale folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\BitTorrent\data\torrents folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\BitTorrent\data\resume folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\BitTorrent\data\metainfo folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\BitTorrent\data folder moved successfully.
C:\Documents and Settings\Ryan\Application Data\BitTorrent folder moved successfully.
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll moved successfully.
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE moved successfully.
C:\WINDOWS\system32\Process.exe moved successfully.
D:\Documents and Settings\Brett\My Documents\Downloads\CheatEngine55.exe moved successfully.
D:\Documents and Settings\Brett\My Documents\Downloads\HC2Setup(6).exe moved successfully.
D:\Documents and Settings\Brett\My Documents\Downloads\HC2Setup(7).exe moved successfully.
File\Folder D:\WINDOWS\pss\PowerReg Scheduler.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ryan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Camper

User: Chiptune
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kristin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mom and Dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 653099 bytes
->Flash cache emptied: 841 bytes

User: Ryan
->Temp folder emptied: 4630291 bytes
->Temporary Internet Files folder emptied: 7866771 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 34183454 bytes
->Flash cache emptied: 1736 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3859936 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 390958067 bytes

Total Files Cleaned = 422.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06222012_160931

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Here's the OTL Quick Scan log:


OTL logfile created on: 6/22/2012 4:22:59 PM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 32.06% Memory free
2.11 Gb Paging File | 1.21 Gb Available in Paging File | 57.35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.42 Gb Total Space | 14.17 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 59.11 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
Drive L: | 7.47 Gb Total Space | 2.17 Gb Free Space | 29.01% Space Free | Partition Type: FAT32

Computer Name: BASEMENT | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 16:11:23 | 000,372,736 | ---- | M] ( ) -- C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe
PRC - [2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
PRC - [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/02/15 20:10:56 | 000,688,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/03/30 01:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/12/29 06:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 23:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/22 16:11:23 | 000,307,200 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\mmfs2.dll
MOD - [2012/06/22 16:11:23 | 000,059,392 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\Yaso.mfx
MOD - [2012/06/22 16:11:23 | 000,012,800 | ---- | M] () -- C:\WINDOWS\Temp\mrt1.tmp\Get.mfx
MOD - [2012/06/17 03:37:00 | 011,817,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/17 03:36:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/17 03:36:30 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/17 03:34:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/17 03:34:13 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/17 03:28:42 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/17 03:28:23 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/05/13 03:33:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/13 03:31:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:29:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:27:57 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/13 03:21:07 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:20:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/12 22:44:17 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/02 20:48:41 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/02 20:48:41 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/26 12:45:34 | 000,188,416 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinwcuiDLL.dll
MOD - [2007/10/30 23:29:24 | 000,151,617 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\blkwcapi.dll
MOD - [2006/02/24 11:40:56 | 000,061,440 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinHWStatus.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\Security.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\GTW32N50.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\lnsecsl.exe -- (Adobe Licensing Console)
SRV - [2012/02/15 20:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/11/09 18:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/27 16:07:25 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/04/01 23:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\7.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ryan\LOCALS~1\Temp\gkmixern.sys -- (gkmixern)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CoachVc.sys -- (CoachVc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aitma1bp)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/06/28 18:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/03/30 01:13:00 | 000,024,056 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/24 13:03:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/10/02 05:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/26 11:30:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/10 16:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/11/28 22:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/09/26 18:10:00 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001/07/05 15:12:26 | 000,416,564 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1vme.sys -- (IDMC1Vxp) Intel(r) Play(tm)
DRV - [2001/07/05 15:12:10 | 000,014,628 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IDMC1Blk.sys -- (IDMC1Blk)
DRV - [2001/07/05 15:12:04 | 000,015,188 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\idmc1aud.sys -- (idmc1aud) Intel(r) Play(tm) USB Audio Filter (WDM)
DRV - [2001/04/27 09:28:02 | 000,131,776 | ---- | M] (Intel ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx3.SYS -- (STVqx3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: I:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/17 19:17:06 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Private Browsing = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbhgehldmbojedoeglnclpglgoggonjg\0.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/22 16:09:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Subliminal blaster Pro] C:\Program Files\SB Pro\subliminalblasterpro.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Ryan\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [TypingSatellite] C:\Program Files\TypingMaster\KBOOST.EXE (TypingMaster Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Ryan\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD9C3F28-4C0E-43A1-91BB-D6608479494E}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB41ED32-2F4D-4C79-B138-DFF2DDCB5D2A}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e160d88-3873-11df-838a-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbe0b284-aa7e-11e0-83b3-001320c196a0}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell - "" = AutoRun
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd82e4c7-055f-11df-8384-001320c196a0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 16:09:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 01:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/19 12:32:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/17 20:18:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 19:40:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2012/06/17 19:38:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ryan\IECompatCache
[2012/06/17 12:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/06/17 12:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/06/14 23:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Sony PMB
[2012/06/14 23:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Sony Corporation
[2012/06/14 23:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PlayMemories Home
[2012/06/14 23:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012/06/10 19:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Image-Line
[2012/06/03 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/01 13:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/01 13:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/06/22 16:16:14 | 000,506,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/22 16:16:14 | 000,088,978 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/22 16:15:10 | 000,012,825 | ---- | M] () -- C:\Windows\System32\tubekey.dat
[2012/06/22 16:14:52 | 000,000,105 | ---- | M] () -- C:\Windows\System32\get.dat
[2012/06/22 16:13:05 | 000,000,104 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2012/06/22 16:11:20 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 16:09:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/06/22 15:55:37 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007UA.job
[2012/06/22 11:52:04 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/06/22 02:00:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-BASEMENT-Ryan.job
[2012/06/21 21:56:02 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1810697113-279428050-2671847038-1007Core.job
[2012/06/19 12:32:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2012/06/19 12:32:05 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/17 20:18:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ryan\Desktop\dds.scr
[2012/06/17 20:05:09 | 000,833,086 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 14:00:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:41:23 | 003,666,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 15:01:55 | 000,226,816 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 10:12:54 | 000,114,392 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 09:33:03 | 000,086,624 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 23:16:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/06/14 13:35:15 | 000,090,440 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:29:12 | 001,641,672 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:21:40 | 023,136,224 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:12:21 | 006,253,782 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/12 01:00:17 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/12 01:00:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Google Chrome.lnk
[2012/06/10 19:56:40 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:54 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | M] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2012/06/10 12:45:25 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012/06/09 14:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\Superbas.ini
[2012/06/05 07:05:46 | 005,190,388 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/03 16:30:45 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 16:29:37 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Dropbox.lnk
[2012/06/01 13:33:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 17:55:33 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/24 21:40:27 | 010,736,888 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Texture-Collegiate Feelings.mp3

========== Files Created - No Company Name ==========

[2012/06/19 12:32:01 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CKScanner.exe
[2012/06/17 20:05:02 | 000,833,086 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\cc_20120617_200419.reg
[2012/06/17 19:17:48 | 000,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/06/17 14:00:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 12:46:30 | 000,012,825 | ---- | C] () -- C:\Windows\System32\tubekey.dat
[2012/06/17 12:46:15 | 000,000,105 | ---- | C] () -- C:\Windows\System32\get.dat
[2012/06/15 00:43:27 | 000,114,392 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg
[2012/06/15 00:43:27 | 000,086,624 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\senior prank.veg.bak
[2012/06/14 23:24:08 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PlayMemories Home.lnk
[2012/06/14 12:29:03 | 001,641,672 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2 sketch.mp3
[2012/06/14 12:23:09 | 000,090,440 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.sfk
[2012/06/14 12:21:36 | 023,136,224 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 2.wav
[2012/06/12 20:11:21 | 006,253,782 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\beat 1.mp3
[2012/06/10 19:56:40 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Deckadance.lnk
[2012/06/10 19:55:24 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/10 19:54:56 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FL Studio 10.lnk
[2012/06/10 19:45:04 | 000,915,879 | ---- | C] ( ) -- C:\Windows\System32\lnsecsl.exe
[2012/06/05 07:05:31 | 005,190,388 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Church.mp3
[2012/06/01 13:33:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/01 13:24:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 17:54:27 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/24 21:39:48 | 010,736,888 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Texture-Collegiate Feelings.mp3
[2012/04/18 17:08:25 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/04/03 12:06:07 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/04/02 15:58:59 | 000,650,657 | ---- | C] () -- C:\Program Files\lame3.99.5 (1).zip
[2012/03/25 15:28:13 | 000,078,960 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/03 20:21:51 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/03/01 14:01:36 | 000,003,072 | ---- | C] () -- C:\Windows\System32\iacenc.dll
[2012/02/29 23:17:28 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPluginConfiguration.xml
[2012/02/29 23:01:01 | 000,197,014 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAnalyzerpresets.xml
[2012/02/29 23:01:01 | 000,013,964 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFlangerpresets.xml
[2012/02/29 23:01:01 | 000,013,158 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MOscillatorpresets.xml
[2012/02/29 23:01:01 | 000,009,119 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MFreqShifterpresets.xml
[2012/02/29 23:01:01 | 000,007,130 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerpresets.xml
[2012/02/29 23:01:01 | 000,006,687 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\menvelopepresets.xml
[2012/02/29 23:01:01 | 000,006,444 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MCompressorpresets.xml
[2012/02/29 23:01:01 | 000,005,622 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MNoiseGeneratorpresets.xml
[2012/02/29 23:01:01 | 000,005,138 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MWaveShaperpresets.xml
[2012/02/29 23:01:01 | 000,004,362 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MPhaserpresets.xml
[2012/02/29 23:01:01 | 000,003,771 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MRingModulatorpresets.xml
[2012/02/29 23:01:01 | 000,002,820 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MEqualizerAreasEditorpresets.xml
[2012/02/29 23:01:01 | 000,002,775 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MStereoExpanderpresets.xml
[2012/02/29 23:01:01 | 000,002,666 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MVibratopresets.xml
[2012/02/29 23:01:01 | 000,002,492 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MSpectralAnalyzerPrefilterpresets.xml
[2012/02/29 23:01:01 | 000,002,366 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MTremolopresets.xml
[2012/02/29 23:01:01 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MAutopanpresets.xml
[2012/02/29 23:01:01 | 000,001,381 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MLimiterpresets.xml
[2012/02/29 23:01:01 | 000,001,235 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\mbasestyleconfigurationpresets.xml
[2012/02/29 23:01:01 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\MValueToColor5presets.xml
[2012/02/19 21:54:27 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2012/01/28 17:03:20 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\x264_x64.ini
[2012/01/21 15:06:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2012/01/21 15:06:14 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011/08/11 19:40:44 | 000,074,340 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.2.2.exe
[2011/07/25 05:48:58 | 000,074,293 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\Setup.1.2.exe
[2011/07/16 15:43:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/06/28 18:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/05/31 16:46:14 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2011/05/31 16:46:14 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2011/05/31 16:46:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2011/05/28 19:15:56 | 000,000,040 | ---- | C] () -- C:\Windows\Superbas.ini
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/09 15:38:51 | 000,008,776 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2010/08/31 20:27:00 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll
[2010/07/05 13:56:38 | 000,001,077 | ---- | C] () -- C:\Windows\unins000.dat
[2010/07/04 22:25:31 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll
[2010/07/04 22:25:31 | 000,000,093 | ---- | C] () -- C:\Windows\netctrl.ini

========== LOP Check ==========

[2012/02/24 18:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2012/04/05 00:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2009/04/13 15:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/01/24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/02/25 19:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2007/03/25 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EarMaster
[2006/03/19 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2012/02/19 23:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2011/05/30 21:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2012/02/29 23:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTexturedStyles
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/02/25 19:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/02/25 18:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/06 11:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD
[2012/03/14 20:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/30 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/30 21:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/05/18 21:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/13 15:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/05/18 22:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/08/27 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/07 19:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/02/25 13:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/24 17:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2012/02/05 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/03 17:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Antares
[2005/12/23 17:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Atari
[2012/02/05 12:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ConverterLite
[2012/02/25 17:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Cytomic
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools
[2009/01/24 13:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Lite
[2009/01/24 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DAEMON Tools Pro
[2012/02/24 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\deluge
[2012/02/25 19:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DriverFinder
[2012/06/22 16:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dropbox
[2012/03/28 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoft
[2012/03/28 23:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DVDVideoSoftIEHelpers
[2009/04/03 21:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\EarMaster
[2012/06/05 22:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\FileZilla
[2012/04/10 22:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\fltk.org
[2012/06/14 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2009/03/28 17:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Garritan
[2006/07/15 11:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\GEAR Video 8.01
[2012/02/24 18:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0
[2012/05/19 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HandBrake
[2012/04/10 15:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\highc
[2012/02/20 00:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\KORG
[2005/12/23 17:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Leadertech
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MeldaProduction
[2012/01/28 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\mkvtoolnix
[2011/05/30 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSNInstaller
[2012/02/29 23:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MSPS
[2012/02/29 23:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MTexturedStyles
[2009/07/03 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\NetMedia Providers
[2011/07/16 15:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Noteworthy Software
[2009/01/25 17:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Nuance
[2012/06/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PACE Anti-Piracy
[2009/03/28 18:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Plogue
[2012/03/29 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\PrimoPDF
[2006/09/04 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Publish Providers
[2012/01/21 16:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\RipIt4Me
[2008/01/17 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\rockbox.org
[2006/07/08 08:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Seven Zip
[2010/06/25 15:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Smartelectronix
[2012/05/18 22:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony
[2012/05/18 22:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Creative Software Inc
[2009/05/25 12:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sony Setup
[2012/06/09 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Spotify
[2011/06/16 17:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TypingMaster7
[2012/02/19 23:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Waldorf
[2011/09/07 19:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Western Digital

========== Purity Check ==========



< End of report >
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 22nd, 2012, 4:46 pm

Nope, still not symptom free. That was the longest I've been able to run the computer with the sound unmuted thus far, but after ~20 minutes, it remuted and the IE Script Unresponsive errors starting popping back up.
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 23rd, 2012, 7:23 am

rlmark,
Let's check for a rootkit.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 23rd, 2012, 10:36 am

Both programs ran successfully, no threats found with TDSSKiller. Here's the log anyways. Symptoms still being experienced.


10:30:50.0203 3292 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
10:30:50.0656 3292 ============================================================
10:30:50.0656 3292 Current date / time: 2012/06/23 10:30:50.0656
10:30:50.0656 3292 SystemInfo:
10:30:50.0656 3292
10:30:50.0656 3292 OS Version: 5.1.2600 ServicePack: 3.0
10:30:50.0656 3292 Product type: Workstation
10:30:50.0656 3292 ComputerName: BASEMENT
10:30:50.0656 3292 UserName: Ryan
10:30:50.0656 3292 Windows directory: C:\Windows
10:30:50.0656 3292 System windows directory: C:\Windows
10:30:50.0656 3292 Processor architecture: Intel x86
10:30:50.0656 3292 Number of processors: 1
10:30:50.0656 3292 Page size: 0x1000
10:30:50.0656 3292 Boot type: Normal boot
10:30:50.0656 3292 ============================================================
10:31:00.0921 3292 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:31:01.0062 3292 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:31:01.0093 3292 ============================================================
10:31:01.0093 3292 \Device\Harddisk0\DR0:
10:31:01.0203 3292 MBR partitions:
10:31:01.0203 3292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xFAD8DB5
10:31:01.0203 3292 \Device\Harddisk1\DR1:
10:31:01.0203 3292 MBR partitions:
10:31:01.0218 3292 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
10:31:01.0218 3292 ============================================================
10:31:01.0453 3292 C: <-> \Device\Harddisk0\DR0\Partition0
10:31:01.0468 3292 D: <-> \Device\Harddisk1\DR1\Partition0
10:31:01.0718 3292 ============================================================
10:31:01.0718 3292 Initialize success
10:31:01.0718 3292 ============================================================
10:31:14.0140 3672 ============================================================
10:31:14.0140 3672 Scan started
10:31:14.0140 3672 Mode: Manual;
10:31:14.0140 3672 ============================================================
10:31:19.0046 3672 Abiosdsk - ok
10:31:19.0406 3672 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\Windows\system32\DRIVERS\ABP480N5.SYS
10:31:19.0406 3672 abp480n5 - ok
10:31:20.0156 3672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\Windows\system32\DRIVERS\ACPI.sys
10:31:20.0234 3672 ACPI - ok
10:31:20.0500 3672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\Windows\system32\drivers\ACPIEC.sys
10:31:20.0562 3672 ACPIEC - ok
10:31:24.0046 3672 Adobe Licensing Console (49732db514734743c15c8f4cccf4ac54) C:\Windows\System32\lnsecsl.exe
10:31:24.0328 3672 Adobe Licensing Console - ok
10:31:24.0765 3672 adpu160m (9a11864873da202c996558b2106b0bbc) C:\Windows\system32\DRIVERS\adpu160m.sys
10:31:24.0781 3672 adpu160m - ok
10:31:25.0265 3672 aec (8bed39e3c35d6a489438b8141717a557) C:\Windows\system32\drivers\aec.sys
10:31:25.0484 3672 aec - ok
10:31:27.0109 3672 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
10:31:27.0109 3672 AegisP - ok
10:31:27.0281 3672 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
10:31:27.0281 3672 Afc - ok
10:31:27.0671 3672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\Windows\System32\drivers\afd.sys
10:31:27.0671 3672 AFD - ok
10:31:27.0875 3672 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\Windows\system32\DRIVERS\agp440.sys
10:31:27.0875 3672 agp440 - ok
10:31:28.0453 3672 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\Windows\system32\DRIVERS\agpCPQ.sys
10:31:28.0484 3672 agpCPQ - ok
10:31:28.0765 3672 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\Windows\system32\DRIVERS\aha154x.sys
10:31:28.0765 3672 Aha154x - ok
10:31:29.0015 3672 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\Windows\system32\DRIVERS\aic78u2.sys
10:31:29.0015 3672 aic78u2 - ok
10:31:29.0234 3672 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\Windows\system32\DRIVERS\aic78xx.sys
10:31:29.0234 3672 aic78xx - ok
10:31:29.0328 3672 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\Windows\system32\alrsvc.dll
10:31:29.0328 3672 Alerter - ok
10:31:29.0531 3672 ALG (8c515081584a38aa007909cd02020b3d) C:\Windows\System32\alg.exe
10:31:29.0546 3672 ALG - ok
10:31:29.0750 3672 AliIde (1140ab9938809700b46bb88e46d72a96) C:\Windows\system32\DRIVERS\aliide.sys
10:31:29.0750 3672 AliIde - ok
10:31:29.0984 3672 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\Windows\system32\DRIVERS\alim1541.sys
10:31:29.0984 3672 alim1541 - ok
10:31:30.0234 3672 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\Windows\system32\DRIVERS\amdagp.sys
10:31:30.0250 3672 amdagp - ok
10:31:30.0343 3672 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\Windows\system32\DRIVERS\amsint.sys
10:31:30.0343 3672 amsint - ok
10:31:31.0187 3672 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:31:31.0187 3672 Apple Mobile Device - ok
10:31:31.0203 3672 AppMgmt - ok
10:31:31.0687 3672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\Windows\system32\DRIVERS\arp1394.sys
10:31:31.0687 3672 Arp1394 - ok
10:31:31.0859 3672 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\Windows\system32\drivers\ASAPIW2k.sys
10:31:31.0859 3672 ASAPIW2K - ok
10:31:32.0171 3672 asc (62d318e9a0c8fc9b780008e724283707) C:\Windows\system32\DRIVERS\asc.sys
10:31:32.0171 3672 asc - ok
10:31:32.0390 3672 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\Windows\system32\DRIVERS\asc3350p.sys
10:31:32.0390 3672 asc3350p - ok
10:31:32.0562 3672 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\Windows\system32\DRIVERS\asc3550.sys
10:31:32.0562 3672 asc3550 - ok
10:31:32.0765 3672 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\Windows\system32\drivers\ASCTRM.sys
10:31:32.0765 3672 ASCTRM - ok
10:31:34.0546 3672 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:31:34.0859 3672 aspnet_state - ok
10:31:35.0109 3672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\Windows\system32\DRIVERS\asyncmac.sys
10:31:35.0109 3672 AsyncMac - ok
10:31:35.0796 3672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\Windows\system32\DRIVERS\atapi.sys
10:31:35.0828 3672 atapi - ok
10:31:35.0828 3672 Atdisk - ok
10:31:36.0078 3672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\Windows\system32\DRIVERS\atmarpc.sys
10:31:36.0140 3672 Atmarpc - ok
10:31:36.0281 3672 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\Windows\System32\audiosrv.dll
10:31:36.0281 3672 AudioSrv - ok
10:31:36.0375 3672 audstub (d9f724aa26c010a217c97606b160ed68) C:\Windows\system32\DRIVERS\audstub.sys
10:31:36.0421 3672 audstub - ok
10:31:36.0703 3672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\Windows\system32\drivers\Beep.sys
10:31:36.0703 3672 Beep - ok
10:31:37.0671 3672 BITS (574738f61fca2935f5265dc4e5691314) C:\Windows\system32\qmgr.dll
10:31:37.0796 3672 BITS - ok
10:31:38.0937 3672 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:31:38.0984 3672 Bonjour Service - ok
10:31:39.0140 3672 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\Windows\System32\browser.dll
10:31:39.0140 3672 Browser - ok
10:31:39.0171 3672 bvrp_pci - ok
10:31:39.0265 3672 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\Windows\system32\DRIVERS\cbidf2k.sys
10:31:39.0265 3672 cbidf - ok
10:31:39.0296 3672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\Windows\system32\drivers\cbidf2k.sys
10:31:39.0296 3672 cbidf2k - ok
10:31:39.0421 3672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\Windows\system32\DRIVERS\CCDECODE.sys
10:31:39.0437 3672 CCDECODE - ok
10:31:39.0531 3672 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\Windows\system32\DRIVERS\cd20xrnt.sys
10:31:39.0531 3672 cd20xrnt - ok
10:31:39.0703 3672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\Windows\system32\drivers\Cdaudio.sys
10:31:39.0750 3672 Cdaudio - ok
10:31:39.0937 3672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\Windows\system32\drivers\Cdfs.sys
10:31:39.0937 3672 Cdfs - ok
10:31:40.0109 3672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\Windows\system32\DRIVERS\cdrom.sys
10:31:40.0125 3672 Cdrom - ok
10:31:40.0125 3672 Changer - ok
10:31:40.0421 3672 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\Windows\system32\cisvc.exe
10:31:40.0421 3672 cisvc - ok
10:31:40.0562 3672 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\Windows\system32\clipsrv.exe
10:31:40.0562 3672 ClipSrv - ok
10:31:40.0875 3672 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:31:41.0218 3672 clr_optimization_v2.0.50727_32 - ok
10:31:42.0390 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:31:43.0281 3672 clr_optimization_v4.0.30319_32 - ok
10:31:43.0406 3672 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\Windows\system32\DRIVERS\cmdide.sys
10:31:43.0421 3672 CmdIde - ok
10:31:43.0421 3672 CoachVc - ok
10:31:43.0437 3672 COMSysApp - ok
10:31:43.0578 3672 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\Windows\system32\DRIVERS\cpqarray.sys
10:31:43.0578 3672 Cpqarray - ok
10:31:44.0156 3672 CrashPlanService (c295ef49be39c1170d44f90e740c5d61) C:\Program Files\CrashPlan\CrashPlanService.exe
10:31:44.0187 3672 CrashPlanService - ok
10:31:44.0375 3672 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\Windows\System32\cryptsvc.dll
10:31:44.0375 3672 CryptSvc - ok
10:31:44.0546 3672 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\Windows\system32\DRIVERS\dac2w2k.sys
10:31:44.0578 3672 dac2w2k - ok
10:31:44.0671 3672 dac960nt (683789caa3864eb46125ae86ff677d34) C:\Windows\system32\DRIVERS\dac960nt.sys
10:31:44.0671 3672 dac960nt - ok
10:31:45.0265 3672 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\Windows\system32\DRIVERS\emDevice.sys
10:31:45.0265 3672 DCamUSBEMPIA - ok
10:31:45.0343 3672 DCamUSBSQTECH (12e0a4134d5fd9914b965aa5aaa49e8f) C:\Windows\system32\Drivers\SQcaptur.sys
10:31:45.0343 3672 DCamUSBSQTECH - ok
10:31:46.0078 3672 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\Windows\system32\rpcss.dll
10:31:46.0171 3672 DcomLaunch - ok
10:31:46.0281 3672 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\Windows\System32\dhcpcsvc.dll
10:31:46.0328 3672 Dhcp - ok
10:31:46.0406 3672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\Windows\system32\DRIVERS\disk.sys
10:31:46.0406 3672 Disk - ok
10:31:46.0421 3672 dmadmin - ok
10:31:48.0687 3672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\Windows\system32\drivers\dmboot.sys
10:31:49.0578 3672 dmboot - ok
10:31:50.0015 3672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\Windows\system32\drivers\dmio.sys
10:31:50.0062 3672 dmio - ok
10:31:50.0171 3672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\Windows\system32\drivers\dmload.sys
10:31:50.0218 3672 dmload - ok
10:31:50.0312 3672 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\Windows\System32\dmserver.dll
10:31:50.0312 3672 dmserver - ok
10:31:50.0500 3672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\Windows\system32\drivers\DMusic.sys
10:31:50.0500 3672 DMusic - ok
10:31:50.0750 3672 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\Windows\System32\dnsrslvr.dll
10:31:50.0796 3672 Dnscache - ok
10:31:51.0125 3672 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\Windows\System32\dot3svc.dll
10:31:51.0171 3672 Dot3svc - ok
10:31:51.0203 3672 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\Windows\system32\DRIVERS\dpti2o.sys
10:31:51.0218 3672 dpti2o - ok
10:31:51.0265 3672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\Windows\system32\drivers\drmkaud.sys
10:31:51.0265 3672 drmkaud - ok
10:31:51.0406 3672 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\Windows\system32\drivers\drvmcdb.sys
10:31:51.0468 3672 drvmcdb - ok
10:31:51.0484 3672 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\Windows\system32\drivers\drvnddm.sys
10:31:51.0531 3672 drvnddm - ok
10:31:51.0656 3672 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys
10:31:51.0687 3672 E100B - ok
10:31:51.0718 3672 EapHost (2187855a7703adef0cef9ee4285182cc) C:\Windows\System32\eapsvc.dll
10:31:51.0765 3672 EapHost - ok
10:31:51.0875 3672 emAudio (200da4f1964c11b3c19a07f937394624) C:\Windows\system32\drivers\emAudio.sys
10:31:51.0875 3672 emAudio - ok
10:31:51.0906 3672 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\Windows\System32\ersvc.dll
10:31:51.0921 3672 ERSvc - ok
10:31:52.0000 3672 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\Windows\system32\services.exe
10:31:52.0062 3672 Eventlog - ok
10:31:52.0171 3672 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:31:52.0421 3672 EventSystem - ok
10:31:53.0093 3672 Fastfat (38d332a6d56af32635675f132548343e) C:\Windows\system32\drivers\Fastfat.sys
10:31:53.0093 3672 Fastfat - ok
10:31:53.0656 3672 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\Windows\System32\shsvcs.dll
10:31:53.0671 3672 FastUserSwitchingCompatibility - ok
10:31:53.0765 3672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\Windows\system32\DRIVERS\fdc.sys
10:31:53.0812 3672 Fdc - ok
10:31:53.0937 3672 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\Windows\system32\DRIVERS\emFilter.sys
10:31:53.0937 3672 FiltUSBEMPIA - ok
10:31:54.0078 3672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\Windows\system32\drivers\Fips.sys
10:31:54.0078 3672 Fips - ok
10:31:55.0437 3672 FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:31:55.0500 3672 FLEXnet Licensing Service - ok
10:31:55.0609 3672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\Windows\system32\DRIVERS\flpydisk.sys
10:31:55.0609 3672 Flpydisk - ok
10:31:55.0843 3672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\Windows\system32\drivers\fltmgr.sys
10:31:55.0875 3672 FltMgr - ok
10:31:56.0093 3672 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:31:56.0156 3672 FontCache3.0.0.0 - ok
10:31:56.0218 3672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\Windows\system32\drivers\Fs_Rec.sys
10:31:56.0218 3672 Fs_Rec - ok
10:31:56.0296 3672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\Windows\system32\DRIVERS\ftdisk.sys
10:31:56.0296 3672 Ftdisk - ok
10:31:56.0390 3672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\gearaspiwdm.sys
10:31:56.0390 3672 GEARAspiWDM - ok
10:31:56.0578 3672 gkmixern - ok
10:31:57.0000 3672 GoToMyPC (0b53f4306e17025e7685d18c3a77127e) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
10:31:57.0062 3672 GoToMyPC - ok
10:31:57.0140 3672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\Windows\system32\DRIVERS\msgpc.sys
10:31:57.0156 3672 Gpc - ok
10:31:57.0265 3672 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\PROGRA~1\Belkin\F5D705~1\GTNDIS5.SYS
10:31:57.0265 3672 GTNDIS5 - ok
10:31:57.0375 3672 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:31:57.0390 3672 helpsvc - ok
10:31:57.0453 3672 HidServ (deb04da35cc871b6d309b77e1443c796) C:\Windows\System32\hidserv.dll
10:31:57.0453 3672 HidServ - ok
10:31:57.0484 3672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\Windows\system32\DRIVERS\hidusb.sys
10:31:57.0484 3672 HidUsb - ok
10:31:57.0562 3672 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\Windows\System32\kmsvc.dll
10:31:57.0562 3672 hkmsvc - ok
10:31:57.0640 3672 hpn (b028377dea0546a5fcfba928a8aefae0) C:\Windows\system32\DRIVERS\hpn.sys
10:31:57.0640 3672 hpn - ok
10:31:57.0765 3672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\Windows\system32\Drivers\HTTP.sys
10:31:57.0781 3672 HTTP - ok
10:31:57.0828 3672 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\Windows\System32\w3ssl.dll
10:31:57.0843 3672 HTTPFilter - ok
10:31:57.0890 3672 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\Windows\system32\drivers\i2omgmt.sys
10:31:57.0890 3672 i2omgmt - ok
10:31:57.0921 3672 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\Windows\system32\DRIVERS\i2omp.sys
10:31:57.0921 3672 i2omp - ok
10:31:57.0984 3672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\Windows\system32\DRIVERS\i8042prt.sys
10:31:57.0984 3672 i8042prt - ok
10:31:58.0171 3672 ialm (0294a30b302ca71a2c26e582dda93486) C:\Windows\system32\DRIVERS\ialmnt5.sys
10:31:58.0203 3672 ialm - ok
10:31:58.0281 3672 ICDSPTSV (05c0a75ba2f910f69a643ee4f9767acf) C:\WINDOWS\system32\IcdSptSv.exe
10:31:58.0296 3672 ICDSPTSV - ok
10:31:58.0343 3672 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\Windows\system32\Drivers\ICDUSB2.sys
10:31:58.0343 3672 ICDUSB2 - ok
10:31:58.0406 3672 idmc1aud (937c7e0d5a684af39430ed27e1e825b8) C:\Windows\system32\drivers\idmc1aud.sys
10:31:58.0406 3672 idmc1aud - ok
10:31:58.0421 3672 IDMC1Blk (a05e44a7ff85e5b60534658b53e4d8c6) C:\Windows\system32\DRIVERS\IDMC1Blk.sys
10:31:58.0421 3672 IDMC1Blk - ok
10:31:58.0562 3672 IDMC1Vxp (75d4621b1d3602688db04e62d125fafc) C:\Windows\system32\DRIVERS\idmc1vme.sys
10:31:58.0609 3672 IDMC1Vxp - ok
10:31:58.0750 3672 IDriverT (6aa3f94167a12b5bccbd0883ed27aea0) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:31:58.0750 3672 IDriverT - ok
10:31:59.0109 3672 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:31:59.0140 3672 idsvc - ok
10:31:59.0296 3672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\Windows\system32\DRIVERS\imapi.sys
10:31:59.0312 3672 Imapi - ok
10:31:59.0515 3672 Imapi Helper (1acad13923e467e473c3ec503223f983) C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
10:31:59.0531 3672 Imapi Helper - ok
10:31:59.0656 3672 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:31:59.0687 3672 ImapiService - ok
10:31:59.0781 3672 ini910u (4a40e045faee58631fd8d91afc620719) C:\Windows\system32\DRIVERS\ini910u.sys
10:31:59.0781 3672 ini910u - ok
10:31:59.0843 3672 Intel(R) PROSet Monitoring Service (386f3f1ad783f3312c057fb8699ae09b) C:\Windows\system32\IProsetMonitor.exe
10:31:59.0859 3672 Intel(R) PROSet Monitoring Service - ok
10:32:00.0031 3672 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\Windows\system32\DRIVERS\IntelC51.sys
10:32:00.0125 3672 IntelC51 - ok
10:32:00.0250 3672 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\Windows\system32\DRIVERS\IntelC52.sys
10:32:00.0265 3672 IntelC52 - ok
10:32:00.0312 3672 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\Windows\system32\DRIVERS\IntelC53.sys
10:32:00.0312 3672 IntelC53 - ok
10:32:00.0375 3672 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\Windows\system32\DRIVERS\intelide.sys
10:32:00.0375 3672 IntelIde - ok
10:32:00.0468 3672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\Windows\system32\DRIVERS\intelppm.sys
10:32:00.0468 3672 intelppm - ok
10:32:00.0500 3672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\Windows\system32\drivers\ip6fw.sys
10:32:00.0515 3672 Ip6Fw - ok
10:32:00.0593 3672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:32:00.0593 3672 IpFilterDriver - ok
10:32:00.0640 3672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\Windows\system32\DRIVERS\ipinip.sys
10:32:00.0656 3672 IpInIp - ok
10:32:00.0703 3672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\Windows\system32\DRIVERS\ipnat.sys
10:32:00.0703 3672 IpNat - ok
10:32:00.0953 3672 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:32:01.0046 3672 iPod Service - ok
10:32:01.0078 3672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\Windows\system32\DRIVERS\ipsec.sys
10:32:01.0093 3672 IPSec - ok
10:32:01.0125 3672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\Windows\system32\DRIVERS\irenum.sys
10:32:01.0125 3672 IRENUM - ok
10:32:01.0187 3672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\Windows\system32\DRIVERS\isapnp.sys
10:32:01.0203 3672 isapnp - ok
10:32:01.0531 3672 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
10:32:01.0593 3672 JavaQuickStarterService - ok
10:32:02.0625 3672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\Windows\system32\DRIVERS\kbdclass.sys
10:32:02.0625 3672 Kbdclass - ok
10:32:02.0640 3672 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\Windows\system32\DRIVERS\kbdhid.sys
10:32:02.0640 3672 kbdhid - ok
10:32:02.0843 3672 kmixer (692bcf44383d056aed41b045a323d378) C:\Windows\system32\drivers\kmixer.sys
10:32:02.0875 3672 kmixer - ok
10:32:03.0031 3672 KORGUMDS (50deddce25c89382a23e605eb4e0236b) C:\Windows\system32\Drivers\KORGUMDS.SYS
10:32:03.0031 3672 KORGUMDS - ok
10:32:03.0281 3672 KSecDD (b467646c54cc746128904e1654c750c1) C:\Windows\system32\drivers\KSecDD.sys
10:32:03.0359 3672 KSecDD - ok
10:32:03.0515 3672 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\Windows\System32\srvsvc.dll
10:32:03.0562 3672 lanmanserver - ok
10:32:04.0062 3672 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\Windows\System32\wkssvc.dll
10:32:04.0078 3672 lanmanworkstation - ok
10:32:04.0156 3672 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\Windows\system32\Drivers\LBeepKE.sys
10:32:04.0156 3672 LBeepKE - ok
10:32:04.0171 3672 lbrtfdc - ok
10:32:04.0406 3672 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:32:04.0500 3672 LBTServ - ok
10:32:04.0625 3672 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:32:04.0625 3672 LHidFilt - ok
10:32:04.0671 3672 LmHosts (a7db739ae99a796d91580147e919cc59) C:\Windows\System32\lmhsvc.dll
10:32:04.0687 3672 LmHosts - ok
10:32:04.0718 3672 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:32:04.0718 3672 LMouFilt - ok
10:32:04.0812 3672 LUsbFilt (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\Windows\system32\Drivers\LUsbFilt.Sys
10:32:04.0812 3672 LUsbFilt - ok
10:32:04.0953 3672 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
10:32:04.0953 3672 MarvinBus - ok
10:32:04.0968 3672 MEMSWEEP2 - ok
10:32:05.0046 3672 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\Windows\System32\msgsvc.dll
10:32:05.0062 3672 Messenger - ok
10:32:05.0140 3672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\Windows\system32\drivers\mnmdd.sys
10:32:05.0140 3672 mnmdd - ok
10:32:05.0203 3672 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:32:05.0218 3672 mnmsrvc - ok
10:32:05.0265 3672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\Windows\system32\drivers\Modem.sys
10:32:05.0281 3672 Modem - ok
10:32:05.0375 3672 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\Windows\system32\drivers\MODEMCSA.sys
10:32:05.0375 3672 MODEMCSA - ok
10:32:05.0406 3672 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\Windows\system32\DRIVERS\mohfilt.sys
10:32:05.0406 3672 mohfilt - ok
10:32:05.0437 3672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\Windows\system32\DRIVERS\mouclass.sys
10:32:05.0437 3672 Mouclass - ok
10:32:05.0515 3672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\Windows\system32\DRIVERS\mouhid.sys
10:32:05.0515 3672 mouhid - ok
10:32:05.0593 3672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\Windows\system32\drivers\MountMgr.sys
10:32:05.0625 3672 MountMgr - ok
10:32:05.0671 3672 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\Windows\system32\DRIVERS\MPE.sys
10:32:05.0671 3672 MPE - ok
10:32:05.0734 3672 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\Windows\system32\DRIVERS\mraid35x.sys
10:32:05.0734 3672 mraid35x - ok
10:32:05.0843 3672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\Windows\system32\DRIVERS\mrxdav.sys
10:32:05.0906 3672 MRxDAV - ok
10:32:06.0062 3672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:32:06.0109 3672 MRxSmb - ok
10:32:06.0156 3672 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:32:06.0171 3672 MSDTC - ok
10:32:06.0203 3672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\Windows\system32\drivers\Msfs.sys
10:32:06.0218 3672 Msfs - ok
10:32:06.0218 3672 MSIServer - ok
10:32:06.0312 3672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\Windows\system32\drivers\MSKSSRV.sys
10:32:06.0328 3672 MSKSSRV - ok
10:32:06.0375 3672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:32:06.0375 3672 MSPCLOCK - ok
10:32:06.0421 3672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\Windows\system32\drivers\MSPQM.sys
10:32:06.0421 3672 MSPQM - ok
10:32:06.0484 3672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\Windows\system32\DRIVERS\mssmbios.sys
10:32:06.0484 3672 mssmbios - ok
10:32:06.0625 3672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\Windows\system32\drivers\MSTEE.sys
10:32:06.0625 3672 MSTEE - ok
10:32:06.0671 3672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\Windows\system32\drivers\Mup.sys
10:32:06.0671 3672 Mup - ok
10:32:06.0765 3672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\Windows\system32\DRIVERS\NABTSFEC.sys
10:32:06.0812 3672 NABTSFEC - ok
10:32:06.0921 3672 napagent (0102140028fad045756796e1c685d695) C:\Windows\System32\qagentrt.dll
10:32:06.0953 3672 napagent - ok
10:32:07.0015 3672 NDIS (1df7f42665c94b825322fae71721130d) C:\Windows\system32\drivers\NDIS.sys
10:32:07.0078 3672 NDIS - ok
10:32:07.0140 3672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\Windows\system32\DRIVERS\NdisIP.sys
10:32:07.0140 3672 NdisIP - ok
10:32:07.0171 3672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\Windows\system32\DRIVERS\ndistapi.sys
10:32:07.0171 3672 NdisTapi - ok
10:32:07.0296 3672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\Windows\system32\DRIVERS\ndisuio.sys
10:32:07.0328 3672 Ndisuio - ok
10:32:07.0406 3672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\Windows\system32\DRIVERS\ndiswan.sys
10:32:07.0421 3672 NdisWan - ok
10:32:07.0468 3672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\Windows\system32\drivers\NDProxy.sys
10:32:07.0468 3672 NDProxy - ok
10:32:07.0484 3672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\Windows\system32\DRIVERS\netbios.sys
10:32:07.0484 3672 NetBIOS - ok
10:32:07.0531 3672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\Windows\system32\DRIVERS\netbt.sys
10:32:07.0546 3672 NetBT - ok
10:32:07.0656 3672 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\Windows\system32\netdde.exe
10:32:07.0671 3672 NetDDE - ok
10:32:07.0687 3672 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\Windows\system32\netdde.exe
10:32:07.0687 3672 NetDDEdsdm - ok
10:32:07.0718 3672 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\Windows\system32\lsass.exe
10:32:07.0718 3672 Netlogon - ok
10:32:07.0828 3672 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\Windows\System32\netman.dll
10:32:07.0890 3672 Netman - ok
10:32:08.0125 3672 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:32:08.0187 3672 NetTcpPortSharing - ok
10:32:08.0250 3672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\Windows\system32\DRIVERS\nic1394.sys
10:32:08.0281 3672 NIC1394 - ok
10:32:08.0406 3672 Nla (943337d786a56729263071623bbb9de5) C:\Windows\System32\mswsock.dll
10:32:08.0453 3672 Nla - ok
10:32:08.0515 3672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\Windows\system32\drivers\Npfs.sys
10:32:08.0515 3672 Npfs - ok
10:32:08.0718 3672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\Windows\system32\drivers\Ntfs.sys
10:32:08.0734 3672 Ntfs - ok
10:32:08.0812 3672 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\Windows\system32\lsass.exe
10:32:08.0812 3672 NtLmSsp - ok
10:32:08.0906 3672 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\Windows\system32\ntmssvc.dll
10:32:09.0046 3672 NtmsSvc - ok
10:32:09.0093 3672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\Windows\system32\drivers\Null.sys
10:32:09.0093 3672 Null - ok
10:32:10.0171 3672 nv (9f4384aa43548ddd438f7b7825d11699) C:\Windows\system32\DRIVERS\nv4_mini.sys
10:32:10.0437 3672 nv - ok
10:32:10.0656 3672 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\Windows\system32\nvsvc32.exe
10:32:10.0671 3672 NVSvc - ok
10:32:10.0781 3672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\Windows\system32\DRIVERS\nwlnkflt.sys
10:32:10.0781 3672 NwlnkFlt - ok
10:32:10.0812 3672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\Windows\system32\DRIVERS\nwlnkfwd.sys
10:32:10.0828 3672 NwlnkFwd - ok
10:32:10.0890 3672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\Windows\system32\DRIVERS\ohci1394.sys
10:32:10.0906 3672 ohci1394 - ok
10:32:11.0156 3672 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:32:11.0187 3672 ose - ok
10:32:11.0328 3672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\Windows\system32\DRIVERS\parport.sys
10:32:11.0359 3672 Parport - ok
10:32:11.0375 3672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\Windows\system32\drivers\PartMgr.sys
10:32:11.0375 3672 PartMgr - ok
10:32:11.0421 3672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\Windows\system32\drivers\ParVdm.sys
10:32:11.0421 3672 ParVdm - ok
10:32:11.0453 3672 PCI (a219903ccf74233761d92bef471a07b1) C:\Windows\system32\DRIVERS\pci.sys
10:32:11.0453 3672 PCI - ok
10:32:11.0468 3672 PCIDump - ok
10:32:11.0546 3672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\Windows\system32\DRIVERS\pciide.sys
10:32:11.0546 3672 PCIIde - ok
10:32:11.0562 3672 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
10:32:11.0562 3672 PCLEPCI - ok
10:32:11.0734 3672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\Windows\system32\drivers\Pcmcia.sys
10:32:11.0734 3672 Pcmcia - ok
10:32:11.0750 3672 PDCOMP - ok
10:32:11.0765 3672 PDFRAME - ok
10:32:11.0765 3672 PDRELI - ok
10:32:11.0781 3672 PDRFRAME - ok
10:32:11.0875 3672 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\Windows\system32\DRIVERS\perc2.sys
10:32:11.0875 3672 perc2 - ok
10:32:11.0937 3672 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\Windows\system32\DRIVERS\perc2hib.sys
10:32:11.0937 3672 perc2hib - ok
10:32:11.0953 3672 pgfilter - ok
10:32:12.0031 3672 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\Windows\system32\services.exe
10:32:12.0031 3672 PlugPlay - ok
10:32:12.0234 3672 PMBDeviceInfoProvider (b597c2c966b447e011b4ae1b4d053677) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
10:32:12.0312 3672 PMBDeviceInfoProvider - ok
10:32:12.0375 3672 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\Windows\system32\lsass.exe
10:32:12.0375 3672 PolicyAgent - ok
10:32:12.0437 3672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\Windows\system32\DRIVERS\raspptp.sys
10:32:12.0453 3672 PptpMiniport - ok
10:32:12.0515 3672 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\Windows\system32\drivers\PQNTDrv.sys
10:32:12.0515 3672 PQNTDrv - ok
10:32:12.0515 3672 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\Windows\system32\lsass.exe
10:32:12.0515 3672 ProtectedStorage - ok
10:32:12.0562 3672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\Windows\system32\DRIVERS\psched.sys
10:32:12.0578 3672 PSched - ok
10:32:12.0625 3672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\Windows\system32\DRIVERS\ptilink.sys
10:32:12.0625 3672 Ptilink - ok
10:32:12.0734 3672 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
10:32:12.0765 3672 PxHelp20 - ok
10:32:12.0906 3672 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\Windows\system32\DRIVERS\ql1080.sys
10:32:12.0906 3672 ql1080 - ok
10:32:13.0000 3672 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\Windows\system32\DRIVERS\ql10wnt.sys
10:32:13.0015 3672 Ql10wnt - ok
10:32:13.0078 3672 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\Windows\system32\DRIVERS\ql12160.sys
10:32:13.0078 3672 ql12160 - ok
10:32:13.0156 3672 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\Windows\system32\DRIVERS\ql1240.sys
10:32:13.0156 3672 ql1240 - ok
10:32:13.0187 3672 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\Windows\system32\DRIVERS\ql1280.sys
10:32:13.0203 3672 ql1280 - ok
10:32:13.0265 3672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\Windows\system32\DRIVERS\rasacd.sys
10:32:13.0265 3672 RasAcd - ok
10:32:13.0343 3672 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\Windows\System32\rasauto.dll
10:32:13.0390 3672 RasAuto - ok
10:32:13.0500 3672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:32:13.0500 3672 Rasl2tp - ok
10:32:13.0562 3672 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\Windows\System32\rasmans.dll
10:32:13.0578 3672 RasMan - ok
10:32:13.0656 3672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\Windows\system32\DRIVERS\raspppoe.sys
10:32:13.0656 3672 RasPppoe - ok
10:32:13.0703 3672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\Windows\system32\DRIVERS\raspti.sys
10:32:13.0703 3672 Raspti - ok
10:32:13.0812 3672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\Windows\system32\DRIVERS\rdbss.sys
10:32:13.0843 3672 Rdbss - ok
10:32:13.0875 3672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:32:13.0875 3672 RDPCDD - ok
10:32:13.0968 3672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\Windows\system32\DRIVERS\rdpdr.sys
10:32:14.0000 3672 rdpdr - ok
10:32:14.0062 3672 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\Windows\system32\drivers\RDPWD.sys
10:32:14.0062 3672 RDPWD - ok
10:32:14.0218 3672 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:32:14.0250 3672 RDSessMgr - ok
10:32:14.0312 3672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\Windows\system32\DRIVERS\redbook.sys
10:32:14.0312 3672 redbook - ok
10:32:14.0375 3672 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\Windows\System32\mprdim.dll
10:32:14.0375 3672 RemoteAccess - ok
10:32:14.0390 3672 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\Windows\system32\locator.exe
10:32:14.0390 3672 RpcLocator - ok
10:32:14.0453 3672 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\Windows\system32\rpcss.dll
10:32:14.0468 3672 RpcSs - ok
10:32:14.0515 3672 RSVP (471b3f9741d762abe75e9deea4787e47) C:\Windows\system32\rsvp.exe
10:32:14.0515 3672 RSVP - ok
10:32:14.0578 3672 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\Windows\system32\DRIVERS\rt73.sys
10:32:14.0593 3672 RT73 - ok
10:32:14.0609 3672 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\Windows\system32\lsass.exe
10:32:14.0625 3672 SamSs - ok
10:32:14.0671 3672 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\Windows\system32\DRIVERS\emScan.sys
10:32:14.0671 3672 ScanUSBEMPIA - ok
10:32:14.0765 3672 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\Windows\System32\SCardSvr.exe
10:32:14.0796 3672 SCardSvr - ok
10:32:14.0859 3672 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
10:32:14.0859 3672 SCDEmu - ok
10:32:15.0000 3672 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\Windows\system32\schedsvc.dll
10:32:15.0015 3672 Schedule - ok
10:32:15.0093 3672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\DRIVERS\secdrv.sys
10:32:15.0093 3672 Secdrv - ok
10:32:15.0125 3672 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\Windows\System32\seclogon.dll
10:32:15.0140 3672 seclogon - ok
10:32:15.0296 3672 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\Windows\system32\drivers\senfilt.sys
10:32:15.0343 3672 senfilt - ok
10:32:15.0390 3672 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\Windows\system32\sens.dll
10:32:15.0390 3672 SENS - ok
10:32:15.0437 3672 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\Windows\system32\DRIVERS\serenum.sys
10:32:15.0437 3672 serenum - ok
10:32:15.0484 3672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\Windows\system32\DRIVERS\serial.sys
10:32:15.0500 3672 Serial - ok
10:32:15.0593 3672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\Windows\system32\drivers\Sfloppy.sys
10:32:15.0593 3672 Sfloppy - ok
10:32:15.0828 3672 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\Windows\System32\ipnathlp.dll
10:32:15.0843 3672 SharedAccess - ok
10:32:15.0953 3672 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\Windows\System32\shsvcs.dll
10:32:15.0953 3672 ShellHWDetection - ok
10:32:15.0968 3672 Simbad - ok
10:32:16.0031 3672 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\Windows\system32\DRIVERS\sisagp.sys
10:32:16.0046 3672 sisagp - ok
10:32:16.0093 3672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\Windows\system32\DRIVERS\SLIP.sys
10:32:16.0093 3672 SLIP - ok
10:32:16.0265 3672 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\Windows\system32\drivers\smwdm.sys
10:32:16.0281 3672 smwdm - ok
10:32:16.0328 3672 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\Windows\system32\DRIVERS\SONYPVU1.SYS
10:32:16.0328 3672 SONYPVU1 - ok
10:32:16.0375 3672 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\Windows\system32\DRIVERS\sparrow.sys
10:32:16.0375 3672 Sparrow - ok
10:32:16.0453 3672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\Windows\system32\drivers\splitter.sys
10:32:16.0453 3672 splitter - ok
10:32:16.0562 3672 Spooler (60784f891563fb1b767f70117fc2428f) C:\Windows\system32\spoolsv.exe
10:32:16.0609 3672 Spooler - ok
10:32:16.0750 3672 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
10:32:16.0765 3672 sptd - ok
10:32:16.0781 3672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\Windows\system32\DRIVERS\sr.sys
10:32:16.0781 3672 sr - ok
10:32:16.0843 3672 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:32:16.0859 3672 srservice - ok
10:32:16.0953 3672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\Windows\system32\DRIVERS\srv.sys
10:32:16.0984 3672 Srv - ok
10:32:17.0031 3672 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\Windows\system32\drivers\sscdbhk5.sys
10:32:17.0031 3672 sscdbhk5 - ok
10:32:17.0062 3672 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\Windows\System32\ssdpsrv.dll
10:32:17.0062 3672 SSDPSRV - ok
10:32:17.0078 3672 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\Windows\system32\drivers\ssrtln.sys
10:32:17.0078 3672 ssrtln - ok
10:32:17.0156 3672 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\Windows\system32\wiaservc.dll
10:32:17.0171 3672 stisvc - ok
10:32:17.0250 3672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\Windows\system32\DRIVERS\StreamIP.sys
10:32:17.0250 3672 streamip - ok
10:32:17.0312 3672 STVqx3 (f6c268117b6a205f249989dddcd04af9) C:\Windows\system32\drivers\STVqx3.sys
10:32:17.0328 3672 STVqx3 - ok
10:32:17.0359 3672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\Windows\system32\DRIVERS\swenum.sys
10:32:17.0375 3672 swenum - ok
10:32:17.0593 3672 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:32:17.0625 3672 SwitchBoard - ok
10:32:17.0640 3672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\Windows\system32\drivers\swmidi.sys
10:32:17.0656 3672 swmidi - ok
10:32:17.0656 3672 SwPrv - ok
10:32:17.0734 3672 symc810 (1ff3217614018630d0a6758630fc698c) C:\Windows\system32\DRIVERS\symc810.sys
10:32:17.0734 3672 symc810 - ok
10:32:17.0781 3672 symc8xx (070e001d95cf725186ef8b20335f933c) C:\Windows\system32\DRIVERS\symc8xx.sys
10:32:17.0796 3672 symc8xx - ok
10:32:17.0812 3672 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\Windows\system32\DRIVERS\sym_hi.sys
10:32:17.0812 3672 sym_hi - ok
10:32:17.0828 3672 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\Windows\system32\DRIVERS\sym_u3.sys
10:32:17.0843 3672 sym_u3 - ok
10:32:17.0921 3672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\Windows\system32\drivers\sysaudio.sys
10:32:17.0953 3672 sysaudio - ok
10:32:18.0015 3672 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\Windows\system32\smlogsvc.exe
10:32:18.0015 3672 SysmonLog - ok
10:32:18.0140 3672 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\Windows\System32\tapisrv.dll
10:32:18.0171 3672 TapiSrv - ok
10:32:18.0312 3672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\Windows\system32\DRIVERS\tcpip.sys
10:32:18.0328 3672 Tcpip - ok
10:32:18.0375 3672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\Windows\system32\drivers\TDPIPE.sys
10:32:18.0375 3672 TDPIPE - ok
10:32:18.0406 3672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\Windows\system32\drivers\TDTCP.sys
10:32:18.0421 3672 TDTCP - ok
10:32:18.0453 3672 TermDD (88155247177638048422893737429d9e) C:\Windows\system32\DRIVERS\termdd.sys
10:32:18.0453 3672 TermDD - ok
10:32:18.0562 3672 TermService (ff3477c03be7201c294c35f684b3479f) C:\Windows\System32\termsrv.dll
10:32:18.0625 3672 TermService - ok
10:32:18.0750 3672 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\Windows\system32\dla\tfsnboio.sys
10:32:18.0765 3672 tfsnboio - ok
10:32:18.0859 3672 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\Windows\system32\dla\tfsncofs.sys
10:32:18.0890 3672 tfsncofs - ok
10:32:18.0937 3672 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\Windows\system32\dla\tfsndrct.sys
10:32:18.0937 3672 tfsndrct - ok
10:32:19.0000 3672 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\Windows\system32\dla\tfsndres.sys
10:32:19.0000 3672 tfsndres - ok
10:32:19.0031 3672 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\Windows\system32\dla\tfsnifs.sys
10:32:19.0031 3672 tfsnifs - ok
10:32:19.0046 3672 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\Windows\system32\dla\tfsnopio.sys
10:32:19.0046 3672 tfsnopio - ok
10:32:19.0062 3672 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\Windows\system32\dla\tfsnpool.sys
10:32:19.0062 3672 tfsnpool - ok
10:32:19.0109 3672 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\Windows\system32\dla\tfsnudf.sys
10:32:19.0140 3672 tfsnudf - ok
10:32:19.0218 3672 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\Windows\system32\dla\tfsnudfa.sys
10:32:19.0250 3672 tfsnudfa - ok
10:32:19.0515 3672 Themes (99bc0b50f511924348be19c7c7313bbf) C:\Windows\System32\shsvcs.dll
10:32:19.0515 3672 Themes - ok
10:32:19.0578 3672 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\Windows\system32\DRIVERS\toside.sys
10:32:19.0593 3672 TosIde - ok
10:32:19.0750 3672 TPkd (9ecaa1a300cb03994834ff61e7be328c) C:\Windows\system32\drivers\TPkd.sys
10:32:19.0781 3672 TPkd - ok
10:32:19.0875 3672 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\Windows\system32\trkwks.dll
10:32:19.0906 3672 TrkWks - ok
10:32:19.0984 3672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\Windows\system32\drivers\Udfs.sys
10:32:20.0000 3672 Udfs - ok
10:32:20.0031 3672 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\Windows\system32\DRIVERS\ultra.sys
10:32:20.0031 3672 ultra - ok
10:32:20.0500 3672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\Windows\system32\DRIVERS\update.sys
10:32:20.0593 3672 Update - ok
10:32:20.0890 3672 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\Windows\System32\upnphost.dll
10:32:20.0984 3672 upnphost - ok
10:32:21.0109 3672 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\Windows\System32\ups.exe
10:32:21.0109 3672 UPS - ok
10:32:21.0265 3672 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:32:21.0296 3672 USBAAPL - ok
10:32:21.0468 3672 usbaudio (e919708db44ed8543a7c017953148330) C:\Windows\system32\drivers\usbaudio.sys
10:32:21.0468 3672 usbaudio - ok
10:32:21.0640 3672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\Windows\system32\DRIVERS\usbccgp.sys
10:32:21.0640 3672 usbccgp - ok
10:32:21.0765 3672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\Windows\system32\DRIVERS\usbehci.sys
10:32:21.0765 3672 usbehci - ok
10:32:21.0906 3672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\Windows\system32\DRIVERS\usbhub.sys
10:32:21.0906 3672 usbhub - ok
10:32:21.0953 3672 usbprint (a717c8721046828520c9edf31288fc00) C:\Windows\system32\DRIVERS\usbprint.sys
10:32:21.0953 3672 usbprint - ok
10:32:22.0000 3672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\Windows\system32\DRIVERS\usbscan.sys
10:32:22.0000 3672 usbscan - ok
10:32:22.0046 3672 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:32:22.0046 3672 USBSTOR - ok
10:32:22.0093 3672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\Windows\system32\DRIVERS\usbuhci.sys
10:32:22.0093 3672 usbuhci - ok
10:32:22.0171 3672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\Windows\System32\drivers\vga.sys
10:32:22.0171 3672 VgaSave - ok
10:32:22.0312 3672 viaagp (754292ce5848b3738281b4f3607eaef4) C:\Windows\system32\DRIVERS\viaagp.sys
10:32:22.0312 3672 viaagp - ok
10:32:22.0359 3672 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\Windows\system32\DRIVERS\viaide.sys
10:32:22.0359 3672 ViaIde - ok
10:32:22.0546 3672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\Windows\system32\drivers\VolSnap.sys
10:32:22.0546 3672 VolSnap - ok
10:32:22.0781 3672 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\Windows\System32\vssvc.exe
10:32:22.0968 3672 VSS - ok
10:32:23.0265 3672 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:32:23.0328 3672 w32time - ok
10:32:23.0406 3672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\Windows\system32\DRIVERS\wanarp.sys
10:32:23.0421 3672 Wanarp - ok
10:32:23.0437 3672 wanatw - ok
10:32:23.0515 3672 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
10:32:23.0515 3672 WDC_SAM - ok
10:32:23.0750 3672 WDDMService (8530b35284aa20d9c614ccb3725cef37) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
10:32:23.0765 3672 WDDMService - ok
10:32:24.0234 3672 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\Windows\system32\Drivers\wdf01000.sys
10:32:24.0234 3672 Wdf01000 - ok
10:32:24.0234 3672 WDICA - ok
10:32:24.0343 3672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\Windows\system32\drivers\wdmaud.sys
10:32:24.0375 3672 wdmaud - ok
10:32:24.0515 3672 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
10:32:24.0515 3672 WDSmartWareBackgroundService - ok
10:32:24.0718 3672 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\Windows\System32\webclnt.dll
10:32:24.0734 3672 WebClient - ok
10:32:24.0828 3672 WIBUKEY (2d14ac5df0fabf2f641b052d15e539ba) C:\Windows\system32\DRIVERS\Wibukey.sys
10:32:24.0843 3672 WIBUKEY - ok
10:32:24.0968 3672 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\Windows\system32\wbem\WMIsvc.dll
10:32:25.0062 3672 winmgmt - ok
10:32:25.0265 3672 WMDM PMSP Service (5b6da8f4f5047d6df51e1c38fc57d4d9) C:\WINDOWS\system32\MsPMSPSv.exe
10:32:25.0296 3672 WMDM PMSP Service - ok
10:32:25.0312 3672 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\Windows\system32\MsPMSNSv.dll
10:32:25.0328 3672 WmdmPmSN - ok
10:32:25.0375 3672 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:32:25.0421 3672 WmiApSrv - ok
10:32:25.0687 3672 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:32:25.0734 3672 WMPNetworkSvc - ok
10:32:25.0828 3672 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\Windows\system32\DRIVERS\wpdusb.sys
10:32:25.0828 3672 WpdUsb - ok
10:32:26.0046 3672 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:32:26.0109 3672 WPFFontCache_v0400 - ok
10:32:26.0187 3672 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\Windows\system32\wscsvc.dll
10:32:26.0203 3672 wscsvc - ok
10:32:26.0281 3672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\Windows\system32\DRIVERS\WSTCODEC.SYS
10:32:26.0281 3672 WSTCODEC - ok
10:32:26.0328 3672 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\Windows\system32\wuauserv.dll
10:32:26.0328 3672 wuauserv - ok
10:32:26.0390 3672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\Windows\system32\DRIVERS\WudfPf.sys
10:32:26.0390 3672 WudfPf - ok
10:32:26.0468 3672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\Windows\system32\DRIVERS\wudfrd.sys
10:32:26.0468 3672 WudfRd - ok
10:32:26.0500 3672 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\Windows\System32\WUDFSvc.dll
10:32:26.0515 3672 WudfSvc - ok
10:32:26.0609 3672 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\Windows\System32\wzcsvc.dll
10:32:26.0671 3672 WZCSVC - ok
10:32:26.0734 3672 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\Windows\System32\xmlprov.dll
10:32:26.0750 3672 xmlprov - ok
10:32:26.0796 3672 MBR (0x1B8) (2667a0ac81fe7626ff8f3193e58ad867) \Device\Harddisk0\DR0
10:32:27.0421 3672 \Device\Harddisk0\DR0 - ok
10:32:27.0437 3672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:32:27.0937 3672 \Device\Harddisk1\DR1 - ok
10:32:27.0968 3672 Boot (0x1200) (c95272d9680f1795d6b6c8ae362c649e) \Device\Harddisk0\DR0\Partition0
10:32:27.0968 3672 \Device\Harddisk0\DR0\Partition0 - ok
10:32:27.0984 3672 Boot (0x1200) (5996c6f9010bd2606c5b465078c3c51e) \Device\Harddisk1\DR1\Partition0
10:32:27.0984 3672 \Device\Harddisk1\DR1\Partition0 - ok
10:32:27.0984 3672 ============================================================
10:32:27.0984 3672 Scan finished
10:32:27.0984 3672 ============================================================
10:32:28.0000 3632 Detected object count: 0
10:32:28.0000 3632 Actual detected object count: 0
10:32:49.0078 2484 Deinitialize success
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 23rd, 2012, 3:39 pm

Do you know anything about a processes named "stdrt.exe"? I tried ending it via Task Manager because I thought I saw it mentioned in the Defogger log (I didn't- it was just sptd.sys), but when I end the process the symptoms go away... I googled it and the results are interesting.
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 23rd, 2012, 4:10 pm

rlmark
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1 (32-bit)
Download Mirror #2 (32-bit)


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    adbcnsl.exe
    STDRT.EXE
    REGSRV.EXE
    mrt1.tmp
    48545af0b55a8704de5a2916d40e1763.exe
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby rlmark » June 23rd, 2012, 4:53 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 16:18 on 23/06/2012 by Ryan
Administrator - Elevation successful

========== filefind ==========

Searching for "adbcnsl.exe"
No files found.

Searching for "STDRT.EXE"
C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe --a---- 372736 bytes [20:11 22/06/2012] [20:11 22/06/2012] 5413B1A323F0837A01821FEA3CB2A5A2
C:\WINDOWS\Temp\mrt2.tmp\stdrt.exe --a---- 372736 bytes [14:28 23/06/2012] [14:28 23/06/2012] 5413B1A323F0837A01821FEA3CB2A5A2
C:\WINDOWS\Temp\mrt3.tmp\stdrt.exe --a---- 372736 bytes [19:27 23/06/2012] [19:27 23/06/2012] 5413B1A323F0837A01821FEA3CB2A5A2

Searching for "REGSRV.EXE"
No files found.

Searching for "mrt1.tmp"
No files found.

Searching for "48545af0b55a8704de5a2916d40e1763.exe"
No files found.

-= EOF =-
rlmark
Regular Member
 
Posts: 34
Joined: February 16th, 2010, 4:37 pm

Re: Strange IE popups, Volume stuck on mute, speed decrease,

Unread postby askey127 » June 24th, 2012, 6:55 am

rlmark,
I would suggest change your browser start/default page(s) to something other than Dell Myway.
----------------------------------------------
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers should now re-enabled.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    PRC - [2012/06/22 16:11:23 | 000,372,736 | ---- | M] ( ) -- C:\WINDOWS\Temp\mrt1.tmp\stdrt.exe
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    
    :Files
    C:\WINDOWS\Temp\mrt1.tmp
    C:\WINDOWS\Temp\mrt2.tmp
    C:\WINDOWS\Temp\mrt3.tmp
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware