Computer not been right since Windows update

[shug99]

These are 2 screenshots from running in safe mode. Safe mode was an absolute joy to use. Its so nice to have things work exactly when you ask them to work. In short it was rapid! Photoshop CS3 didnt even dent the RAM usage or anything and it loaded in under 6 seconds.

These shots were taken with nothing running at all and were taken right after startup. I'm sure you will notice the big difference lol

 

[richc46]

Good

Safe mode has shown us that some program or driver is slowing things up.

Go to search, type "device manager"; inside device manager look for any yellow warning markers. I doubt if you will find any. If you do not, we should focus on that clean boot.
Using this method
http://windows.microsoft.com/en-US/windows-vista/What-is-safe-mode

This has to work. You said safe mode works great. Well boot up in safe mode (another form of clean boot). Add process one at a time. When you add and it does not work, thats the problem.

In fact if you choose safe mode with internet. You can go about your business, use the programs that you want and if, it still works good, go to clean boot, and start up just with what you use.

 

[richc46]

While on the subject, put all the updates back; that is going nowhere. We have a handle on this, now.

 

[shug99]

In device manager these were the only issues that i found.


I will now install all the windows updates and then boot into safe mode and test it out with different processes. I assume I am able to go into msconfig and change which processes will startup with it even though it is booting into safe mode?

 

[richc46]

You should be able to change the startup process. If there is no problem with that procedure, we have the answer.

 

[shug99]

i'm just a bit confused regarding the startup processes and booting in safe mode.

Do i boot to safe mode, then go to msconfig and then do the similar clean boot process of selecting half the services etc?

 

[richc46]

Clean Boot: If when you do the clean boot, if initially the computer works the way it should. We slowly put the process back to determine the cause. This is the best method to use. From your past posts, with the clean boot, the computer never worked to your satisfaction.

Safe Mode. This is a type of clean boot, in that only essential services and drivers are loaded at boot. Forget about the clean boot as shown above, if using safe mode.
I would go to misconfig and add a few startup process at a time, if possible. When you are certain that the computer is behaving properly, add a few more.

 

[richc46]

It is more than likely that the option to restore services will not be available, if this is the case post back.

 

[niemiro]

Hello,

This sounds very classically malware. Most malware dost work in Safe Mode at the moment (which is strange, as it is very easy to do) and this processor usage, random spikes, random differences on different boots, slowness, and Malwarebytes Anti-Malware picking up a trojan, all indicates the presence of malware. Modern malware can hide from scanners, so do not be deceived by an empty Malwarebytes log.

If Rich can't find a legitimate solution to this soon, I would recommend asking Jacee to have a look, as I am not qualified to do this yet. I will show you which logs to run before she gets here, so that she has at least something to start on.

For clarification, I have not yet called in Jacee yet, and will not do so unless Rich can't find another solution.

Richard

P.S. Can you look up what items Malwarebytes found please? To do this, open MBAM, the Logs tab, and then tell us what was found. Thanks!

 

[richc46]

Shug99, the above suggestion actually sounds like a good idea. I did not go into that area since you had mentioned in your first post that you had run antivirus scans, etc .But, as noted these "badies" can hide from the tests that are used. If my suggetions have not shown any improvement in the speed of your computer, by all means lets give this alternative approach a chance.

 

[shug99]

I am indeed not able to do anything with the services in safe mode.

This is one log i have:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4429

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

14/08/2010 21:13:09
mbam-log-2010-08-14 (21-13-09).txt

Scan type: Quick scan
Objects scanned: 147829
Time elapsed: 15 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This is the second log i have:


Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4429

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943

17/08/2010 16:15:41
mbam-log-2010-08-17 (16-15-41).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 460971
Time elapsed: 1 hour(s), 38 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Sam\Desktop\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.\Albino3Installer302.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

 

[niemiro]

Something has tried to break regedit.exe in a nearly undetectable manner. Curious.

P.S. You also became infected with a Trojan.Downloader. This is not good if it ran, but is perfectly fixable. I am going to start you off with the Malware Removal. Logs after this are for Jacee to decide.


STEP ONE:

TFC (Temp File Cleaner) - Download - Homepage
Why? This will remove unneeded temporary files from your system, make automated scans that follow run faster, and save you time. Many infections also load from a temporary file location.

• Download TFC to your desktop, or other location.
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.



STEP TWO:

ERUNT - Download - Homepage
Why? This ensures we have a valid registry backup. ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions.

• Download ERUNT
• Double-click erunt_setup.exe to run.
• Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
• Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
  
  
• Start ERUNT
• Choose a location for the backup
  The default location C:\WINDOWS\ERDNT\[today's date] is preferred
  
  
• The first two check boxes are ticked by default (System registry and Current user registry).
• Press OK
• When prompted, click YES to create a new folder.
• Progress bars will show backup status.
• A confirmation window will popup when complete. Click OK to close.

STEP THREE:

Please update and re-run a new MBAM Quick Scan. NOTE: Full Scan is not required, and just takes a lot longer.



STEP FOUR:

If your computer blue screens before the end of the scan, or hangs, restart your computer, and do not re-try it. GMER is so powerful that it crashed about 1/2 of computers it runs on, and is not to be worried about.

GMER Rootkit Scanner - Download - Homepage
Why? Rootkits can generally be removed effectively, but they need to be removed before other malware can be cleaned, and they sometimes interfere with some of the tools we use. If you start a new topic, please include the GMER log as an initial check for the presence of rootkits:

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.



STEP FIVE:

OTL - Download or alternative link here and here
Why? OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis. The person helping you may have you run other scans or tools after reviewing your logs.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\bak. /s
  %systemroot%\system32\bak. /s
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %systemroot%\*.config
  %systemroot%\system32\*.db
  %PROGRAMFILES%\Internet Explorer\*.dat
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\*.src
  %systemroot%\install\*.*
  %systemroot%\system32\DLL\*.*
  %systemroot%\system32\HelpFiles\*.*
  %systemroot%\system32\rundll\*.*
  %systemroot%\winn32\*.*
  %systemroot%\Java\*.*
  %systemroot%\system32\test\*.*
  %systemroot%\system32\Rundll32\*.*
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Note: Don't forget to post your MBAM and GMER logs, in addition to the OTL log.


This will provide plenty of diagnostic power.

Thanks!

Richard

 

[shug99]

Cheers, i shall get to work doing all that. Would you like an update after any particular diagnostic or should i just do the lot and then report back?

 

[shug99]

Right this will be a long post due to logs. The GMER program produced a blue screen shortly after starting to scan and then immediately restarted so that log will not be here. Here is the malware bytes log and the 2 OTL logs.

Malware bytes log:


Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4449

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

19/08/2010 17:48:21
mbam-log-2010-08-19 (17-48-21).txt

Scan type: Quick scan
Objects scanned: 148118
Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------------------------------------

OTL.txt log:


OTL logfile created on: 19/08/2010 17:59:47 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.92 Gb Total Space | 99.58 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.67 Gb Free Space | 56.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VP0021706BA0A8
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/05 13:11:44 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/05 13:11:43 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/12/17 20:58:51 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/20 09:57:12 | 000,501,032 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 20:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/16 20:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/30 11:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/06/30 11:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 11:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/06/30 11:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/10 13:56:28 | 000,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/02 14:57:00 | 001,211,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/21 13:17:02 | 000,017,408 | ---- | M] () -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
PRC - [2007/10/23 18:26:12 | 000,299,008 | ---- | M] (OPSWAT, Inc.) -- C:\Program Files\opswat\VPNGuard\VPNGuardService.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe


========== Modules (SafeList) ==========

MOD - [2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/12 17:37:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/27 21:31:21 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/05 13:11:43 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/12/17 20:58:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/16 20:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/16 20:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 13:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2007/10/23 18:26:12 | 000,299,008 | ---- | M] (OPSWAT, Inc.) [On_Demand | Running] -- C:\Program Files\OPSWAT\VPNGuard\VPNGuardService.exe -- (VPNGuardService)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/29 13:31:10 | 000,502,272 | ---- | M] (SIMUL8 Corporation) [Auto | Stopped] -- C:\Program Files\SIMUL8\SIMUL8_ParallelSVC.exe -- (SIMUL8Parallel)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/06 19:39:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/05 13:09:15 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/20 09:08:42 | 000,122,368 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2009/05/20 09:08:42 | 000,024,064 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJCtrl.sys -- (HDJCtrl)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/16 20:59:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 12:34:34 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/09/07 00:10:40 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/06/30 11:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/13 12:42:36 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/03/13 12:41:12 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/13 12:34:40 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/13 12:34:38 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/13 12:34:36 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/03/12 06:38:06 | 001,205,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/03/12 06:37:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/04/14 05:07:36 | 000,091,797 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0630Vid.sys -- (P0630VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Beemp3.com - MP3 Search & Free MP3 Downloads [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Login | Facebook
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.02
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 15:58:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/05 16:21:41 | 000,000,000 | ---D | M]

[2008/09/04 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2010/08/09 17:49:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions
[2009/08/21 23:23:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 15:05:55 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/07/07 15:18:48 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/08/21 23:23:38 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/11/15 15:05:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/07 14:26:51 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/21 23:23:41 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/11/08 12:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/15 15:05:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\[email protected]
[2009/11/15 15:05:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\[email protected]
[2010/07/07 15:18:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\staged-xpis
[2010/08/04 21:40:13 | 000,001,595 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\amazondotcom.xml
[2009/09/26 11:44:51 | 000,001,595 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\ebay.xml
[2010/08/04 21:40:13 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-1.xml
[2009/05/25 19:32:00 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-2.xml
[2009/08/28 18:24:43 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-3.xml
[2009/09/26 22:04:59 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-4.xml
[2009/11/08 12:57:33 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-5.xml
[2009/01/14 17:00:02 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin.xml
[2010/08/04 15:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/24 14:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/06/05 19:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 15:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/01/23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/11/05 11:36:07 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2008/11/26 21:35:31 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page Not Found | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\##192.168.12.254#secure\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found
O33 - MountPoints2\##192.168.12.254#secure\Shell\ReadMe\Command - "" = notepad.exe README.TXT
O33 - MountPoints2\{d70a86ee-b59f-11de-b7d0-0021706ba0a8}\Shell\AutoRun\command - "" = G:\RunSecurFlash.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - msh263.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/19 17:57:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/19 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\gmer
[2010/08/19 17:38:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/19 17:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/19 16:58:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sam\Desktop\erunt_setup.exe
[2010/08/19 16:57:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2010/08/17 20:17:32 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/15 21:18:33 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Jock rotator
[2010/08/14 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2010/08/14 20:42:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/14 20:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 20:42:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/14 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 01:14:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/08/13 22:37:55 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Auslogics
[2010/08/13 22:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/08/13 17:18:19 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\Seesmic
[2010/08/12 18:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/08/12 18:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/08/12 17:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/08/12 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Juce VST Host
[2010/08/12 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Screenshots
[2010/08/12 14:47:45 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Textures i liked
[2010/08/12 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Script images
[2010/08/12 14:01:22 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\you grids images
[2010/08/12 13:00:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\BlackBerry
[2010/08/11 22:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/08/11 16:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Possible background textures
[2010/08/11 15:46:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\grunge images
[2010/08/08 23:07:54 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/08/08 23:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/08/06 13:41:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Star Wars
[2010/08/06 12:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Blackberry Desktop
[2010/07/23 21:15:21 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\copy of template
[2010/07/23 17:29:28 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\backup of template (original and working)
[2010/07/20 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/16 12:07:42 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/07/06 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\New air3 site
[2010/06/29 09:57:56 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Lennar Digital Sylenth1 v1.01.3 VSTi-NoGRP
[2010/06/29 09:50:43 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Lennardigital Sylenth1 VSTi v2.2 - Dynamics
[2010/06/29 09:35:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\NativeInstrumentsFM8v1101002
[2010/06/29 09:35:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Native Instruments FM8 v1.0.1.002
[2010/06/25 14:06:32 | 000,000,000 | ---D | C] -- C:\19cfae383bf3def59493
[2010/06/22 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/22 12:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/15 18:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/06/09 11:30:29 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Geckofx
[2010/06/09 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Skybound
[2010/06/09 11:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Skybound Stylizer 4
[2010/06/02 20:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wavosaur.1.0.5.0(en)
[2010/06/02 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Free Audio Editor
[2010/06/02 20:03:30 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2010/06/02 20:03:30 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2010/06/02 20:03:30 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2010/06/02 20:03:30 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2010/06/02 20:03:30 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTTextToAudio2.dll
[2010/06/02 20:03:30 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2010/06/02 20:03:29 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2010/06/02 20:03:29 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2010/06/02 20:03:29 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2010/06/02 20:03:29 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2010/06/02 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/05/30 18:50:56 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\Cubase midi files
[2010/05/27 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\LogMeIn Hamachi
[2010/05/27 23:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/05/26 01:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\NetObjects
[2010/05/22 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Artisteer

========== Files - Modified Within 90 Days ==========

[2010/08/19 18:04:53 | 007,077,888 | -HS- | M] () -- C:\Users\Sam\ntuser.dat
[2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/19 17:56:48 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/19 17:54:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 17:54:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 17:54:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/19 17:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/19 17:53:58 | 3217,014,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 17:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/19 17:37:06 | 000,000,695 | ---- | M] () -- C:\Users\Sam\Desktop\NTREGOPT.lnk
[2010/08/19 17:37:06 | 000,000,676 | ---- | M] () -- C:\Users\Sam\Desktop\ERUNT.lnk
[2010/08/19 17:31:13 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 17:31:13 | 000,065,536 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TM.blf
[2010/08/19 17:24:53 | 000,007,728 | ---- | M] () -- C:\Users\Sam\AppData\Local\d3d9caps.dat
[2010/08/19 17:24:42 | 000,000,080 | ---- | M] () -- C:\Windows\ricdb.ini
[2010/08/19 17:11:43 | 000,284,915 | ---- | M] () -- C:\Users\Sam\Desktop\gmer.zip
[2010/08/19 16:58:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sam\Desktop\erunt_setup.exe
[2010/08/19 16:57:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2010/08/19 16:54:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000UA.job
[2010/08/19 16:01:22 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/08/19 10:04:40 | 000,180,224 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 17:54:13 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000Core.job
[2010/08/16 23:57:44 | 000,016,896 | ---- | M] () -- C:\Users\Sam\Desktop\Timetable options.xls
[2010/08/15 21:55:11 | 000,015,671 | ---- | M] () -- C:\Users\Sam\Desktop\mod_jock.php
[2010/08/15 21:55:11 | 000,015,671 | ---- | M] () -- C:\Users\Sam\Desktop\mod_jock edited - Copy.php
[2010/08/14 19:42:28 | 017,862,784 | ---- | M] () -- C:\Users\Sam\Desktop\Ernesto_vs_Bastian_-_Every_Inc.mp3
[2010/08/14 19:37:41 | 013,540,250 | ---- | M] () -- C:\Users\Sam\Desktop\Binary_Finary_-_1998__Alex_MOR.mp3
[2010/08/14 19:35:14 | 008,842,928 | ---- | M] () -- C:\Users\Sam\Desktop\213_-_Ehren_Stowers_-_Ascent.mp3
[2010/08/13 13:08:25 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/13 12:06:40 | 001,684,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 18:06:04 | 000,086,168 | ---- | M] () -- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/11 13:46:30 | 001,179,648 | ---- | M] () -- C:\Users\Sam\Desktop\New Template info.mdb
[2010/08/08 19:08:50 | 633,876,126 | ---- | M] () -- C:\Users\Sam\Desktop\Bedknobs & Broomsticks.avi
[2010/08/06 23:35:23 | 000,697,560 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 23:35:23 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 23:35:23 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 21:25:20 | 000,004,731 | ---- | M] () -- C:\Users\Sam\.recently-used.xbel
[2010/07/26 15:13:17 | 000,005,995 | ---- | M] () -- C:\Users\Sam\Desktop\mod_lofarticlesslideshow.css
[2010/07/15 17:42:05 | 001,278,750 | ---- | M] () -- C:\Users\Sam\Documents\LoaderBackup-(2010-07-15).ipd
[2010/07/15 00:12:18 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000002.regtrans-ms
[2010/07/14 19:24:15 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{aaa6da04-f9f8-11de-a392-eb011805bd47}.TMContainer00000000000000000001.regtrans-ms
[2010/07/14 19:24:15 | 000,065,536 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{aaa6da04-f9f8-11de-a392-eb011805bd47}.TM.blf
[2010/07/06 20:13:17 | 000,004,581 | ---- | M] () -- C:\Users\Sam\Desktop\mod_jock (original with correct timezone).php
[2010/06/20 22:16:08 | 000,062,278 | ---- | M] () -- C:\Users\Sam\Desktop\SAAS application.pdf
[2010/06/16 01:30:37 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0ceb245f0d00.job
[2010/06/09 11:30:22 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Stylizer.lnk
[2010/06/08 13:13:50 | 000,001,595 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/04 14:39:39 | 000,075,852 | ---- | M] () -- C:\Users\Sam\Desktop\mixer controls.jpg
[2010/05/28 01:44:20 | 000,000,145 | --S- | M] () -- C:\Users\Sam\AppData\Local\178776936.dat
[2010/05/28 01:42:59 | 000,000,004 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\ovczpx.dat

========== Files Created - No Company Name ==========

[2010/08/19 17:37:06 | 000,000,695 | ---- | C] () -- C:\Users\Sam\Desktop\NTREGOPT.lnk
[2010/08/19 17:37:06 | 000,000,676 | ---- | C] () -- C:\Users\Sam\Desktop\ERUNT.lnk
[2010/08/19 17:11:41 | 000,284,915 | ---- | C] () -- C:\Users\Sam\Desktop\gmer.zip
[2010/08/19 16:11:33 | 3217,014,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 21:39:53 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2010/08/17 21:39:53 | 000,001,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPNGuardUI.lnk
[2010/08/17 21:39:53 | 000,001,815 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/08/16 23:57:44 | 000,016,896 | ---- | C] () -- C:\Users\Sam\Desktop\Timetable options.xls
[2010/08/15 21:55:59 | 000,015,671 | ---- | C] () -- C:\Users\Sam\Desktop\mod_jock edited - Copy.php
[2010/08/14 19:40:25 | 017,862,784 | ---- | C] () -- C:\Users\Sam\Desktop\Ernesto_vs_Bastian_-_Every_Inc.mp3
[2010/08/14 19:36:24 | 013,540,250 | ---- | C] () -- C:\Users\Sam\Desktop\Binary_Finary_-_1998__Alex_MOR.mp3
[2010/08/14 19:34:24 | 008,842,928 | ---- | C] () -- C:\Users\Sam\Desktop\213_-_Ehren_Stowers_-_Ascent.mp3
[2010/08/14 01:12:42 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/08/14 01:12:42 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/08/14 01:12:42 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/08/11 23:09:25 | 000,000,231 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Rim.Desktop.Exception.log
[2010/08/11 22:40:52 | 000,001,602 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/10 12:54:17 | 001,179,648 | ---- | C] () -- C:\Users\Sam\Desktop\New Template info.mdb
[2010/08/08 15:49:53 | 633,876,126 | ---- | C] () -- C:\Users\Sam\Desktop\Bedknobs & Broomsticks.avi
[2010/08/04 21:25:20 | 000,004,731 | ---- | C] () -- C:\Users\Sam\.recently-used.xbel
[2010/07/26 14:16:07 | 000,005,995 | ---- | C] () -- C:\Users\Sam\Desktop\mod_lofarticlesslideshow.css
[2010/07/15 17:42:05 | 001,278,750 | ---- | C] () -- C:\Users\Sam\Documents\LoaderBackup-(2010-07-15).ipd
[2010/07/14 22:19:51 | 000,524,288 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000002.regtrans-ms
[2010/07/14 22:19:51 | 000,524,288 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000001.regtrans-ms
[2010/07/14 22:19:51 | 000,065,536 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TM.blf
[2010/07/06 20:13:17 | 000,004,581 | ---- | C] () -- C:\Users\Sam\Desktop\mod_jock (original with correct timezone).php
[2010/07/06 19:41:35 | 000,015,671 | ---- | C] () -- C:\Users\Sam\Desktop\mod_jock.php
[2010/06/29 18:46:20 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2010/06/20 22:16:08 | 000,062,278 | ---- | C] () -- C:\Users\Sam\Desktop\SAAS application.pdf
[2010/06/16 01:30:37 | 000,000,866 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0ceb245f0d00.job
[2010/06/09 11:30:22 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Stylizer.lnk
[2010/06/04 14:36:41 | 000,075,852 | ---- | C] () -- C:\Users\Sam\Desktop\mixer controls.jpg
[2010/06/02 20:56:36 | 009,380,134 | ---- | C] () -- C:\Users\Sam\Desktop\12 Sweet Disposition.mp3
[2010/06/02 20:03:30 | 000,113,486 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2010/05/28 01:43:01 | 000,000,145 | --S- | C] () -- C:\Users\Sam\AppData\Local\178776936.dat
[2010/05/28 01:42:59 | 000,000,004 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\ovczpx.dat
[2010/02/12 16:08:53 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/12 15:52:37 | 000,000,998 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/01/15 15:05:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2009/12/05 16:17:40 | 000,000,000 | ---- | C] () -- C:\Windows\Above & Beyond Screensaver.ini
[2009/11/25 12:49:14 | 000,256,000 | ---- | C] () -- C:\Windows\System32\S8LIB4.DLL
[2009/11/25 12:49:14 | 000,231,936 | ---- | C] () -- C:\Windows\System32\S8STATE.DLL
[2009/11/25 12:49:14 | 000,231,936 | ---- | C] () -- C:\Windows\System32\S8LIB3.DLL
[2009/11/25 12:40:39 | 001,757,222 | ---- | C] () -- C:\Windows\System32\DBCMDB32.DLL
[2009/11/25 12:40:39 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DBCMEM32.DLL
[2009/11/25 12:40:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\DBCGEO32.DLL
[2009/11/25 12:40:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\DBCDBF32.DLL
[2009/11/25 12:40:37 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dbcdgn32.dll
[2009/11/25 12:40:37 | 000,118,784 | ---- | C] () -- C:\Windows\System32\dbcbmpdc.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/21 19:30:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/16 17:04:10 | 000,019,042 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\UserTile.png
[2009/04/29 12:25:29 | 000,003,212 | ---- | C] () -- C:\ProgramData\MAudioEffects.mps
[2009/04/29 12:25:29 | 000,001,275 | ---- | C] () -- C:\ProgramData\MAudioStreams.mps
[2009/04/29 12:25:29 | 000,000,145 | ---- | C] () -- C:\ProgramData\MAudioPluginsConfiguration.cfg
[2009/04/29 12:15:32 | 000,001,129 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2008/12/01 18:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/26 21:28:27 | 000,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2008/11/26 21:28:22 | 000,000,172 | ---- | C] () -- C:\Windows\powerplayer.ini
[2008/11/26 21:28:22 | 000,000,163 | ---- | C] () -- C:\Windows\psnetwork.ini
[2008/11/14 20:28:24 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/11/14 20:26:54 | 000,001,023 | ---- | C] () -- C:\Windows\disney.ini
[2008/10/23 16:08:59 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/10/06 23:10:41 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/23 09:10:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/21 20:48:58 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2008/09/07 00:10:40 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/05 20:52:43 | 000,000,218 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\wklnhst.dat
[2008/09/05 15:21:34 | 000,007,728 | ---- | C] () -- C:\Users\Sam\AppData\Local\d3d9caps.dat
[2008/09/04 20:00:57 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/04 20:00:57 | 000,022,328 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PnkBstrK.sys
[2008/09/04 16:24:08 | 000,180,224 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/02 07:17:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/09/01 22:40:02 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2006/07/04 00:21:32 | 001,397,548 | ---- | C] () -- C:\Windows\System32\libfftw3-3.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/25 20:52:04 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.wyzo
[2009/12/25 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ableton
[2009/12/06 18:15:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Amazon
[2010/05/22 11:06:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Artisteer
[2010/08/13 22:37:55 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Auslogics
[2009/06/10 10:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\avidemux
[2010/08/12 13:00:04 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Azureus
[2009/09/20 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2010/08/06 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blackberry Desktop
[2009/09/03 17:21:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blue Cat Audio
[2010/01/12 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Broad Intelligence
[2010/04/01 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\CoSoSys
[2010/02/28 12:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cycling '74
[2008/09/07 00:10:22 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools
[2009/09/03 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FabFilter
[2010/02/08 17:43:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Facebook
[2010/08/15 22:24:03 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla
[2010/06/02 22:49:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Free Audio Editor
[2009/01/28 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FrostWire
[2010/07/14 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2009/08/28 14:53:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\InfraRecorder
[2009/01/23 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit
[2008/11/29 03:07:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\JGoodies
[2010/08/12 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Juce VST Host
[2009/04/29 12:13:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mdrummer2_12_small_setup
[2009/04/29 12:25:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MeldaProduction MDrummer S
[2009/05/10 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Multi-Note
[2010/06/09 23:41:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NCH Swift Sound
[2010/03/15 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nvu
[2009/02/25 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Opera
[2009/07/16 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2008/11/26 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PPMate
[2008/11/26 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PPStream
[2010/03/11 22:30:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rapid Evolution 2
[2010/03/24 17:33:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\REAPER
[2010/08/11 23:09:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion
[2009/06/02 02:49:00 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Skin Resizer Tool
[2010/05/27 22:31:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive
[2009/12/24 12:50:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Steinberg
[2009/09/02 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Submersible
[2008/09/05 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Template
[2009/02/25 22:01:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer
[2010/08/08 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2008/11/20 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Uniblue
[2010/01/11 20:07:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\VST3 Presets
[2010/08/13 13:08:25 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/08/19 17:31:16 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/19 17:53:57 | 000,189,724 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/09/02 07:17:30 | 000,004,607 | RH-- | M] () -- C:\dell.sdr
[2010/08/19 17:53:58 | 3217,014,784 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/14 20:26:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/14 20:26:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/19 17:53:57 | 3532,906,496 | -HS- | M] () -- C:\pagefile.sys
[2009/09/03 17:02:41 | 000,000,021 | ---- | M] () -- C:\Scales_Path.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/18 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8R.DLL
[2007/03/18 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8R.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/02/20 17:50:28 | 000,903,680 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Above & Beyond Screensaver.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/17 22:50:59 | 000,000,574 | -HS- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/08/19 16:58:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sam\Desktop\erunt_setup.exe
[2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/19 16:57:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-19 15:04:32
< End of report >

----------------------------------------------------------------------------------------------------

OTL Extras.txt log:


OTL Extras logfile created on: 19/08/2010 17:59:47 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.92 Gb Total Space | 99.58 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.67 Gb Free Space | 56.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VP0021706BA0A8
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09883AF1-1F4E-40AF-8DFA-3016FF54B50C}" = rport=137 | protocol=17 | dir=out | app=system |
"{15EACEE7-CCDC-443A-A68A-9A050FFDAE53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19EB3154-B16A-4479-9DF0-D2FF6AF235EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FC2E429-89B5-46D4-98C4-1D0D707540EC}" = rport=138 | protocol=17 | dir=out | app=system |
"{2C26594F-D5DE-483D-93FE-ADB88C51E76B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3FC6FD75-0647-405F-A486-7378CB14B140}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{4C8ECFCE-9220-4141-B10D-441FA566822E}" = lport=139 | protocol=6 | dir=in | app=system |
"{522E3768-41D0-4547-A31F-3DF27838F09D}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{5B6BC134-5275-4695-9DC9-51CDB2AC79F2}" = rport=139 | protocol=6 | dir=out | app=system |
"{615802AE-6B5A-45FB-9AA3-E1800C41FCEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{648CA297-A97C-42E5-9BF7-5C906803FAF7}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F573BBA-8C53-42FE-A5D1-BF713C46B3B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B2406A49-E1DB-4D00-A1DC-F47B6E210272}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC79B61E-2EA8-427C-B25E-BF42F0C31962}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CEAF510C-08E6-4AE0-96FC-843CEB59F989}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{DF67EEAF-8FEE-4D75-8A5E-3E2AE5610E9A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D8C3A-1627-4B5D-981A-82EAF103AB3A}" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"{023763C2-6ED4-4B32-B5A4-4B14E784579A}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{023AAC93-F2AC-45C4-A8DE-22AE11E24134}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{04B2545D-3A5E-4663-89D1-EFDDE6BA49A1}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{05926028-1394-49B1-B019-64460213CC9F}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{0AF253E4-048C-42F4-8600-2F045F842DBB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0F8B559F-46F3-4013-8079-2BABE54B72F8}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{17775F5B-1309-4A67-893B-0C99B6EDDE8A}" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"{1A001ABB-E8BF-47DA-BE24-D9E183564D45}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{1B5C8A8D-164D-496E-BF27-3FD07233AC6D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{206232D8-34EB-478E-9ACD-1408D4897EF0}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{2D020D8E-E750-47A4-8AB4-CDFC9967AA10}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{2EA610F0-3785-4BF0-8F65-47816838640C}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{33DB3380-40AC-449B-B157-21B064201250}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35CC355E-B0C3-485F-A76F-F0C24795B7ED}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{36F47A19-0211-45B4-BCB0-E8E906894FB5}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{36FE2796-1674-4451-835F-27CA637C4E34}" = protocol=58 | dir=in | [email protected],-28545 |
"{37C13B13-61D3-4E36-AB09-5915AE397045}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{39FABFD8-755B-4331-941B-1B463BC5CE9E}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{3A1F17BA-A0A2-4B2A-910D-65EE168FBA15}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{3DE78412-CED3-435F-AC4A-13D05E052076}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{42F7564B-9588-4226-8417-60DB89D18FB1}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2.exe |
"{45B3DAF8-2364-4093-9F93-66C8B1DA83E2}" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{49C1EEF3-C976-47B6-A15F-45BC19166171}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{4D749032-246C-4F62-B25E-827525F3434E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4FC35A9D-CAD1-4D24-A787-74DB538D07C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{512F3126-2DBD-454B-9C95-FD57A5CA08CD}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{56CF4581-6878-40A8-8D5F-D7C3B74B1C76}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{57B207B4-4E0E-4415-97D0-C4128C688466}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{5EC089CD-48A2-48B9-9F5D-350A01F83750}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{65F000B4-0A31-42D5-B28A-89DF9B4E5E26}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{6E05B64A-8971-4602-A5DE-A69B29524233}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{72E8BE53-E40D-4B59-A48B-0117CB5D030D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{74EAE3C1-6870-4914-A9DE-139EB4A2FAC1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C7A236E-253F-47B0-989E-2DB9CDBA8EDB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7C9366D3-21EF-4D17-8215-7792C1CAA741}" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"{7FB1FAD9-D0BE-4F6C-9E8C-16189FD4EFB6}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\football manager 2009\fm.exe |
"{814D065D-85BC-4613-99C1-EEBF07317B6C}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{854BFB34-1804-44FB-BB1D-67C37B3537B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A5F5C55-3417-45AE-8821-683656361B97}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{92440D32-4EA9-4248-90F7-D183DC729105}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{984AF5EC-22FD-470F-B6FE-54CCD2D7F8DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AACFEC1-9EDA-42BF-81E3-619AF068A63E}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A98BD2A9-3A5C-48E0-86D9-6D9FB2B10EE8}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{AABA0DF5-33C4-4B42-805F-5208979166DF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ADBAA7C7-D736-4827-B5EC-56EDA02D9164}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{ADEE30F8-221F-4244-9889-AF0F3594D674}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AF9F370E-C4E9-4DDB-A87D-F7AB818F818D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{B5E1F245-118A-4E65-86AA-B33B07C30987}" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"{B62C1949-E2F2-41AC-8D01-3422E626BAB0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B651E08F-654B-4D09-BB44-F07D6EAC5DAE}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{B9B9F935-DB33-492B-A526-E802AF288E53}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2.exe |
"{BA4542D8-C8E6-4D6D-9F16-E133629F8F27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA87E450-DF7B-4492-BEDC-2A1CC1D2B760}" = protocol=58 | dir=out | [email protected],-28546 |
"{CB8FA996-A603-4328-B236-57D52E3EDC2E}" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
"{CF006797-3EB4-4627-8D47-68975290A12D}" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{D364BD93-776A-4AA4-918C-FE299E272021}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D88F2E5D-6AEA-4996-97ED-3AF4B08E9E4D}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8ED3452-0CA5-4714-832F-3A0BAEBBA60D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E77E29E1-7C03-4BEA-862F-437009243237}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{ED86599D-8605-41A7-8EDB-CA4DF555FE65}" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"{EDE9954D-5066-47DB-B84B-6A3B1EA3542A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EEB30A5B-CEFA-43F4-AF1A-8DB37239BEB8}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{F43929FC-D959-45C7-9373-961955E804BB}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\football manager 2009\fm.exe |
"{FE31B8A6-87C9-49CA-A738-C47320AAC6DE}" = protocol=1 | dir=out | [email protected],-28544 |
"{FF041F71-2BDB-4353-B027-95D6E08983A6}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"TCP Query User{0273C5E8-B914-4339-9F35-96216027AEAD}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1A07011E-AD7B-4580-96AD-0F28346192B6}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"TCP Query User{1F8119F0-AB56-419C-B09D-69CEF81E7F61}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{2519B892-47AA-4180-96BF-C67A89DFA7E4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{28F35394-5DF1-428A-96B7-7F96F15E29D3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{35FED033-D079-4200-B3E4-384BD8CA5C9E}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{3D24990D-43B1-4B9A-8644-574A38451D3D}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"TCP Query User{3F76E31F-4E7E-4454-B4C6-CB6E0FC1767A}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{4316AAF7-D828-4D8F-AA84-DBFBCFDF6471}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"TCP Query User{444E3B96-E5D1-48AA-815B-A1E3C7535F39}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{54DD7A4C-FBCC-4019-87E6-7BFA2F1F7099}C:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{647A2601-6CEC-4E8C-8276-AC380B39570E}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{6C152620-5B3D-4CDF-8D3A-94622DCDF05B}C:\program files\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"TCP Query User{7CCFDFD7-FE80-4F98-B8C0-576D80250078}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{82EA5FB1-FDA2-4369-8856-325A322EA899}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{84F3CF22-5E49-4142-BB50-10C41C033DDD}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{8621DA78-6D03-4B43-9959-53792D8C030C}C:\program files\wyzo\wyzo.exe" = protocol=6 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"TCP Query User{879068B2-B7E7-4BC9-BAE0-61C785017526}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{87A2BB25-EEAE-4314-84AC-D8CC6098327A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8902BC3E-DA9D-423A-A0BD-7CA56CE0EF95}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{90A0842E-94A3-451C-99C4-D5344D1492BA}C:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"TCP Query User{9462BE74-2AB6-4C35-B487-C9D6A8ABC945}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{96B704E2-D82C-4E7E-A022-021CF6F329EA}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{A4D5D362-D6A9-4B3E-B88D-0DD59B94A8D8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A587E4A2-B9FA-4ABF-822B-21E672A7DAB4}C:\program files\codemasters\grid\grid.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"TCP Query User{ABA6D276-7728-42D2-82DC-93CD489B7814}C:\program files\sports interactive\football manager 2010\fm.exe" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"TCP Query User{BA5FAAA8-1D34-4BE5-B734-A456AA2A15DD}C:\users\sam\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sam\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C2E3BB78-4CBA-499B-AA58-FE0B88E5053C}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=6 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"TCP Query User{D3CEC574-6468-4B5F-BF73-5DB7878656B6}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"TCP Query User{DC1CF54F-1EF5-4B40-81C7-99789FE8EA35}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{E13F6C9D-4E20-476A-BD14-0596507C8B5D}C:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe |
"TCP Query User{E313862D-6BBB-4FBA-83C9-C4D7BCA0E1D0}C:\users\sam\desktop\grid\grid.exe" = protocol=6 | dir=in | app=c:\users\sam\desktop\grid\grid.exe |
"TCP Query User{EC28312E-8B40-496D-BF3F-526CDBC62874}C:\users\sam\documents\grid\grid.exe" = protocol=6 | dir=in | app=c:\users\sam\documents\grid\grid.exe |
"TCP Query User{ED301D43-E067-4A4F-B237-55CBA6D84D64}C:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe |
"UDP Query User{0DF94F58-9692-491F-9BE2-E39F57A250DB}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"UDP Query User{1916222A-EEFC-4502-8A02-AE018F251940}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{330D061F-DCF1-4354-B882-C194100EF9A3}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{416B6D65-B1FD-4731-AC78-8D730B5324F1}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{4C3BDABD-93BB-4D5E-89CD-836F7D6C2CD8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{540D4892-25A2-4E8E-AE3A-56378E5D01E0}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{58D8E719-ECDE-4015-9561-6F32B1D36F85}C:\users\sam\desktop\grid\grid.exe" = protocol=17 | dir=in | app=c:\users\sam\desktop\grid\grid.exe |
"UDP Query User{5B9F684A-C4AA-4BA0-9526-E10FF0F14568}C:\program files\wyzo\wyzo.exe" = protocol=17 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"UDP Query User{6003CA4C-5536-489E-9217-21521D424251}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{647B70FB-132E-464C-B23C-E13AB5F1EC0B}C:\users\sam\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sam\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{66A48D89-21F5-41E2-ADCE-FA93717F75C4}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=17 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"UDP Query User{6977D816-712D-4097-B815-8E9415ED88BA}C:\program files\sports interactive\football manager 2010\fm.exe" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"UDP Query User{72854011-70D5-4D3C-B0CE-2A5F775B35DB}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{7396FEBC-C294-425F-8BEA-290C5C95144D}C:\program files\codemasters\grid\grid.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"UDP Query User{7592E40B-7252-4124-B9A0-8F0293F525EF}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"UDP Query User{7CD0D6AE-A633-4414-B44C-712A87835224}C:\program files\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"UDP Query User{901096EA-D619-457D-B5FD-734D6CF440B5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{92F06391-6084-4B39-8718-3C92098C9BBB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9BF6133E-5F28-4882-B69A-34054122655F}C:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe |
"UDP Query User{A1698C39-E3B3-4118-9B25-07449420EE63}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A2EC5DA2-3C96-4C93-8383-49AED18875F1}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{B0EBAC5F-0B42-4BD7-AD47-EE5FFA1E27E1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B417E2E0-A9DA-4CF8-8C96-07925B2C331F}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{B962CBC9-E0F2-44C2-8868-9BF339A1E2D8}C:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{C2EA383C-ACFA-4A52-8D69-0BDD29463FC9}C:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"UDP Query User{C6E2A354-A652-4FAC-BA2C-6BA1247699CF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D48EC213-77F3-4E99-983A-E074CBBB2DD1}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{DCB925A1-1766-4089-BC17-A22B5844DDF3}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{DEA49A8A-A04B-4DE5-8C67-318C426D4F2A}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{ED3E24E5-99D9-474A-91AA-FB0E1204A092}C:\users\sam\documents\grid\grid.exe" = protocol=17 | dir=in | app=c:\users\sam\documents\grid\grid.exe |
"UDP Query User{EFA44C0B-9495-4492-AC7D-EC80C520A916}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{F054D389-B390-4CC6-AAE4-806940C106C6}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{F08EA063-13CD-423C-BCC4-71A506A7AD24}C:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe |
"UDP Query User{F2937A1A-5806-4E11-BC75-B5B684276EBE}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05A677ED-F6EB-C225-0852-C8EDA143F637}" = Catalyst Control Center Core Implementation
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1099EEAB-C4BC-4F66-980F-2269856A71CD}" = Native Instruments Traktor
"{1339C679-8EBD-A264-F51B-8AFF9E5178AB}" = Catalyst Control Center Localization Chinese Standard
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{33D38429-A417-2939-F2ED-68B02C60524B}" = CCC Help Italian
"{348982C0-1053-041B-90E9-27E52C5CBAC4}" = Catalyst Control Center Localization Chinese Traditional
"{3509A66E-C73E-4737-A1AF-00D0B92DDCB5}" = IDJ 3-Osc VA
"{3683198D-D48D-8F78-D544-E0CEEDA9A5AD}" = Catalyst Control Center Localization Norwegian
"{39874C29-6A64-A5E4-15E8-48CAB1630758}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{43C2C2FB-504D-4552-9C08-58F7144C1736}" = MXBASS
"{44750ED4-6DF7-4BD0-BF3A-4ED6B5719B49}" = IDJ Kikken
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{497CDC20-F32E-B732-D5A7-C508832901B1}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E8B4C51-20A4-A946-F2FD-361E1E64CBFE}" = Catalyst Control Center Localization Dutch
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5354D5F2-342D-43DD-A361-B65BF7AABE1D}" = nebula3 CM
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66E07661-1C3B-EBB3-DDD7-CA2D9CF728E5}" = CCC Help Chinese Standard
"{67192DDF-D12C-7C14-0891-1999A8322D9A}" = ccc-core-static
"{693C5CAC-E43C-4A5F-0793-DB1A91576F00}" = Catalyst Control Center Localization Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A2933CA-4F9F-4F34-B29E-0DE2F5C8A452}" = SynthMaster FREE!
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2D1B0-0892-AF53-1542-767C1B1B558F}" = CCC Help German
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{706136D4-648C-92B9-FF9E-BDAC45C977CB}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732784F2-BBB3-AF93-F0F8-2B28D93F023E}" = Catalyst Control Center Localization Finnish
"{75554025-5756-D2A8-E12A-3996A174E1AF}" = Catalyst Control Center Localization German
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7842F022-6597-76DA-4DE4-DA3FBD82ECF2}" = Skins
"{7A4CE9D2-DC5E-4B5B-0ED2-A2F66E76DD52}" = CCC Help Russian
"{7BE855E5-8130-A624-1C47-D5EB13FA6DF2}" = Catalyst Control Center Graphics Previews Vista
"{7D712AFE-2D7C-13B8-DEB7-BA8A28FED665}" = Catalyst Control Center Localization Danish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E00AAF2-89F3-F7FC-A8F2-8C651449671E}" = CCC Help English
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{828816F4-629A-233E-DB02-A6F8BD004643}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84656952-D528-4DF8-9504-2E9ACBE81676}" = Blue Cat's FreqAnalyst CM VST 1.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90601456-1F28-AD6C-C1CE-740526D3BC27}" = Catalyst Control Center Localization French
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{975F5675-8FC8-04A8-92CD-4653BD12282F}" = CCC Help French
"{97900633-AADE-35DC-A424-21380BFC5431}" = Catalyst Control Center Graphics Previews Common
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98C948A6-5498-9DEE-BA4C-74B0A96CB521}" = CCC Help Danish
"{992CF3B6-628C-4204-8490-519A0CEB2336}" = IDJ Polysynth
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7969E95-7E39-A1AC-2D6F-85531D8A371D}" = CCC Help Japanese
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C78107-7CBC-B05B-083B-562FA9C1EA0B}" = CCC Help Portuguese
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB883D70-5B1D-9430-E626-7F495925590D}" = Catalyst Control Center Localization Spanish
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BDF3C27A-BDAA-FA3E-D8A4-3367AB7FCB4F}" = TweetDeck
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43C2E18-5475-4BDB-A57D-82442C84A49A}" = Pitchblack
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C49E407D-A6A0-6F9A-767D-67387EF5523F}" = CCC Help Finnish
"{C84442CB-3F9E-4F99-9A3F-27A11E1AD912}" = Blue Cat's FreqAnalyst CM DX 1.1
"{CBF91610-C661-3464-8831-DA8AE2589DB9}" = Catalyst Control Center Localization Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2DB5404-378B-2821-513E-A8F230A0E948}" = ccc-utility
"{D5D92C28-42FB-5E24-DBFA-07232A50D670}" = CCC Help Dutch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D9DD6E03-ACE1-2503-205E-4FA74267CDC6}" = CCC Help Spanish
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB549485-9D94-E7AE-2FE7-DCB33A54FBD7}" = Catalyst Control Center Localization Russian
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE200E10-45BD-E11E-EC8E-1DAD80EF8EA9}" = Catalyst Control Center Graphics Full Existing
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEF19AE8-B330-CF2A-AEAA-1E23BBBC7B00}" = CCC Help Chinese Traditional
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E5BE4931-F31C-2BA0-F06E-4FEC56725673}" = CCC Help Swedish
"{E65E367B-B25C-4FF8-B270-D5277E7CF1B0}" = Intel Performance Power Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EC2C71BB-42DF-6F53-FB23-F7B3B160467B}" = Catalyst Control Center Graphics Light
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F1465B68-4D9A-D412-2528-4F84A681F15C}" = Catalyst Control Center Localization Korean
"{F1E18790-4053-4031-483B-80E932CE3910}" = CCC Help Korean
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9E63D3F-00F8-468A-BF01-2C021C69FEEA}" = OPSWAT VPNGuard
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Above & Beyond Screensaver_is1" = Above & Beyond Screensaver
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"Artillery2 CM Edition" = Artillery2 CM Edition
"ASIO4ALL" = ASIO4ALL
"Astralis_0" = Astralis CM v1.0 1.0
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"BlueJ_is1" = BlueJ 2.5.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CampusNet" = CampusNet Uninstall
"CCleaner" = CCleaner
"CM Alpha" = CM Alpha
"CM Vocoder" = CM Vocoder
"CM WaveShaper" = CM WaveShaper
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Creative PD0630" = Creative WebCam Live! Driver (1.00.06.0414)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FabFilter One 2.01" = FabFilter One 2.01
"FileZilla Client" = FileZilla Client 3.3.3
"FL Studio 5" = FL Studio 5
"Football Manager 2010" = Football Manager 2010
"FormatFactory" = FormatFactory 2.15
"Free Audio Editor" = Free Audio Editor
"Free Screen Recorder_is1" = Free Screen Recorder v2.9
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GSuiteCM" = Guitar Suite CM
"IL Download Manager" = IL Download Manager
"InfraRecorder" = InfraRecorder
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"KeyToSound - Dynamic EQ_is1" = KeyToSound - Dynamic EQ 1.0 r4
"Live 6.0.1" = Live 6.0.1
"Live 8.0.10" = Live 8.0.10
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"LPD8Editor" = LPD8 Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"M-Audio Key Rig_is1" = M-Audio Key Rig 1.0.1
"MediaCoder" = MediaCoder 0.7.2.4535
"MeldaProduction MDrummer 2 Small" = MeldaProduction MDrummer 2 Small
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microtonal_0" = Microtonal Patches v2 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nvu_is1" = Nvu 1.0
"Ohmygod VST2" = OhmForce Ohmygod VST2
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"ppmate" = PPMate Network TV 2.0.0.41
"PPStream" = PPStream
"PSP SpringVerbCM" = PSP SpringVerb CM
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"REAPER" = REAPER
"Rob Papen Albino 3" = Rob Papen Albino 3
"SIMUL8" = SIMUL8
"SopCast" = SopCast 2.0.4
"Steam App 10" = Counter-Strike
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 10540" = Football Manager 2009
"Steam App 150" = Counter-Strike Steamworks Beta
"Steam App 30" = Day of Defeat
"Steam App 34000" = Football Manager 2010
"Steam App 40" = Deathmatch Classic
"Steam App 60" = Ricochet
"Steam App 80" = Condition Zero
"Stylizer" = Stylizer
"Sylenth1_is1" = Sylenth1 v1.01.3
"Toxic Biohazard" = Toxic Biohazard
"TrancerOne_is1" = TrancerOne Vers. 1.0
"TV Player" = Veetle TV Player 0.9.11
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.0.1
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Veetle TV Player" = Veetle TV Player 0.9.11
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"V-Station" = V-Station
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WM Converter 2.0" = WM Converter 2.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[shug99]

Right this will be a long post due to logs. The GMER program produced a blue screen shortly after starting to scan and then immediately restarted so that log will not be here. Here is the malware bytes log and the 2 OTL logs.

Malware bytes log:


Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4449

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

19/08/2010 17:48:21
mbam-log-2010-08-19 (17-48-21).txt

Scan type: Quick scan
Objects scanned: 148118
Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------------------------------------

OTL.txt log:


OTL logfile created on: 19/08/2010 17:59:47 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.92 Gb Total Space | 99.58 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.67 Gb Free Space | 56.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VP0021706BA0A8
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/05 13:11:44 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/05 13:11:43 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/12/17 20:58:51 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/20 09:57:12 | 000,501,032 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 20:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/16 20:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/30 11:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/06/30 11:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 11:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/06/30 11:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/10 13:56:28 | 000,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/02 14:57:00 | 001,211,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/21 13:17:02 | 000,017,408 | ---- | M] () -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
PRC - [2007/10/23 18:26:12 | 000,299,008 | ---- | M] (OPSWAT, Inc.) -- C:\Program Files\opswat\VPNGuard\VPNGuardService.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe


========== Modules (SafeList) ==========

MOD - [2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/12 17:37:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/27 21:31:21 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/05 13:11:43 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/12/17 20:58:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/16 20:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/16 20:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 13:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2007/10/23 18:26:12 | 000,299,008 | ---- | M] (OPSWAT, Inc.) [On_Demand | Running] -- C:\Program Files\OPSWAT\VPNGuard\VPNGuardService.exe -- (VPNGuardService)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/29 13:31:10 | 000,502,272 | ---- | M] (SIMUL8 Corporation) [Auto | Stopped] -- C:\Program Files\SIMUL8\SIMUL8_ParallelSVC.exe -- (SIMUL8Parallel)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/06 19:39:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/05 13:09:15 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/20 09:08:42 | 000,122,368 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2009/05/20 09:08:42 | 000,024,064 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJCtrl.sys -- (HDJCtrl)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/16 20:59:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/04 12:34:34 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/09/07 00:10:40 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/06/30 11:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/13 12:42:36 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/03/13 12:41:12 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/13 12:34:40 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/13 12:34:38 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/13 12:34:36 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/03/12 06:38:06 | 001,205,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/03/12 06:37:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/04/14 05:07:36 | 000,091,797 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0630Vid.sys -- (P0630VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Beemp3.com - MP3 Search & Free MP3 Downloads [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Login | Facebook
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.02
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 15:58:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/05 16:21:41 | 000,000,000 | ---D | M]

[2008/09/04 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Extensions
[2010/08/09 17:49:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions
[2009/08/21 23:23:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 15:05:55 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/07/07 15:18:48 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/08/21 23:23:38 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/11/15 15:05:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/07 14:26:51 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/21 23:23:41 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/11/08 12:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/15 15:05:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\[email protected]
[2009/11/15 15:05:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\[email protected]
[2010/07/07 15:18:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\extensions\staged-xpis
[2010/08/04 21:40:13 | 000,001,595 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\amazondotcom.xml
[2009/09/26 11:44:51 | 000,001,595 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\ebay.xml
[2010/08/04 21:40:13 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-1.xml
[2009/05/25 19:32:00 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-2.xml
[2009/08/28 18:24:43 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-3.xml
[2009/09/26 22:04:59 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-4.xml
[2009/11/08 12:57:33 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin-5.xml
[2009/01/14 17:00:02 | 000,000,950 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\searchplugins\icqplugin.xml
[2010/08/04 15:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/24 14:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/06/05 19:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 15:42:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/01/23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/11/05 11:36:07 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2008/11/26 21:35:31 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page Not Found | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\##192.168.12.254#secure\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found
O33 - MountPoints2\##192.168.12.254#secure\Shell\ReadMe\Command - "" = notepad.exe README.TXT
O33 - MountPoints2\{d70a86ee-b59f-11de-b7d0-0021706ba0a8}\Shell\AutoRun\command - "" = G:\RunSecurFlash.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - msh263.drv File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/19 17:57:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/19 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\gmer
[2010/08/19 17:38:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/19 17:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/19 16:58:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sam\Desktop\erunt_setup.exe
[2010/08/19 16:57:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2010/08/17 20:17:32 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/15 21:18:33 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Jock rotator
[2010/08/14 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2010/08/14 20:42:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/14 20:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 20:42:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/14 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 01:14:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/08/13 22:37:55 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Auslogics
[2010/08/13 22:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/08/13 17:18:19 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\Seesmic
[2010/08/12 18:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/08/12 18:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/08/12 17:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/08/12 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Juce VST Host
[2010/08/12 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Screenshots
[2010/08/12 14:47:45 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Textures i liked
[2010/08/12 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Script images
[2010/08/12 14:01:22 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\you grids images
[2010/08/12 13:00:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\BlackBerry
[2010/08/11 22:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/08/11 16:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Possible background textures
[2010/08/11 15:46:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\grunge images
[2010/08/08 23:07:54 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/08/08 23:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/08/06 13:41:04 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Star Wars
[2010/08/06 12:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Blackberry Desktop
[2010/07/23 21:15:21 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\copy of template
[2010/07/23 17:29:28 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\backup of template (original and working)
[2010/07/20 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/16 12:07:42 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/07/06 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\New air3 site
[2010/06/29 09:57:56 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Lennar Digital Sylenth1 v1.01.3 VSTi-NoGRP
[2010/06/29 09:50:43 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Lennardigital Sylenth1 VSTi v2.2 - Dynamics
[2010/06/29 09:35:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\NativeInstrumentsFM8v1101002
[2010/06/29 09:35:41 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Native Instruments FM8 v1.0.1.002
[2010/06/25 14:06:32 | 000,000,000 | ---D | C] -- C:\19cfae383bf3def59493
[2010/06/22 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/22 12:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/15 18:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/06/09 11:30:29 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Geckofx
[2010/06/09 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Skybound
[2010/06/09 11:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Skybound Stylizer 4
[2010/06/02 20:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wavosaur.1.0.5.0(en)
[2010/06/02 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Free Audio Editor
[2010/06/02 20:03:30 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2010/06/02 20:03:30 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2010/06/02 20:03:30 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2010/06/02 20:03:30 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2010/06/02 20:03:30 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTTextToAudio2.dll
[2010/06/02 20:03:30 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2010/06/02 20:03:29 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2010/06/02 20:03:29 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2010/06/02 20:03:29 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2010/06/02 20:03:29 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2010/06/02 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/05/30 18:50:56 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\Cubase midi files
[2010/05/27 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\LogMeIn Hamachi
[2010/05/27 23:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/05/26 01:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\NetObjects
[2010/05/22 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Artisteer

========== Files - Modified Within 90 Days ==========

[2010/08/19 18:04:53 | 007,077,888 | -HS- | M] () -- C:\Users\Sam\ntuser.dat
[2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/19 17:56:48 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/19 17:54:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 17:54:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/19 17:54:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/19 17:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/19 17:53:58 | 3217,014,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 17:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/19 17:37:06 | 000,000,695 | ---- | M] () -- C:\Users\Sam\Desktop\NTREGOPT.lnk
[2010/08/19 17:37:06 | 000,000,676 | ---- | M] () -- C:\Users\Sam\Desktop\ERUNT.lnk
[2010/08/19 17:31:13 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 17:31:13 | 000,065,536 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TM.blf
[2010/08/19 17:24:53 | 000,007,728 | ---- | M] () -- C:\Users\Sam\AppData\Local\d3d9caps.dat
[2010/08/19 17:24:42 | 000,000,080 | ---- | M] () -- C:\Windows\ricdb.ini
[2010/08/19 17:11:43 | 000,284,915 | ---- | M] () -- C:\Users\Sam\Desktop\gmer.zip
[2010/08/19 16:58:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sam\Desktop\erunt_setup.exe
[2010/08/19 16:57:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2010/08/19 16:54:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000UA.job
[2010/08/19 16:01:22 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/08/19 10:04:40 | 000,180,224 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 17:54:13 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000Core.job
[2010/08/16 23:57:44 | 000,016,896 | ---- | M] () -- C:\Users\Sam\Desktop\Timetable options.xls
[2010/08/15 21:55:11 | 000,015,671 | ---- | M] () -- C:\Users\Sam\Desktop\mod_jock.php
[2010/08/15 21:55:11 | 000,015,671 | ---- | M] () -- C:\Users\Sam\Desktop\mod_jock edited - Copy.php
[2010/08/14 19:42:28 | 017,862,784 | ---- | M] () -- C:\Users\Sam\Desktop\Ernesto_vs_Bastian_-_Every_Inc.mp3
[2010/08/14 19:37:41 | 013,540,250 | ---- | M] () -- C:\Users\Sam\Desktop\Binary_Finary_-_1998__Alex_MOR.mp3
[2010/08/14 19:35:14 | 008,842,928 | ---- | M] () -- C:\Users\Sam\Desktop\213_-_Ehren_Stowers_-_Ascent.mp3
[2010/08/13 13:08:25 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/13 12:06:40 | 001,684,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 18:06:04 | 000,086,168 | ---- | M] () -- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/11 13:46:30 | 001,179,648 | ---- | M] () -- C:\Users\Sam\Desktop\New Template info.mdb
[2010/08/08 19:08:50 | 633,876,126 | ---- | M] () -- C:\Users\Sam\Desktop\Bedknobs & Broomsticks.avi
[2010/08/06 23:35:23 | 000,697,560 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 23:35:23 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 23:35:23 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 21:25:20 | 000,004,731 | ---- | M] () -- C:\Users\Sam\.recently-used.xbel
[2010/07/26 15:13:17 | 000,005,995 | ---- | M] () -- C:\Users\Sam\Desktop\mod_lofarticlesslideshow.css
[2010/07/15 17:42:05 | 001,278,750 | ---- | M] () -- C:\Users\Sam\Documents\LoaderBackup-(2010-07-15).ipd
[2010/07/15 00:12:18 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000002.regtrans-ms
[2010/07/14 19:24:15 | 000,524,288 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{aaa6da04-f9f8-11de-a392-eb011805bd47}.TMContainer00000000000000000001.regtrans-ms
[2010/07/14 19:24:15 | 000,065,536 | -HS- | M] () -- C:\Users\Sam\ntuser.dat{aaa6da04-f9f8-11de-a392-eb011805bd47}.TM.blf
[2010/07/06 20:13:17 | 000,004,581 | ---- | M] () -- C:\Users\Sam\Desktop\mod_jock (original with correct timezone).php
[2010/06/20 22:16:08 | 000,062,278 | ---- | M] () -- C:\Users\Sam\Desktop\SAAS application.pdf
[2010/06/16 01:30:37 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0ceb245f0d00.job
[2010/06/09 11:30:22 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Stylizer.lnk
[2010/06/08 13:13:50 | 000,001,595 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/04 14:39:39 | 000,075,852 | ---- | M] () -- C:\Users\Sam\Desktop\mixer controls.jpg
[2010/05/28 01:44:20 | 000,000,145 | --S- | M] () -- C:\Users\Sam\AppData\Local\178776936.dat
[2010/05/28 01:42:59 | 000,000,004 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\ovczpx.dat

========== Files Created - No Company Name ==========

[2010/08/19 17:37:06 | 000,000,695 | ---- | C] () -- C:\Users\Sam\Desktop\NTREGOPT.lnk
[2010/08/19 17:37:06 | 000,000,676 | ---- | C] () -- C:\Users\Sam\Desktop\ERUNT.lnk
[2010/08/19 17:11:41 | 000,284,915 | ---- | C] () -- C:\Users\Sam\Desktop\gmer.zip
[2010/08/19 16:11:33 | 3217,014,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 21:39:53 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2010/08/17 21:39:53 | 000,001,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPNGuardUI.lnk
[2010/08/17 21:39:53 | 000,001,815 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/08/16 23:57:44 | 000,016,896 | ---- | C] () -- C:\Users\Sam\Desktop\Timetable options.xls
[2010/08/15 21:55:59 | 000,015,671 | ---- | C] () -- C:\Users\Sam\Desktop\mod_jock edited - Copy.php
[2010/08/14 19:40:25 | 017,862,784 | ---- | C] () -- C:\Users\Sam\Desktop\Ernesto_vs_Bastian_-_Every_Inc.mp3
[2010/08/14 19:36:24 | 013,540,250 | ---- | C] () -- C:\Users\Sam\Desktop\Binary_Finary_-_1998__Alex_MOR.mp3
[2010/08/14 19:34:24 | 008,842,928 | ---- | C] () -- C:\Users\Sam\Desktop\213_-_Ehren_Stowers_-_Ascent.mp3
[2010/08/14 01:12:42 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/08/14 01:12:42 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/08/14 01:12:42 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/08/11 23:09:25 | 000,000,231 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Rim.Desktop.Exception.log
[2010/08/11 22:40:52 | 000,001,602 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/10 12:54:17 | 001,179,648 | ---- | C] () -- C:\Users\Sam\Desktop\New Template info.mdb
[2010/08/08 15:49:53 | 633,876,126 | ---- | C] () -- C:\Users\Sam\Desktop\Bedknobs & Broomsticks.avi
[2010/08/04 21:25:20 | 000,004,731 | ---- | C] () -- C:\Users\Sam\.recently-used.xbel
[2010/07/26 14:16:07 | 000,005,995 | ---- | C] () -- C:\Users\Sam\Desktop\mod_lofarticlesslideshow.css
[2010/07/15 17:42:05 | 001,278,750 | ---- | C] () -- C:\Users\Sam\Documents\LoaderBackup-(2010-07-15).ipd
[2010/07/14 22:19:51 | 000,524,288 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000002.regtrans-ms
[2010/07/14 22:19:51 | 000,524,288 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TMContainer00000000000000000001.regtrans-ms
[2010/07/14 22:19:51 | 000,065,536 | -HS- | C] () -- C:\Users\Sam\ntuser.dat{7227324c-8f8d-11df-8918-8b0204e9fb46}.TM.blf
[2010/07/06 20:13:17 | 000,004,581 | ---- | C] () -- C:\Users\Sam\Desktop\mod_jock (original with correct timezone).php
[2010/07/06 19:41:35 | 000,015,671 | ---- | C] () -- C:\Users\Sam\Desktop\mod_jock.php
[2010/06/29 18:46:20 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2010/06/20 22:16:08 | 000,062,278 | ---- | C] () -- C:\Users\Sam\Desktop\SAAS application.pdf
[2010/06/16 01:30:37 | 000,000,866 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0ceb245f0d00.job
[2010/06/09 11:30:22 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Stylizer.lnk
[2010/06/04 14:36:41 | 000,075,852 | ---- | C] () -- C:\Users\Sam\Desktop\mixer controls.jpg
[2010/06/02 20:56:36 | 009,380,134 | ---- | C] () -- C:\Users\Sam\Desktop\12 Sweet Disposition.mp3
[2010/06/02 20:03:30 | 000,113,486 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2010/05/28 01:43:01 | 000,000,145 | --S- | C] () -- C:\Users\Sam\AppData\Local\178776936.dat
[2010/05/28 01:42:59 | 000,000,004 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\ovczpx.dat
[2010/02/12 16:08:53 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/12 15:52:37 | 000,000,998 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/01/15 15:05:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2009/12/05 16:17:40 | 000,000,000 | ---- | C] () -- C:\Windows\Above & Beyond Screensaver.ini
[2009/11/25 12:49:14 | 000,256,000 | ---- | C] () -- C:\Windows\System32\S8LIB4.DLL
[2009/11/25 12:49:14 | 000,231,936 | ---- | C] () -- C:\Windows\System32\S8STATE.DLL
[2009/11/25 12:49:14 | 000,231,936 | ---- | C] () -- C:\Windows\System32\S8LIB3.DLL
[2009/11/25 12:40:39 | 001,757,222 | ---- | C] () -- C:\Windows\System32\DBCMDB32.DLL
[2009/11/25 12:40:39 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DBCMEM32.DLL
[2009/11/25 12:40:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\DBCGEO32.DLL
[2009/11/25 12:40:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\DBCDBF32.DLL
[2009/11/25 12:40:37 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dbcdgn32.dll
[2009/11/25 12:40:37 | 000,118,784 | ---- | C] () -- C:\Windows\System32\dbcbmpdc.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/21 19:30:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/16 17:04:10 | 000,019,042 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\UserTile.png
[2009/04/29 12:25:29 | 000,003,212 | ---- | C] () -- C:\ProgramData\MAudioEffects.mps
[2009/04/29 12:25:29 | 000,001,275 | ---- | C] () -- C:\ProgramData\MAudioStreams.mps
[2009/04/29 12:25:29 | 000,000,145 | ---- | C] () -- C:\ProgramData\MAudioPluginsConfiguration.cfg
[2009/04/29 12:15:32 | 000,001,129 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2008/12/01 18:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/26 21:28:27 | 000,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2008/11/26 21:28:22 | 000,000,172 | ---- | C] () -- C:\Windows\powerplayer.ini
[2008/11/26 21:28:22 | 000,000,163 | ---- | C] () -- C:\Windows\psnetwork.ini
[2008/11/14 20:28:24 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/11/14 20:26:54 | 000,001,023 | ---- | C] () -- C:\Windows\disney.ini
[2008/10/23 16:08:59 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/10/06 23:10:41 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/23 09:10:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/21 20:48:58 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2008/09/07 00:10:40 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/05 20:52:43 | 000,000,218 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\wklnhst.dat
[2008/09/05 15:21:34 | 000,007,728 | ---- | C] () -- C:\Users\Sam\AppData\Local\d3d9caps.dat
[2008/09/04 20:00:57 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/04 20:00:57 | 000,022,328 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\PnkBstrK.sys
[2008/09/04 16:24:08 | 000,180,224 | ---- | C] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/02 07:17:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/09/01 22:40:02 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2006/07/04 00:21:32 | 001,397,548 | ---- | C] () -- C:\Windows\System32\libfftw3-3.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/25 20:52:04 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\.wyzo
[2009/12/25 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Ableton
[2009/12/06 18:15:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Amazon
[2010/05/22 11:06:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Artisteer
[2010/08/13 22:37:55 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Auslogics
[2009/06/10 10:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\avidemux
[2010/08/12 13:00:04 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Azureus
[2009/09/20 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2010/08/06 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blackberry Desktop
[2009/09/03 17:21:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Blue Cat Audio
[2010/01/12 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Broad Intelligence
[2010/04/01 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\CoSoSys
[2010/02/28 12:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Cycling '74
[2008/09/07 00:10:22 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DAEMON Tools
[2009/09/03 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FabFilter
[2010/02/08 17:43:24 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Facebook
[2010/08/15 22:24:03 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FileZilla
[2010/06/02 22:49:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Free Audio Editor
[2009/01/28 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FrostWire
[2010/07/14 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2009/08/28 14:53:40 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\InfraRecorder
[2009/01/23 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\IObit
[2008/11/29 03:07:49 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\JGoodies
[2010/08/12 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Juce VST Host
[2009/04/29 12:13:06 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mdrummer2_12_small_setup
[2009/04/29 12:25:29 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MeldaProduction MDrummer S
[2009/05/10 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Multi-Note
[2010/06/09 23:41:35 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NCH Swift Sound
[2010/03/15 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Nvu
[2009/02/25 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Opera
[2009/07/16 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2008/11/26 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PPMate
[2008/11/26 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PPStream
[2010/03/11 22:30:28 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Rapid Evolution 2
[2010/03/24 17:33:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\REAPER
[2010/08/11 23:09:34 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Research In Motion
[2009/06/02 02:49:00 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Skin Resizer Tool
[2010/05/27 22:31:30 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Sports Interactive
[2009/12/24 12:50:51 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Steinberg
[2009/09/02 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Submersible
[2008/09/05 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Template
[2009/02/25 22:01:47 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer
[2010/08/08 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2008/11/20 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Uniblue
[2010/01/11 20:07:11 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\VST3 Presets
[2010/08/13 13:08:25 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/08/19 17:31:16 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/19 17:53:57 | 000,189,724 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/09/02 07:17:30 | 000,004,607 | RH-- | M] () -- C:\dell.sdr
[2010/08/19 17:53:58 | 3217,014,784 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/14 20:26:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/14 20:26:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/19 17:53:57 | 3532,906,496 | -HS- | M] () -- C:\pagefile.sys
[2009/09/03 17:02:41 | 000,000,021 | ---- | M] () -- C:\Scales_Path.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/18 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8R.DLL
[2007/03/18 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8R.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/02/20 17:50:28 | 000,903,680 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Above & Beyond Screensaver.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/17 22:50:59 | 000,000,574 | -HS- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/08/19 16:58:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sam\Desktop\erunt_setup.exe
[2010/08/19 17:57:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2010/08/19 16:57:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-19 15:04:32
< End of report >

----------------------------------------------------------------------------------------------------

OTL Extras.txt log:


OTL Extras logfile created on: 19/08/2010 17:59:47 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.92 Gb Total Space | 99.58 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.67 Gb Free Space | 56.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VP0021706BA0A8
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09883AF1-1F4E-40AF-8DFA-3016FF54B50C}" = rport=137 | protocol=17 | dir=out | app=system |
"{15EACEE7-CCDC-443A-A68A-9A050FFDAE53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19EB3154-B16A-4479-9DF0-D2FF6AF235EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FC2E429-89B5-46D4-98C4-1D0D707540EC}" = rport=138 | protocol=17 | dir=out | app=system |
"{2C26594F-D5DE-483D-93FE-ADB88C51E76B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3FC6FD75-0647-405F-A486-7378CB14B140}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{4C8ECFCE-9220-4141-B10D-441FA566822E}" = lport=139 | protocol=6 | dir=in | app=system |
"{522E3768-41D0-4547-A31F-3DF27838F09D}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{5B6BC134-5275-4695-9DC9-51CDB2AC79F2}" = rport=139 | protocol=6 | dir=out | app=system |
"{615802AE-6B5A-45FB-9AA3-E1800C41FCEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{648CA297-A97C-42E5-9BF7-5C906803FAF7}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F573BBA-8C53-42FE-A5D1-BF713C46B3B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B2406A49-E1DB-4D00-A1DC-F47B6E210272}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC79B61E-2EA8-427C-B25E-BF42F0C31962}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CEAF510C-08E6-4AE0-96FC-843CEB59F989}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{DF67EEAF-8FEE-4D75-8A5E-3E2AE5610E9A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D8C3A-1627-4B5D-981A-82EAF103AB3A}" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"{023763C2-6ED4-4B32-B5A4-4B14E784579A}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{023AAC93-F2AC-45C4-A8DE-22AE11E24134}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{04B2545D-3A5E-4663-89D1-EFDDE6BA49A1}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{05926028-1394-49B1-B019-64460213CC9F}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{0AF253E4-048C-42F4-8600-2F045F842DBB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0F8B559F-46F3-4013-8079-2BABE54B72F8}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{17775F5B-1309-4A67-893B-0C99B6EDDE8A}" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"{1A001ABB-E8BF-47DA-BE24-D9E183564D45}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{1B5C8A8D-164D-496E-BF27-3FD07233AC6D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{206232D8-34EB-478E-9ACD-1408D4897EF0}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{2D020D8E-E750-47A4-8AB4-CDFC9967AA10}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{2EA610F0-3785-4BF0-8F65-47816838640C}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{33DB3380-40AC-449B-B157-21B064201250}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35CC355E-B0C3-485F-A76F-F0C24795B7ED}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{36F47A19-0211-45B4-BCB0-E8E906894FB5}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{36FE2796-1674-4451-835F-27CA637C4E34}" = protocol=58 | dir=in | [email protected],-28545 |
"{37C13B13-61D3-4E36-AB09-5915AE397045}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{39FABFD8-755B-4331-941B-1B463BC5CE9E}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{3A1F17BA-A0A2-4B2A-910D-65EE168FBA15}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{3DE78412-CED3-435F-AC4A-13D05E052076}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{42F7564B-9588-4226-8417-60DB89D18FB1}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2.exe |
"{45B3DAF8-2364-4093-9F93-66C8B1DA83E2}" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{49C1EEF3-C976-47B6-A15F-45BC19166171}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{4D749032-246C-4F62-B25E-827525F3434E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4FC35A9D-CAD1-4D24-A787-74DB538D07C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{512F3126-2DBD-454B-9C95-FD57A5CA08CD}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{56CF4581-6878-40A8-8D5F-D7C3B74B1C76}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{57B207B4-4E0E-4415-97D0-C4128C688466}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{5EC089CD-48A2-48B9-9F5D-350A01F83750}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{65F000B4-0A31-42D5-B28A-89DF9B4E5E26}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{6E05B64A-8971-4602-A5DE-A69B29524233}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{72E8BE53-E40D-4B59-A48B-0117CB5D030D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{74EAE3C1-6870-4914-A9DE-139EB4A2FAC1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C7A236E-253F-47B0-989E-2DB9CDBA8EDB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7C9366D3-21EF-4D17-8215-7792C1CAA741}" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"{7FB1FAD9-D0BE-4F6C-9E8C-16189FD4EFB6}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\football manager 2009\fm.exe |
"{814D065D-85BC-4613-99C1-EEBF07317B6C}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{854BFB34-1804-44FB-BB1D-67C37B3537B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A5F5C55-3417-45AE-8821-683656361B97}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{92440D32-4EA9-4248-90F7-D183DC729105}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{984AF5EC-22FD-470F-B6FE-54CCD2D7F8DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AACFEC1-9EDA-42BF-81E3-619AF068A63E}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{A98BD2A9-3A5C-48E0-86D9-6D9FB2B10EE8}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{AABA0DF5-33C4-4B42-805F-5208979166DF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ADBAA7C7-D736-4827-B5EC-56EDA02D9164}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{ADEE30F8-221F-4244-9889-AF0F3594D674}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AF9F370E-C4E9-4DDB-A87D-F7AB818F818D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{B5E1F245-118A-4E65-86AA-B33B07C30987}" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"{B62C1949-E2F2-41AC-8D01-3422E626BAB0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B651E08F-654B-4D09-BB44-F07D6EAC5DAE}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{B9B9F935-DB33-492B-A526-E802AF288E53}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2.exe |
"{BA4542D8-C8E6-4D6D-9F16-E133629F8F27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA87E450-DF7B-4492-BEDC-2A1CC1D2B760}" = protocol=58 | dir=out | [email protected],-28546 |
"{CB8FA996-A603-4328-B236-57D52E3EDC2E}" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
"{CF006797-3EB4-4627-8D47-68975290A12D}" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{D364BD93-776A-4AA4-918C-FE299E272021}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D88F2E5D-6AEA-4996-97ED-3AF4B08E9E4D}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8ED3452-0CA5-4714-832F-3A0BAEBBA60D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E77E29E1-7C03-4BEA-862F-437009243237}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{ED86599D-8605-41A7-8EDB-CA4DF555FE65}" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"{EDE9954D-5066-47DB-B84B-6A3B1EA3542A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EEB30A5B-CEFA-43F4-AF1A-8DB37239BEB8}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{F43929FC-D959-45C7-9373-961955E804BB}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\football manager 2009\fm.exe |
"{FE31B8A6-87C9-49CA-A738-C47320AAC6DE}" = protocol=1 | dir=out | [email protected],-28544 |
"{FF041F71-2BDB-4353-B027-95D6E08983A6}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"TCP Query User{0273C5E8-B914-4339-9F35-96216027AEAD}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1A07011E-AD7B-4580-96AD-0F28346192B6}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"TCP Query User{1F8119F0-AB56-419C-B09D-69CEF81E7F61}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{2519B892-47AA-4180-96BF-C67A89DFA7E4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{28F35394-5DF1-428A-96B7-7F96F15E29D3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{35FED033-D079-4200-B3E4-384BD8CA5C9E}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{3D24990D-43B1-4B9A-8644-574A38451D3D}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"TCP Query User{3F76E31F-4E7E-4454-B4C6-CB6E0FC1767A}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{4316AAF7-D828-4D8F-AA84-DBFBCFDF6471}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"TCP Query User{444E3B96-E5D1-48AA-815B-A1E3C7535F39}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{54DD7A4C-FBCC-4019-87E6-7BFA2F1F7099}C:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{647A2601-6CEC-4E8C-8276-AC380B39570E}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{6C152620-5B3D-4CDF-8D3A-94622DCDF05B}C:\program files\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"TCP Query User{7CCFDFD7-FE80-4F98-B8C0-576D80250078}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{82EA5FB1-FDA2-4369-8856-325A322EA899}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{84F3CF22-5E49-4142-BB50-10C41C033DDD}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{8621DA78-6D03-4B43-9959-53792D8C030C}C:\program files\wyzo\wyzo.exe" = protocol=6 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"TCP Query User{879068B2-B7E7-4BC9-BAE0-61C785017526}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{87A2BB25-EEAE-4314-84AC-D8CC6098327A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8902BC3E-DA9D-423A-A0BD-7CA56CE0EF95}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{90A0842E-94A3-451C-99C4-D5344D1492BA}C:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"TCP Query User{9462BE74-2AB6-4C35-B487-C9D6A8ABC945}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{96B704E2-D82C-4E7E-A022-021CF6F329EA}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{A4D5D362-D6A9-4B3E-B88D-0DD59B94A8D8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A587E4A2-B9FA-4ABF-822B-21E672A7DAB4}C:\program files\codemasters\grid\grid.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"TCP Query User{ABA6D276-7728-42D2-82DC-93CD489B7814}C:\program files\sports interactive\football manager 2010\fm.exe" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"TCP Query User{BA5FAAA8-1D34-4BE5-B734-A456AA2A15DD}C:\users\sam\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sam\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C2E3BB78-4CBA-499B-AA58-FE0B88E5053C}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=6 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"TCP Query User{D3CEC574-6468-4B5F-BF73-5DB7878656B6}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"TCP Query User{DC1CF54F-1EF5-4B40-81C7-99789FE8EA35}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{E13F6C9D-4E20-476A-BD14-0596507C8B5D}C:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe |
"TCP Query User{E313862D-6BBB-4FBA-83C9-C4D7BCA0E1D0}C:\users\sam\desktop\grid\grid.exe" = protocol=6 | dir=in | app=c:\users\sam\desktop\grid\grid.exe |
"TCP Query User{EC28312E-8B40-496D-BF3F-526CDBC62874}C:\users\sam\documents\grid\grid.exe" = protocol=6 | dir=in | app=c:\users\sam\documents\grid\grid.exe |
"TCP Query User{ED301D43-E067-4A4F-B237-55CBA6D84D64}C:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe |
"UDP Query User{0DF94F58-9692-491F-9BE2-E39F57A250DB}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"UDP Query User{1916222A-EEFC-4502-8A02-AE018F251940}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{330D061F-DCF1-4354-B882-C194100EF9A3}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{416B6D65-B1FD-4731-AC78-8D730B5324F1}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{4C3BDABD-93BB-4D5E-89CD-836F7D6C2CD8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{540D4892-25A2-4E8E-AE3A-56378E5D01E0}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{58D8E719-ECDE-4015-9561-6F32B1D36F85}C:\users\sam\desktop\grid\grid.exe" = protocol=17 | dir=in | app=c:\users\sam\desktop\grid\grid.exe |
"UDP Query User{5B9F684A-C4AA-4BA0-9526-E10FF0F14568}C:\program files\wyzo\wyzo.exe" = protocol=17 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"UDP Query User{6003CA4C-5536-489E-9217-21521D424251}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{647B70FB-132E-464C-B23C-E13AB5F1EC0B}C:\users\sam\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sam\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{66A48D89-21F5-41E2-ADCE-FA93717F75C4}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=17 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"UDP Query User{6977D816-712D-4097-B815-8E9415ED88BA}C:\program files\sports interactive\football manager 2010\fm.exe" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"UDP Query User{72854011-70D5-4D3C-B0CE-2A5F775B35DB}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{7396FEBC-C294-425F-8BEA-290C5C95144D}C:\program files\codemasters\grid\grid.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"UDP Query User{7592E40B-7252-4124-B9A0-8F0293F525EF}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"UDP Query User{7CD0D6AE-A633-4414-B44C-712A87835224}C:\program files\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"UDP Query User{901096EA-D619-457D-B5FD-734D6CF440B5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{92F06391-6084-4B39-8718-3C92098C9BBB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9BF6133E-5F28-4882-B69A-34054122655F}C:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\day of defeat\hl.exe |
"UDP Query User{A1698C39-E3B3-4118-9B25-07449420EE63}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A2EC5DA2-3C96-4C93-8383-49AED18875F1}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{B0EBAC5F-0B42-4BD7-AD47-EE5FFA1E27E1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B417E2E0-A9DA-4CF8-8C96-07925B2C331F}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{B962CBC9-E0F2-44C2-8868-9BF339A1E2D8}C:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{C2EA383C-ACFA-4A52-8D69-0BDD29463FC9}C:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"UDP Query User{C6E2A354-A652-4FAC-BA2C-6BA1247699CF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D48EC213-77F3-4E99-983A-E074CBBB2DD1}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{DCB925A1-1766-4089-BC17-A22B5844DDF3}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{DEA49A8A-A04B-4DE5-8C67-318C426D4F2A}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{ED3E24E5-99D9-474A-91AA-FB0E1204A092}C:\users\sam\documents\grid\grid.exe" = protocol=17 | dir=in | app=c:\users\sam\documents\grid\grid.exe |
"UDP Query User{EFA44C0B-9495-4492-AC7D-EC80C520A916}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{F054D389-B390-4CC6-AAE4-806940C106C6}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{F08EA063-13CD-423C-BCC4-71A506A7AD24}C:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\shug99\condition zero\hl.exe |
"UDP Query User{F2937A1A-5806-4E11-BC75-B5B684276EBE}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05A677ED-F6EB-C225-0852-C8EDA143F637}" = Catalyst Control Center Core Implementation
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1099EEAB-C4BC-4F66-980F-2269856A71CD}" = Native Instruments Traktor
"{1339C679-8EBD-A264-F51B-8AFF9E5178AB}" = Catalyst Control Center Localization Chinese Standard
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{33D38429-A417-2939-F2ED-68B02C60524B}" = CCC Help Italian
"{348982C0-1053-041B-90E9-27E52C5CBAC4}" = Catalyst Control Center Localization Chinese Traditional
"{3509A66E-C73E-4737-A1AF-00D0B92DDCB5}" = IDJ 3-Osc VA
"{3683198D-D48D-8F78-D544-E0CEEDA9A5AD}" = Catalyst Control Center Localization Norwegian
"{39874C29-6A64-A5E4-15E8-48CAB1630758}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{43C2C2FB-504D-4552-9C08-58F7144C1736}" = MXBASS
"{44750ED4-6DF7-4BD0-BF3A-4ED6B5719B49}" = IDJ Kikken
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{497CDC20-F32E-B732-D5A7-C508832901B1}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E8B4C51-20A4-A946-F2FD-361E1E64CBFE}" = Catalyst Control Center Localization Dutch
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5354D5F2-342D-43DD-A361-B65BF7AABE1D}" = nebula3 CM
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66E07661-1C3B-EBB3-DDD7-CA2D9CF728E5}" = CCC Help Chinese Standard
"{67192DDF-D12C-7C14-0891-1999A8322D9A}" = ccc-core-static
"{693C5CAC-E43C-4A5F-0793-DB1A91576F00}" = Catalyst Control Center Localization Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A2933CA-4F9F-4F34-B29E-0DE2F5C8A452}" = SynthMaster FREE!
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2D1B0-0892-AF53-1542-767C1B1B558F}" = CCC Help German
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{706136D4-648C-92B9-FF9E-BDAC45C977CB}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732784F2-BBB3-AF93-F0F8-2B28D93F023E}" = Catalyst Control Center Localization Finnish
"{75554025-5756-D2A8-E12A-3996A174E1AF}" = Catalyst Control Center Localization German
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7842F022-6597-76DA-4DE4-DA3FBD82ECF2}" = Skins
"{7A4CE9D2-DC5E-4B5B-0ED2-A2F66E76DD52}" = CCC Help Russian
"{7BE855E5-8130-A624-1C47-D5EB13FA6DF2}" = Catalyst Control Center Graphics Previews Vista
"{7D712AFE-2D7C-13B8-DEB7-BA8A28FED665}" = Catalyst Control Center Localization Danish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E00AAF2-89F3-F7FC-A8F2-8C651449671E}" = CCC Help English
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{828816F4-629A-233E-DB02-A6F8BD004643}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84656952-D528-4DF8-9504-2E9ACBE81676}" = Blue Cat's FreqAnalyst CM VST 1.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90601456-1F28-AD6C-C1CE-740526D3BC27}" = Catalyst Control Center Localization French
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{975F5675-8FC8-04A8-92CD-4653BD12282F}" = CCC Help French
"{97900633-AADE-35DC-A424-21380BFC5431}" = Catalyst Control Center Graphics Previews Common
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98C948A6-5498-9DEE-BA4C-74B0A96CB521}" = CCC Help Danish
"{992CF3B6-628C-4204-8490-519A0CEB2336}" = IDJ Polysynth
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7969E95-7E39-A1AC-2D6F-85531D8A371D}" = CCC Help Japanese
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C78107-7CBC-B05B-083B-562FA9C1EA0B}" = CCC Help Portuguese
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB883D70-5B1D-9430-E626-7F495925590D}" = Catalyst Control Center Localization Spanish
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BDF3C27A-BDAA-FA3E-D8A4-3367AB7FCB4F}" = TweetDeck
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43C2E18-5475-4BDB-A57D-82442C84A49A}" = Pitchblack
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C49E407D-A6A0-6F9A-767D-67387EF5523F}" = CCC Help Finnish
"{C84442CB-3F9E-4F99-9A3F-27A11E1AD912}" = Blue Cat's FreqAnalyst CM DX 1.1
"{CBF91610-C661-3464-8831-DA8AE2589DB9}" = Catalyst Control Center Localization Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2DB5404-378B-2821-513E-A8F230A0E948}" = ccc-utility
"{D5D92C28-42FB-5E24-DBFA-07232A50D670}" = CCC Help Dutch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D9DD6E03-ACE1-2503-205E-4FA74267CDC6}" = CCC Help Spanish
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB549485-9D94-E7AE-2FE7-DCB33A54FBD7}" = Catalyst Control Center Localization Russian
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE200E10-45BD-E11E-EC8E-1DAD80EF8EA9}" = Catalyst Control Center Graphics Full Existing
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEF19AE8-B330-CF2A-AEAA-1E23BBBC7B00}" = CCC Help Chinese Traditional
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E5BE4931-F31C-2BA0-F06E-4FEC56725673}" = CCC Help Swedish
"{E65E367B-B25C-4FF8-B270-D5277E7CF1B0}" = Intel Performance Power Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EC2C71BB-42DF-6F53-FB23-F7B3B160467B}" = Catalyst Control Center Graphics Light
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F1465B68-4D9A-D412-2528-4F84A681F15C}" = Catalyst Control Center Localization Korean
"{F1E18790-4053-4031-483B-80E932CE3910}" = CCC Help Korean
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9E63D3F-00F8-468A-BF01-2C021C69FEEA}" = OPSWAT VPNGuard
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Above & Beyond Screensaver_is1" = Above & Beyond Screensaver
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"Artillery2 CM Edition" = Artillery2 CM Edition
"ASIO4ALL" = ASIO4ALL
"Astralis_0" = Astralis CM v1.0 1.0
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"BlueJ_is1" = BlueJ 2.5.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CampusNet" = CampusNet Uninstall
"CCleaner" = CCleaner
"CM Alpha" = CM Alpha
"CM Vocoder" = CM Vocoder
"CM WaveShaper" = CM WaveShaper
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Creative PD0630" = Creative WebCam Live! Driver (1.00.06.0414)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FabFilter One 2.01" = FabFilter One 2.01
"FileZilla Client" = FileZilla Client 3.3.3
"FL Studio 5" = FL Studio 5
"Football Manager 2010" = Football Manager 2010
"FormatFactory" = FormatFactory 2.15
"Free Audio Editor" = Free Audio Editor
"Free Screen Recorder_is1" = Free Screen Recorder v2.9
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GSuiteCM" = Guitar Suite CM
"IL Download Manager" = IL Download Manager
"InfraRecorder" = InfraRecorder
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"KeyToSound - Dynamic EQ_is1" = KeyToSound - Dynamic EQ 1.0 r4
"Live 6.0.1" = Live 6.0.1
"Live 8.0.10" = Live 8.0.10
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"LPD8Editor" = LPD8 Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"M-Audio Key Rig_is1" = M-Audio Key Rig 1.0.1
"MediaCoder" = MediaCoder 0.7.2.4535
"MeldaProduction MDrummer 2 Small" = MeldaProduction MDrummer 2 Small
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microtonal_0" = Microtonal Patches v2 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nvu_is1" = Nvu 1.0
"Ohmygod VST2" = OhmForce Ohmygod VST2
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"ppmate" = PPMate Network TV 2.0.0.41
"PPStream" = PPStream
"PSP SpringVerbCM" = PSP SpringVerb CM
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"REAPER" = REAPER
"Rob Papen Albino 3" = Rob Papen Albino 3
"SIMUL8" = SIMUL8
"SopCast" = SopCast 2.0.4
"Steam App 10" = Counter-Strike
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 10540" = Football Manager 2009
"Steam App 150" = Counter-Strike Steamworks Beta
"Steam App 30" = Day of Defeat
"Steam App 34000" = Football Manager 2010
"Steam App 40" = Deathmatch Classic
"Steam App 60" = Ricochet
"Steam App 80" = Condition Zero
"Stylizer" = Stylizer
"Sylenth1_is1" = Sylenth1 v1.01.3
"Toxic Biohazard" = Toxic Biohazard
"TrancerOne_is1" = TrancerOne Vers. 1.0
"TV Player" = Veetle TV Player 0.9.11
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.0.1
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Veetle TV Player" = Veetle TV Player 0.9.11
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"V-Station" = V-Station
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WM Converter 2.0" = WM Converter 2.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[niemiro]

Thanks very much! That was perfect!

 

[shug99]

Really? Your welcome. I'm not surprised you went mental at me with the amount i posted lol.

Do the logs give you any insight into the problem?

 

[richc46]

I read your first post again. Went in with an open mind and no preconceived notions. I ignored all the facts that your presented regarding updates etc. I came to this conclusion. Your compter is slow and the memory that you present is a percentage. How about this scenario; memory problems. If one stick is bad, rather than using 33% you use 50%.
Take this test. Test each stick for 6 passes and then take a good stick and test each MB slot.

http://www.geekstogo.com/forum/topic/246994-guide-to-using-memtest86/

I do not know what the malware test will show, but until then life must go on.

 

[Jacee]

Let's look at one more log...

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

 

[shug99]

I'm going to go ahead with Jaycee's instructions. Do you want me to use HijackThis or should i use the OTL program as richy instructed earlier on. Because i noticed that this forum favours OTL since HijackThis was taken over by a different company or something.