Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Member
    Join Date
    Mar 2013
    Posts
    9
    Points
    0

    Default cannot access my online banking

    Hi, i started a thread in the computer help section and was referred here by abseh1. Below is what i had in my other thread:

    Hi to all. When i try to access my bank online (BMO) i get this message "Do you want to open or save SsoGateKeeper(1.33 KB) from www.12.bmo.com?". Then there is an open,save or cancel option.

    If i click on cancel and then try to continue on to the online banking i get "online banking is temporarily unavailable". I contacted the bank and it has nothing to do with them.

    I am running windows7, using IE version 9. I never had a problem with online banking until a couple of days ago.Any help will be greatly appreciated.Thanks

    I am running Bitdefender Antivirus Plus and i have windows firewall turned on. Below is the logs that were requested.


    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 03/12/2013 at 06:58 PM

    Application Version : 5.6.1014

    Core Rules Database Version : 10119
    Trace Rules Database Version: 7931

    Scan type : Complete Scan
    Total Scan Time : 00:57:36

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 791
    Memory threats detected : 0
    Registry items scanned : 72982
    Registry threats detected : 43
    File items scanned : 52789
    File threats detected : 43

    Adware.Tracking Cookie
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\1FVXI8MJ.txt [ /h.atdmt.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\DB4LE22G.txt [ /sextracker.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\UJFTJ27H.txt [ /rts.pgmediaserve.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\3PU1C2O8.txt [ /www.partypoker.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\ZWCGS7P4.txt [ /counter4.sextracker.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\GZS62OGV.txt [ /atdmt.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\2JHHX35M.txt [ /ads.ad4game.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\B2AV095L.txt [ /clickbooth.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\R6EY86ZT.txt [ /exoclick.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\TBHZVY3X.txt [ /partypoker.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\3K8RLLG4.txt [ /ads.fhserve.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\P7O0WWHC.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\TFB9PDDU.txt [ /7.rotator.wigetmedia.com ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\UNS5YL5I.txt [ /doubleclick.net ]
    C:\Users\reg\AppData\Roaming\Microsoft\Windows\Cookies\SQCMXCL4.txt [ /c.atdmt.com ]
    C:\USERS\REG\AppData\Roaming\Microsoft\Windows\Cookies\KCYG4GB4.txt [ Cookie:reg@clkads.com/adServe ]
    C:\USERS\REG\Cookies\DB4LE22G.txt [ Cookie:reg@sextracker.com/ ]
    C:\USERS\REG\Cookies\UJFTJ27H.txt [ Cookie:reg@rts.pgmediaserve.com/ ]
    C:\USERS\REG\Cookies\3PU1C2O8.txt [ Cookie:reg@www.partypoker.com/ ]
    C:\USERS\REG\Cookies\ZWCGS7P4.txt [ Cookie:reg@counter4.sextracker.com/ ]
    C:\USERS\REG\Cookies\KCYG4GB4.txt [ Cookie:reg@clkads.com/adServe ]
    C:\USERS\REG\Cookies\GZS62OGV.txt [ Cookie:reg@atdmt.com/ ]
    C:\USERS\REG\Cookies\B2AV095L.txt [ Cookie:reg@clickbooth.com/ ]
    C:\USERS\REG\Cookies\R6EY86ZT.txt [ Cookie:reg@exoclick.com/ ]
    C:\USERS\REG\Cookies\TBHZVY3X.txt [ Cookie:reg@partypoker.com/ ]
    C:\USERS\REG\Cookies\P7O0WWHC.txt [ Cookie:reg@wmedia.rotator.hadj7.adjuggler.net/ ]
    C:\USERS\REG\Cookies\TFB9PDDU.txt [ Cookie:reg@7.rotator.wigetmedia.com/ ]
    C:\USERS\REG\Cookies\UNS5YL5I.txt [ Cookie:reg@doubleclick.net/ ]
    C:\USERS\REG\Cookies\SQCMXCL4.txt [ Cookie:reg@c.atdmt.com/ ]
    .doubleclick.net [ C:\USERS\REG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .divx.112.2o7.net [ C:\USERS\REG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    Adware.Yontoo
    (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32#ThreadingModel
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\Programmable
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\TypeLib
    (x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID
    (x86) HKCR\YontooIEClient.Layers.1
    (x86) HKCR\YontooIEClient.Layers.1\CLSID
    (x86) HKCR\YontooIEClient.Layers
    (x86) HKCR\YontooIEClient.Layers\CLSID
    (x86) HKCR\YontooIEClient.Layers\CurVer
    (x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    (x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0
    (x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0
    (x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32
    (x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\FLAGS
    (x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR
    C:\PROGRAM FILES (X86)\YONTOO\YONTOOIECLIENT.DLL
    (x86) HKU\S-1-5-21-1644719223-3342795541-3147804208-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32#ThreadingModel
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\Programmable
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\TypeLib
    (x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID
    (x86) HKCR\YontooIEClient.Api.1
    (x86) HKCR\YontooIEClient.Api.1\CLSID
    (x86) HKCR\YontooIEClient.Api
    (x86) HKCR\YontooIEClient.Api\CLSID
    (x86) HKCR\YontooIEClient.Api\CurVer
    (x86) HKU\S-1-5-21-1644719223-3342795541-3147804208-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    (x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    (x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ProxyStubClsid32
    (x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib
    (x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib#Version
    (x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    (x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ProxyStubClsid32
    (x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib
    (x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib#Version

    Trojan.Agent/Gen-PhotoBot
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\007.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\008.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\009.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\010.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\011.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\012.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\013.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\014.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\015.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\016.JPG.EXE
    C:\USERS\REG\DOCUMENTS\DOS DRIVE\017.JPG.EXE



    Malwarebytes : Free anti-malware download

    Database version: v2013.03.12.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    reg :: REG-PC [administrator]

    Protection: Enabled

    12/03/2013 7:19:09 PM
    mbam-log-2013-03-12 (19-19-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211222
    Time elapsed: 8 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\reg\Favorites\Free Porn & Adult Videos Forum.url (Rogue.Link) -> Quarantined and deleted successfully.

    (end)



    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    C:\Users\reg\AppData\Roaming\Yontoo\YontooDesktop.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPService.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\reg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\525LZK45\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Do Not Track Me - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe" -a
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\reg\AppData\Roaming\Yontoo\YontooDesktop.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Do Not Track Me (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Phantasmat/Images/stg_drm.ocx
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Phantasmat/Images/armhelper.ocx
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Bell Canada Rc App Svc (BellCanadaRcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe
    O23 - Service: Bell Canada Con App Svc (CABellCanada) - SmithMicro Inc. - C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    O23 - Service: Novatel Wireless Device Helper (NWHelper) - Novatel Wireless Inc. - C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
    O23 - Service: Native WiFi Profile Importer (ProfileImpSvc) - SmithMicro Inc. - C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Bell\Mobile Connect\SwiCardDetect64.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15227 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi reg70,

    Sorry for delay,

    First

    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.


    Next

    Download and run Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop. Your Anti Virus will say this is malicious ignore it please.

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
      the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.


    Next

    Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Next

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


    In your next reply please post,

    • AdwCleaner.txt log.
    • JRT.txt log.
    • OTL.Txt log.
    • Extras.Txt log.
    • checkup.txt log


    Thanks
    Joe

  3. #3
    Member
    Join Date
    Mar 2013
    Posts
    9
    Points
    0

    Default

    Hi,thanks for the help.First off,i got the online banking thing fixed up.I deleted the last 2 programs that i downloaded before the trouble started,which was DIVX player and adobe reader(which the update notification came up while i was on a movie site). My problem now is if i leave my computer for a bit and come back,no programs will open. I then click on restart,but that will not work.I have to push the shut down button and restart that way.
    Enclosed is the logs you requested,except for the JRT log.Kept scanning,couldnt "X" out of it,and couldnt restart using mouse.I had to push the button again.


    # Updated 05/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : reg - REG-PC
    # Boot Mode : Normal
    # Running from : C:\Users\reg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ET4J7CR6\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\END
    Folder Found : C:\Program Files (x86)\1ClickDownload
    Folder Found : C:\Program Files (x86)\TornTV.com
    Folder Found : C:\Program Files (x86)\Vid-Saver
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\InstallMate
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Users\reg\AppData\Local\Babylon
    Folder Found : C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Folder Found : C:\Users\reg\AppData\Local\Vid-Saver
    Folder Found : C:\Users\reg\AppData\Roaming\Babylon
    Folder Found : C:\Users\reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
    Folder Found : C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions\crossriderapp3491@crossrider.com
    Folder Found : C:\Users\reg\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\Vid-Saver
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\BabylonToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Found : HKLM\SOFTWARE\Tarma Installer
    Key Found : HKU\S-1-5-21-1644719223-3342795541-3147804208-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Registry is clean.

    -\\ Mozilla Firefox v11.0 (en-US)

    File : C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\prefs.js

    Found : user_pref("extensions.crossriderapp3491.3491.InstallationThankYouPage", true);
    Found : user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1336314026);
    Found : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.searchUserConifrmation", false[...]
    Found : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setHomepage", false);
    Found : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setNewTab", false);
    Found : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setSearch", false);
    Found : user_pref("extensions.crossriderapp3491.3491.active", true);
    Found : user_pref("extensions.crossriderapp3491.3491.addressbar", "");
    Found : user_pref("extensions.crossriderapp3491.3491.affid", "0");
    Found : user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n_GPL_PID = 1140;\nfunction parse_ur[...]
    Found : user_pref("extensions.crossriderapp3491.3491.backgroundver", 6);
    Found : user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true);
    Found : user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", "");
    Found : user_pref("extensions.crossriderapp3491.3491.changeprevious", false);
    Found : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1336314026");
    Found : user_pref("extensions.crossriderapp3491.3491.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1336314026");
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.value", "1340132472");
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22");
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2224540%22");
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221147%22");
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Found : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%2234554%22");
    Found : user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your fa[...]
    Found : user_pref("extensions.crossriderapp3491.3491.domain", "");
    Found : user_pref("extensions.crossriderapp3491.3491.emailsig", "");
    Found : user_pref("extensions.crossriderapp3491.3491.enablesearch", false);
    Found : user_pref("extensions.crossriderapp3491.3491.exposesites", "");
    Found : user_pref("extensions.crossriderapp3491.3491.fbremoteurl", "");
    Found : user_pref("extensions.crossriderapp3491.3491.group", 0);
    Found : user_pref("extensions.crossriderapp3491.3491.homepage", "");
    Found : user_pref("extensions.crossriderapp3491.3491.iframe", false);
    Found : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
    Found : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
    Found : user_pref("extensions.crossriderapp3491.3491.js", "\n\nvar _GPL_PID=1140;\nArray.prototype.indexOf||[...]
    Found : user_pref("extensions.crossriderapp3491.3491.manifesturl", "");
    Found : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
    Found : user_pref("extensions.crossriderapp3491.3491.newtab", "");
    Found : user_pref("extensions.crossriderapp3491.3491.opensearch", "");
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils");
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 1);
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils");
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 1);
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE");
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1);
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper");
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 3);
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "/*!\n * jQuery JavaScript Lib[...]
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery");
    Found : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 1);
    Found : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16");
    Found : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15");
    Found : user_pref("extensions.crossriderapp3491.3491.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
    Found : user_pref("extensions.crossriderapp3491.3491.pluginsversion", 4);
    Found : user_pref("extensions.crossriderapp3491.3491.premium", true);
    Found : user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps");
    Found : user_pref("extensions.crossriderapp3491.3491.searchstatus", 0);
    Found : user_pref("extensions.crossriderapp3491.3491.setnewtab", false);
    Found : user_pref("extensions.crossriderapp3491.3491.settingsurl", "");
    Found : user_pref("extensions.crossriderapp3491.3491.thankyou", "hxxp://vid-saver.com/thankyou.html");
    Found : user_pref("extensions.crossriderapp3491.3491.updateinterval", 360);
    Found : user_pref("extensions.crossriderapp3491.3491.ver", 26);
    Found : user_pref("extensions.crossriderapp3491.adsOldValue", -1);
    Found : user_pref("extensions.crossriderapp3491.apps", "3491");
    Found : user_pref("extensions.crossriderapp3491.bic", "13805fcc738a5d8b84908ed1e0674556");
    Found : user_pref("extensions.crossriderapp3491.cid", 3491);
    Found : user_pref("extensions.crossriderapp3491.firstrun", false);
    Found : user_pref("extensions.crossriderapp3491.hadappinstalled", true);
    Found : user_pref("extensions.crossriderapp3491.installationdate", 1340130249);
    Found : user_pref("extensions.crossriderapp3491.lastcheck", 22369025);
    Found : user_pref("extensions.crossriderapp3491.lastcheckitem", 22369025);
    Found : user_pref("extensions.crossriderapp3491.misc.lastBgWorkerTimer", "1342141560648");
    Found : user_pref("extensions.crossriderapp3491.misc.lastDomWorkerTimer", "1342141560646");
    Found : user_pref("extensions.crossriderapp3491.updating", true);
    Found : user_pref("extensions.enabledAddons", "crossriderapp3491@crossrider.com:0.81.19,OneClickDownloader@O[...]
    Found : user_pref("keyword.URL", "hxxp://isearch.claro-search.com/?affID=114162&tt=3412_4&babsrc=KW_iclro&mn[...]
    Found : user_pref("browser.search.defaultenginename", "Claro Search");
    Found : user_pref("browser.search.selectedEngine", "Claro Search");
    Found : user_pref("browser.search.order.1", "Claro Search");
    Found : user_pref("browser.babylon.HPOnNewTab", "isearch.claro-search.com");
    Found : user_pref("browser.newtab.url", "hxxp://isearch.claro-search.com/?affID=114162&tt=3412_4&babsrc=NT_i[...]
    Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://isearch.claro-search.com/?affID=114162&tt[...]
    Found : user_pref("browser.startup.homepage", "hxxp://isearch.claro-search.com/?affID=114162&tt=3412_4&babsr[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [13295 octets] - [16/03/2013 06:53:58]

    ########## EOF - C:\AdwCleaner[R1].txt - [13356 octets] ##########

  4. #4
    Member
    Join Date
    Mar 2013
    Posts
    9
    Points
    0

    Default

    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Bitdefender Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java 7 Update 17
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Bitdefender Bitdefender 2012 vsserv.exe
    Bitdefender Bitdefender 2012 bdagent.exe
    Bitdefender Bitdefender 2012 updatesrv.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````


    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\reg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.77% Memory free
    9.82 Gb Paging File | 7.99 Gb Available in Paging File | 81.34% Paging File free
    Paging file location(s): c:\pagefile.sys 6036 6036 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 227.14 Gb Free Space | 79.34% Space Free | Partition Type: NTFS

    Computer Name: REG-PC | User Name: reg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe" = C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe:*:Enabled:SwiApiMuxXFirewallPolicy\StandardProfile\AuthorizedApplications\List]
    -- (Sierra Wireless, Inc.)
    "C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe" = C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1299A822-B78C-4EAB-87EC-9DAA50EDC4A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{15BFC377-032B-4802-B5A6-E7C8B3B1BC1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1FE56EFA-ACD3-40CB-87F0-93256C78CCA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{354AFEB1-616A-44B6-B33D-D02B4D577A54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{388DAB5A-9446-40E4-B48A-7F2AC695507E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{3AC28449-0AA1-4E2D-81D1-FA061BA3BEDE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{3BCA7CC5-4BCC-4F44-B8D3-68C4AFBB7034}" = lport=139 | protocol=6 | dir=in | app=system |
    "{40D530D0-1E71-42C2-AEAD-059523E6B107}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{4738C87B-C0B1-493B-B2E7-684C8579D474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B004039-41C4-44FB-9D09-66D0A2120B83}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{521E6482-5712-406B-BF7F-8BD84F925F1B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{52AB90C0-6C52-4E20-833B-374C2827B406}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{66E4EFA2-8183-4C60-9695-8A97D189C9D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7956B1C3-6E7A-4158-B599-84A4F7DF4AD1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{7CA8FEAA-08C9-4038-874A-E621285D4018}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7ECB75AD-459B-4957-8D6C-5183F7F7B349}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{94E6326F-BCBB-4C77-B122-21C9FC157651}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{988346C2-97CF-4EF3-8408-C3DDF510441B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9E9E9936-18DC-478D-8D93-1456F9E8D214}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BB51FD51-B44C-4DB5-90D2-56871272BC56}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BC3B2570-65C9-4383-BBFF-2F35C0163EF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BCB21B8B-EB3C-44BB-913B-75486E3B4F40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C95629FC-4A88-47E2-A4B1-5FDFF97922A7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{D79AC591-EDDB-4034-8BF3-21D0110F7838}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DF8D0292-AD95-4AE0-BF04-BEFD6C659C87}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E8104B85-E456-4E17-B245-8741C683091D}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FAC1E18A-9B5E-451A-80A5-3ADC83DA7F15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A9813B-240E-40FC-808A-76F8A6D6A7CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0584C4F0-F225-4D4C-9E47-0253EFDA52EA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{07EC2AF0-BE4F-4D97-9353-6ED714F20721}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{08C0794E-024C-4699-9716-F71EC86E4158}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{0CFFCF0F-9164-4E19-9226-C7E651EC1211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{155DF7F2-C18B-4319-BB0F-4C6741918C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "{1820E3AF-F9E5-43B8-957E-4EE389C6D770}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1E96582D-3F54-4AB1-A7F1-459AB047247B}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{21794B7D-038C-46C3-ABB2-BA02D7D5331A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{25099DC9-B056-425F-965E-6A999BCE0C94}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{274B5708-F6D2-48D9-91D7-C23F109C895F}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "{35685140-DCC2-48BD-A959-5802998F9FF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{382FFB22-49FD-4541-8F41-F9E91CA1E533}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "{3E1386CF-7148-4386-B056-DC4B3AC030E9}" = protocol=6 | dir=out | app=system |
    "{3FAB3AF9-64E4-4106-B838-0896C1BE5981}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{440C9402-DCBE-4A95-A4F8-366E9E630BB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{44A8B54C-AD4E-4E60-89B4-D3A0F3FA6A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4F63BC3F-A583-4BB0-97F7-CEBB34765F0B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{519C3A84-5373-4430-B4DF-182AC5413007}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "{6EA1DE0B-B5FE-4686-B7B1-1403ABEFB189}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{70CAE082-9CF5-4371-B16B-FEC4B9E088C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxddcoms.exe |
    "{71D813A3-3867-446D-86D9-67B136439D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{72A2D21F-441F-4F45-BB74-35B501C7AC68}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{79C75C99-135E-47FA-B78A-D7DE26665F27}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe |
    "{7BB0F5A5-FF3B-43DB-B88B-914F14DDDCD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7FCA9BB7-0C28-4813-A51D-236F5824F77D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{82C88CF0-9204-4A5C-8597-6B0A4CF6F443}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxddcoms.exe |
    "{84EA62E0-A1F4-41E7-A683-125209561764}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{873D9926-3DFE-4244-A430-A8359B90C159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{914341FA-4D3A-41E7-9570-C96D011B8C8D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
    "{961CC15B-63EC-4C81-8759-1EA6230821B6}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{994EB719-1115-491D-A3A3-66DDA515F009}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{9D77039D-B82B-4461-A515-48EDEF395BDF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9E6B2001-CF98-4C9B-88CB-0CCAC55E40A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{9F8FE757-30C3-4BA3-A441-9D5AF2E06766}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{A83396A6-9CB4-4011-8F95-4656675A987B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
    "{BAD758FC-3CF7-4050-BB00-04C2884B0F08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BD245D7F-F615-4589-B0CC-13A4B17C583A}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{BD98A298-8688-4DD4-B3C7-C1F3708AEA85}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe |
    "{CEFF9467-B106-4ADB-8156-DE248F0C7A28}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{D407B5FF-892F-4B45-BC13-54C5E043E354}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{D44B1660-1054-4F94-B4A6-92F0CC1C08FC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{D6601AEC-0451-4E93-BA47-DDAC184313A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DB538661-43B2-49A9-A659-B0DAADE08141}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{DDC24367-B5A8-4B79-B64B-85A271AFB9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E4C9BD46-DB26-4F1E-BC99-07E6F836DD28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{ECD59C57-5896-4A19-B026-33249D14A75B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
    "{F3B830B6-CE9C-43E8-A83E-2B4E14315A12}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{F572A226-606C-41CE-A006-CCE943E180DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F7D2772F-0B81-426F-8578-141D6C46D434}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "TCP Query User{0A142DE5-553A-4C5A-B023-3EE7990BF66E}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
    "TCP Query User{1C39AF90-56DC-4535-99CD-B4B8B8E5F6FD}C:\program files (x86)\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "TCP Query User{443AA167-CF3E-4C96-A9E4-1991D1ADEE67}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
    "TCP Query User{B2C92182-0D45-40EF-94D9-5AF8D66D0798}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{C403EFBB-D2CC-4DE9-9E9D-D2848353AE57}C:\program files (x86)\lexmark 2500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "TCP Query User{CC58243D-F47B-4F22-AD6B-81D7D0F67646}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{1778814F-C119-4C80-AEF5-6C182A4E809C}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
    "UDP Query User{6F55F958-08F9-442C-9EB9-ACD755E0517C}C:\program files (x86)\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "UDP Query User{8A2DE6C3-4D39-45D4-A1D5-03C23C281178}C:\program files (x86)\lexmark 2500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "UDP Query User{DAA0ADCB-A98C-4180-A90D-B4014B5BAFA2}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{E14C171B-5712-4E32-8AE8-D96ED727603A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{EC0562BA-1C50-4B98-9C16-66FB7892A01D}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)
    "{2485EC57-64F8-45BB-8130-E50E2EA75A6E}" = Mobile Connect
    "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Bitdefender" = Bitdefender Antivirus Plus 2012
    "CCleaner" = CCleaner
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Lexmark 2500 Series" = Lexmark 2500 Series
    "Lexmark Fax Solutions" = Lexmark Fax Solutions
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
    "{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{75DBFE59-6890-4531-8D4B-0285BCFCE815}" = Bell Mobile Broadband Drivers
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "888poker" = 888poker
    "AC3Filter_is1" = AC3Filter 2.5b
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "BFGC" = Big Fish Games: Game Manager
    "Flash Player Pro_is1" = Flash Player Pro V5.4
    "GridVista" = Acer GridVista
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "TeamViewer 7" = TeamViewer 7
    "Vid-Saver" = Vid-Saver
    "VLC media player" = VLC media player 1.1.8
    "WildTangent acer Master Uninstall" = Acer Games
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "ExpressFiles" = ExpressFiles
    "Internet Banking Payment Assistant" = Internet Banking Payment Assistant 2.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:25:31 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 7:41:46 PM | Computer Name = reg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: vlc.exe, version: 1.1.8.0, time stamp:
    0x4d8945dd Faulting module name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd
    Exception
    code: 0xc0000005 Fault offset: 0x000017b2 Faulting process id: 0x94 Faulting application
    start time: 0x01cddf0b8e79dc05 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    Faulting
    module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: d08c038c-4afe-11e2-bfd2-00262d77aecf

    [ System Events ]
    Error - 16/03/2013 4:01:08 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 16/03/2013 4:16:12 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 16/03/2013 4:30:12 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 16/03/2013 4:37:20 PM | Computer Name = reg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:06:16 PM on ?16/?03/?2013 was unexpected.

    Error - 16/03/2013 4:38:25 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    trufos

    Error - 16/03/2013 5:10:54 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 16/03/2013 6:29:08 PM | Computer Name = reg-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 16/03/2013 6:50:49 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the RpcSs service.

    Error - 16/03/2013 6:52:16 PM | Computer Name = reg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:20:49 PM on ?16/?03/?2013 was unexpected.

    Error - 16/03/2013 6:53:00 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    trufos


    < End of report >


    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\reg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.77% Memory free
    9.82 Gb Paging File | 7.99 Gb Available in Paging File | 81.34% Paging File free
    Paging file location(s): c:\pagefile.sys 6036 6036 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 227.14 Gb Free Space | 79.34% Space Free | Partition Type: NTFS

    Computer Name: REG-PC | User Name: reg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\reg\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    PRC - C:\Windows\PLFSetI.exe ()
    PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\Users\reg\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll ()
    MOD - C:\Windows\PLFSetI.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
    SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
    SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
    SRV:64bit: - (lxdd_device) -- C:\Windows\SysNative\lxddcoms.exe ( )
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (BellCanadaRcAppSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
    SRV - (ProfileImpSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe (SmithMicro Inc.)
    SRV - (CABellCanada) -- C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
    SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\SwiCardDetect64.exe (Sierra Wireless, Inc.)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe (Novatel Wireless Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
    SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (lxdd_device) -- C:\Windows\SysWOW64\lxddcoms.exe ( )


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
    DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
    DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (bdsandbox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
    DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
    DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
    DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
    DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
    DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
    DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (swg3kser00) -- C:\Windows\SysNative\drivers\swg3kser00.sys (Sierra Wireless Incorporated)
    DRV:64bit: - (SWNC8UA3) -- C:\Windows\SysNative\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
    DRV:64bit: - (swiwdmbx) -- C:\Windows\SysNative\drivers\swiwdmbx64.sys (Sierra Wireless Inc.)
    DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
    DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
    DRV:64bit: - (ss_bus) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
    DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=114162&tt=3412_4&babsrc=SP_iclro&mntrId=9473a8530000000000000017c4d84cc0
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA430
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: crossriderapp3491@crossrider.com:0.81.19
    FF - prefs.js..extensions.enabledAddons: OneClickDownloader@OneClickDownloader.com:1.2
    FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0
    FF - prefs.js..keyword.URL: "http://isearch.claro-search.com/?affID=114162&tt=3412_4&babsrc=KW_iclro&mntrId=9473a8530000000000000017c4d84cc0&q="
    FF - prefs.js..browser.search.defaultenginename: "Claro Search"
    FF - prefs.js..browser.search.selectedEngine: "Claro Search"
    FF - prefs.js..browser.search.order.1: "Claro Search"
    FF - prefs.js..browser.startup.homepage: "http://isearch.claro-search.com/?affID=114162&tt=3412_4&babsrc=HP_iclro&mntrId=9473a8530000000000000017c4d84cc0"


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

    [2012/03/17 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Extensions
    [2013/03/14 11:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions
    [2012/05/06 11:50:29 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions\crossriderapp3491@crossrider.com
    [2012/05/21 01:43:59 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi

    ========== Chrome ==========

    CHR - homepage: Google
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: Google
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: 1Click Downloader = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\
    CHR - Extension: Skype Click to Call = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
    CHR - Extension: Vid-Saver = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.17.19_0\

    O1 HOSTS File: ([2009/06/10 18:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)
    O4:64bit: - HKLM..\Run: [LXDDCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXDDtime.DLL (Lexmark International, Inc.)
    O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Bell Canada Connection Manager] C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe (Bell)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEFFE044-84AE-41F2-8113-71C4DA3FE783}: DhcpNameServer = 207.231.231.254 206.47.201.246
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{0adc025c-4a4d-11e2-8a19-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{0adc025c-4a4d-11e2-8a19-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O33 - MountPoints2\{c8fdbce7-ebdf-11e1-9b7a-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{c8fdbce7-ebdf-11e1-9b7a-00262d77aecf}\Shell\AutoRun\command - "" = F:\AutoLaunch.exe
    O33 - MountPoints2\{d611254c-d779-11e1-b968-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d611254c-d779-11e1-b968-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{d6112564-d779-11e1-b968-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d6112564-d779-11e1-b968-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{d9fc5746-dceb-11e1-9681-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9fc5746-dceb-11e1-9681-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O33 - MountPoints2\{d9fc57cb-dceb-11e1-9681-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9fc57cb-dceb-11e1-9681-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/16 20:32:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\reg\Desktop\OTL.exe
    [2013/03/16 07:06:02 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\reg\Desktop\JRT.exe
    [2013/03/16 07:00:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/03/16 06:58:48 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/03/15 21:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2013/03/15 19:45:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 19:43:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/14 00:16:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/03/14 00:16:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/03/14 00:16:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/03/14 00:16:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/03/14 00:16:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/03/14 00:16:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/03/14 00:16:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/03/14 00:16:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/03/14 00:16:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/03/14 00:16:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/03/14 00:16:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/03/14 00:16:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/03/14 00:16:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/03/14 00:16:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/03/14 00:16:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/03/12 20:43:53 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/03/12 19:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/12 19:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/12 19:11:19 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Programs
    [2013/03/12 17:58:35 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SUPERAntiSpyware.com
    [2013/03/12 17:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/03/12 17:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/03/12 17:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/03/12 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
    [2013/03/12 09:38:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\My Vaults
    [2013/03/12 00:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\microsoft
    [2013/03/11 13:51:55 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
    [2013/03/11 13:51:53 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2013/03/11 13:47:33 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Proxure
    [2013/03/11 13:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
    [2013/03/08 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\{7A8D5F58-A3ED-4713-8AE8-F952200797EB}
    [2013/03/07 00:01:20 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/03/07 00:01:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/03/07 00:01:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/03/07 00:01:10 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/03/07 00:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/03/01 20:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/03/01 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/03/01 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2013/02/27 22:32:51 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/02/27 22:32:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/02/27 22:32:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/02/27 22:32:51 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/02/27 22:32:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/02/27 22:32:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/02/27 22:32:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/02/27 22:32:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/02/27 22:32:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/27 22:32:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/27 22:32:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/27 22:32:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/02/27 22:32:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/02/27 22:32:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/02/27 22:32:42 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/02/27 22:32:42 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/02/27 22:32:42 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/02/27 22:32:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/02/27 22:32:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/27 22:32:41 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/02/27 22:32:41 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/02/27 22:32:41 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/02/27 22:32:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/02/27 22:32:41 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/02/27 22:32:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/02/27 22:32:41 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/02/27 12:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
    [2013/02/21 23:23:00 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 23:13:20 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
    [2013/02/19 16:37:03 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Apps

    ========== Files - Modified Within 30 Days ==========

    [2013/03/16 20:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\reg\Desktop\OTL.exe
    [2013/03/16 20:30:06 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/16 20:30:06 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/16 20:28:46 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/16 20:28:46 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/16 20:28:46 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/16 20:27:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/16 20:22:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/16 20:22:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/03/16 20:21:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/16 20:21:48 | 3165,327,360 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/16 15:51:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/16 07:06:07 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\reg\Desktop\JRT.exe
    [2013/03/16 07:05:31 | 000,890,798 | ---- | M] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 20:18:23 | 487,434,356 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 19:47:12 | 000,377,856 | ---- | M] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/15 19:45:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 19:43:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/15 17:58:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/12 21:55:05 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/03/12 21:55:05 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/03/12 19:17:25 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/12 19:11:37 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 17:58:30 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 15:56:24 | 000,000,000 | ---- | M] () -- C:\END
    [2013/03/12 15:55:25 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 14:11:31 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 13:47:58 | 000,000,288 | ---- | M] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/07 00:01:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/03/07 00:01:04 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/03/07 00:01:04 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/03/07 00:01:04 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/03/07 00:01:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/03/07 00:01:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/03/06 16:21:39 | 000,424,807 | ---- | M] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2013/03/06 09:50:44 | 000,000,240 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
    [2013/02/21 23:23:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 23:13:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

    ========== Files Created - No Company Name ==========

    [2013/03/16 07:05:30 | 000,890,798 | ---- | C] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 20:18:23 | 487,434,356 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 19:47:12 | 000,377,856 | ---- | C] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/12 19:11:37 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 17:58:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/12 17:58:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/12 17:58:30 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 15:55:25 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 15:54:41 | 000,000,000 | ---- | C] () -- C:\END
    [2013/03/12 14:11:31 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 13:47:58 | 000,000,288 | ---- | C] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/06 16:21:35 | 000,424,807 | ---- | C] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2012/12/03 13:04:04 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
    [2012/12/03 13:04:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
    [2012/12/03 13:03:56 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
    [2012/12/03 13:03:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
    [2012/12/03 13:03:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
    [2012/12/03 13:03:32 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
    [2012/12/03 13:03:31 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
    [2012/12/03 13:03:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
    [2012/12/03 13:03:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe
    [2012/12/03 13:03:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
    [2012/12/03 13:03:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
    [2012/12/03 13:03:21 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe
    [2012/12/03 13:03:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
    [2012/12/03 13:03:18 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe
    [2012/12/03 13:03:14 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
    [2012/12/03 13:03:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
    [2012/12/03 13:03:12 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe
    [2012/11/11 13:50:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/03/08 09:27:00 | 000,163,642 | ---- | C] () -- C:\ProgramData\1331207614.bdinstall.bin
    [2012/02/29 14:04:07 | 001,141,571 | ---- | C] () -- C:\ProgramData\1330519166.bdinstall.bin
    [2012/02/29 10:05:52 | 000,291,462 | ---- | C] () -- C:\ProgramData\1330517945.bdinstall.bin
    [2012/02/28 21:26:31 | 000,000,783 | ---- | C] () -- C:\ProgramData\1330473362.4432.bin
    [2012/02/28 21:26:10 | 000,006,245 | ---- | C] () -- C:\ProgramData\1330473362.3960.bin
    [2012/02/28 21:26:08 | 001,402,986 | ---- | C] () -- C:\ProgramData\1330473362.5092.bin
    [2012/02/28 21:26:08 | 000,010,196 | ---- | C] () -- C:\ProgramData\1330473362.5088.bin
    [2012/02/28 21:26:08 | 000,001,698 | ---- | C] () -- C:\ProgramData\1330473362.5096.bin
    [2012/02/28 21:26:08 | 000,000,739 | ---- | C] () -- C:\ProgramData\1330473362.5100.bin
    [2012/02/28 21:26:05 | 001,486,683 | ---- | C] () -- C:\ProgramData\1330473362.5064.bin
    [2012/02/28 21:26:03 | 000,005,716 | ---- | C] () -- C:\ProgramData\1330473362.5052.bin
    [2012/02/28 21:26:02 | 000,043,876 | ---- | C] () -- C:\ProgramData\1330473362.4952.bin
    [2012/02/28 20:55:08 | 000,029,203 | ---- | C] () -- C:\ProgramData\1330470337.1300.bin
    [2012/02/28 20:36:02 | 000,032,372 | ---- | C] () -- C:\ProgramData\1330470337.924.bin
    [2012/02/28 20:36:01 | 000,006,242 | ---- | C] () -- C:\ProgramData\1330470337.4824.bin
    [2012/02/28 20:35:46 | 000,010,165 | ---- | C] () -- C:\ProgramData\1330470337.4980.bin
    [2012/02/28 20:35:46 | 000,004,337 | ---- | C] () -- C:\ProgramData\1330470337.3800.bin
    [2012/02/28 20:35:46 | 000,001,815 | ---- | C] () -- C:\ProgramData\1330470337.364.bin
    [2012/02/28 20:35:46 | 000,001,783 | ---- | C] () -- C:\ProgramData\1330470337.3124.bin
    [2012/02/28 20:35:39 | 000,110,265 | ---- | C] () -- C:\ProgramData\1330470337.2488.bin
    [2012/02/28 20:35:38 | 000,009,029 | ---- | C] () -- C:\ProgramData\1330470337.1208.bin
    [2012/02/28 20:35:37 | 000,049,543 | ---- | C] () -- C:\ProgramData\1330470337.1652.bin
    [2011/11/17 20:33:10 | 000,006,656 | ---- | C] () -- C:\Users\reg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/08 14:05:21 | 000,000,229 | ---- | C] () -- C:\ProgramData\settings.xml
    [2011/07/06 23:08:45 | 000,001,207 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/05 20:48:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/06/04 23:32:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2011/05/06 12:51:24 | 000,000,208 | ---- | C] () -- C:\Users\reg\AppData\Roaming\wklnhst.dat
    [2011/05/02 20:25:49 | 000,706,526 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/05/02 14:22:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2011/05/02 14:22:27 | 000,001,542 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2011/05/02 12:38:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2011/05/02 12:38:02 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2011/05/02 12:38:02 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
    [2010/07/08 14:07:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 02:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 03:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/06/14 04:19:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\4 Friends Games
    [2012/06/26 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    [2012/02/19 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Alawar Stargaze
    [2012/06/19 04:51:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\AlawarEntertainment
    [2012/02/06 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Amaranth Games
    [2012/04/16 22:22:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Anarchy
    [2012/06/26 06:54:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artifex Mundi
    [2012/04/09 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artogon
    [2011/08/09 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Awem
    [2012/09/28 19:35:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Azureus
    [2012/03/08 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Bitdefender
    [2011/12/01 11:22:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\BlamGames
    [2012/11/19 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Blue Tea Games
    [2012/01/23 10:06:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boolat Games
    [2011/12/04 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boomzap
    [2011/09/16 11:38:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\casualArts
    [2011/12/07 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\cerasus.media
    [2012/11/23 16:28:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DAEMON Tools Lite
    [2012/10/12 14:12:35 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DailyMagic
    [2012/04/09 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Dark Blue Games
    [2011/11/16 14:06:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DarkParablesBriarRoseSE_BFG
    [2012/01/31 16:50:00 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Deep Shadows
    [2011/11/30 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DieselPuppet
    [2012/06/17 18:52:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Eipix
    [2012/01/30 10:40:11 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\EleFun Games
    [2013/01/29 17:41:18 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Elephant Games
    [2013/02/12 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ERS Game Studios
    [2012/08/10 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ExpressFiles
    [2011/11/10 16:28:12 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Fenomen Games
    [2012/06/26 11:40:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Freeze Tag
    [2012/04/16 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Friday's games
    [2011/11/10 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Frogwares
    [2012/05/20 16:23:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameDevo
    [2012/04/09 17:03:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameInvest
    [2012/04/20 18:34:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameMill Entertainment
    [2012/09/30 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GlarySoft
    [2012/12/20 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HdO Adventure
    [2011/10/13 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HitPoint Studios
    [2012/11/11 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Iroz Games
    [2012/05/05 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lazy Turtle Games
    [2012/12/03 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lexmark Imaging Studio
    [2012/06/17 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Mad Head Games
    [2012/01/23 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MagicIndie
    [2012/06/25 06:01:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MediaArt
    [2012/06/25 05:01:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Meridian93
    [2012/06/26 07:40:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Orneon
    [2012/12/20 17:34:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PacificPoker
    [2011/09/19 14:50:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Phantasmat_spintop_ce
    [2011/12/08 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFavoriteGames
    [2011/11/16 14:21:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFirst
    [2012/04/20 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayPond
    [2012/01/29 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\quickclick
    [2011/05/02 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\QuickScan
    [2011/11/08 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Red Dot
    [2012/12/14 19:47:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Rovio
    [2013/03/11 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2011/11/17 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Shareaza
    [2012/08/02 19:40:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Sierra Wireless
    [2012/06/21 15:59:17 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Silverback Productions
    [2011/07/28 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Skunk Studios
    [2011/11/07 16:42:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SMIGames
    [2012/07/16 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Specialbit
    [2011/09/19 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SpinTop
    [2011/07/27 20:25:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SulusGames
    [2012/05/07 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\tabagames
    [2011/06/06 12:14:23 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Template
    [2012/11/11 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ThreeDays2
    [2012/11/11 22:49:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\TitanicMystery
    [2011/05/06 00:25:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Trusteer
    [2012/01/29 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vast Studios
    [2011/11/11 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\VendelGAMES
    [2011/12/04 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vogat Interactive
    [2012/10/01 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\WildTangent
    [2013/01/25 00:44:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Windows Live Writer
    [2012/06/14 05:19:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\World-LooM
    [2012/01/30 15:48:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/02/28 18:51:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    [2012/02/28 18:51:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B1381B34
    @Alternate Data Stream - 250 bytes -> C:\ProgramData\Temp:37C279BE
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:EDDBC69E
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:8075370B
    @Alternate Data Stream - 16 bytes -> C:\Users\reg\Downloads:Shareaza.GUID
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:84C34762
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:319D783D
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:4244811A
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9BB8C675
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E40AB54F
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:98CF1A39
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:ED2D63E4
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AABECEFB
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:A819A132
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9195103F
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6CF828C2
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1604D047
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:14B2E0BD
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8E11CC80
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:754E278B
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:371060CE
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:18B5F839
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:7BE5BAAB
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:27A88EF2
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp026A5A4
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:CB8C8B5D
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FB71A279
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E402E439
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C37283B5
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C178954A
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:8AE92FD3
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1E2D49E0
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:18DEBC51
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:12D21A9A
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F5B51004
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp6D084A5
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:823606DE
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6294B369
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AD020DC3
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0BACBDD9
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F68CB1A4
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:041ED421
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:BF6A2C54
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:53DF59D1
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3EC5BC08
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E87AB4E3
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5E73E1C2
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2A874675
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EE198B1F
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E40D7F76
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C0BCE04B
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B4258C5D
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A5584049
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:762408BA
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2AD33723
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:18A25CF1
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FCBEDCFD
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:587F3582
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1416AAA6
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:114C90CA
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:98CD9221
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:887F3A41
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6896CCCE
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ED0B32CA
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TempBC3D477
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A9056F42
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A6F30843
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:9F3CEEE6
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6E2D80C8
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5133A494
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2AE74FF9
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0F64164E
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:092BD83A
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CC141B05
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A8185163
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:943971F5
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6ECE93A8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5FC043A8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2B40A7DB
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TempC7EDF41
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:952245B1
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CD3F344
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:398EFF0F
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:31C9BA96
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:27974442
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F156EE59
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EE2DD6CC
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:58E38390
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:28DFF83F
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FDEE14AC
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9E05DEB0
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:43CBFAB2
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3C4BD225
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:852F2262
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:834DD57E
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:4C9782FB
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:206470A5
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:35501BA4
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F26F5952
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C6920A5D
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BEE39E9B
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A798AA1A
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:12258D63
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C370B84F
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:90C320E1
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5520ED93
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:26499772
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F2D66591
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1E942FB9
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6A0A47E7
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5ECEFF17
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1A15E356
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:927EC486
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2D2461E7
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:1B96CF22
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BBC9C1EB
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:65137F0D
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5084131D
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BEF18713
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:72A1B66A
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5A9F1AE5
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5496666
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8029E75F
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:1ECED34B
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:13CDB0E0
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A6D89509
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:4EFA2FC7
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BCFEA004
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4241298
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp226A81A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TempBEF355E

    < End of report >

  5. #5
    Member
    Join Date
    Mar 2013
    Posts
    9
    Points
    0

    Default

    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Bitdefender Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java 7 Update 17
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Bitdefender Bitdefender 2012 vsserv.exe
    Bitdefender Bitdefender 2012 bdagent.exe
    Bitdefender Bitdefender 2012 updatesrv.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````


    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\reg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.77% Memory free
    9.82 Gb Paging File | 7.99 Gb Available in Paging File | 81.34% Paging File free
    Paging file location(s): c:\pagefile.sys 6036 6036 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 227.14 Gb Free Space | 79.34% Space Free | Partition Type: NTFS

    Computer Name: REG-PC | User Name: reg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe" = C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe:*:Enabled:SwiApiMuxXFirewallPolicy\StandardProfile\AuthorizedApplications\List]
    -- (Sierra Wireless, Inc.)
    "C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe" = C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1299A822-B78C-4EAB-87EC-9DAA50EDC4A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{15BFC377-032B-4802-B5A6-E7C8B3B1BC1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1FE56EFA-ACD3-40CB-87F0-93256C78CCA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{354AFEB1-616A-44B6-B33D-D02B4D577A54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{388DAB5A-9446-40E4-B48A-7F2AC695507E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{3AC28449-0AA1-4E2D-81D1-FA061BA3BEDE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{3BCA7CC5-4BCC-4F44-B8D3-68C4AFBB7034}" = lport=139 | protocol=6 | dir=in | app=system |
    "{40D530D0-1E71-42C2-AEAD-059523E6B107}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{4738C87B-C0B1-493B-B2E7-684C8579D474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B004039-41C4-44FB-9D09-66D0A2120B83}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{521E6482-5712-406B-BF7F-8BD84F925F1B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{52AB90C0-6C52-4E20-833B-374C2827B406}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{66E4EFA2-8183-4C60-9695-8A97D189C9D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7956B1C3-6E7A-4158-B599-84A4F7DF4AD1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{7CA8FEAA-08C9-4038-874A-E621285D4018}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7ECB75AD-459B-4957-8D6C-5183F7F7B349}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{94E6326F-BCBB-4C77-B122-21C9FC157651}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{988346C2-97CF-4EF3-8408-C3DDF510441B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9E9E9936-18DC-478D-8D93-1456F9E8D214}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BB51FD51-B44C-4DB5-90D2-56871272BC56}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BC3B2570-65C9-4383-BBFF-2F35C0163EF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BCB21B8B-EB3C-44BB-913B-75486E3B4F40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C95629FC-4A88-47E2-A4B1-5FDFF97922A7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{D79AC591-EDDB-4034-8BF3-21D0110F7838}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DF8D0292-AD95-4AE0-BF04-BEFD6C659C87}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E8104B85-E456-4E17-B245-8741C683091D}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FAC1E18A-9B5E-451A-80A5-3ADC83DA7F15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A9813B-240E-40FC-808A-76F8A6D6A7CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0584C4F0-F225-4D4C-9E47-0253EFDA52EA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{07EC2AF0-BE4F-4D97-9353-6ED714F20721}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{08C0794E-024C-4699-9716-F71EC86E4158}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{0CFFCF0F-9164-4E19-9226-C7E651EC1211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{155DF7F2-C18B-4319-BB0F-4C6741918C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "{1820E3AF-F9E5-43B8-957E-4EE389C6D770}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1E96582D-3F54-4AB1-A7F1-459AB047247B}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{21794B7D-038C-46C3-ABB2-BA02D7D5331A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{25099DC9-B056-425F-965E-6A999BCE0C94}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{274B5708-F6D2-48D9-91D7-C23F109C895F}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "{35685140-DCC2-48BD-A959-5802998F9FF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{382FFB22-49FD-4541-8F41-F9E91CA1E533}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "{3E1386CF-7148-4386-B056-DC4B3AC030E9}" = protocol=6 | dir=out | app=system |
    "{3FAB3AF9-64E4-4106-B838-0896C1BE5981}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{440C9402-DCBE-4A95-A4F8-366E9E630BB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{44A8B54C-AD4E-4E60-89B4-D3A0F3FA6A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4F63BC3F-A583-4BB0-97F7-CEBB34765F0B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{519C3A84-5373-4430-B4DF-182AC5413007}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "{6EA1DE0B-B5FE-4686-B7B1-1403ABEFB189}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{70CAE082-9CF5-4371-B16B-FEC4B9E088C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxddcoms.exe |
    "{71D813A3-3867-446D-86D9-67B136439D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{72A2D21F-441F-4F45-BB74-35B501C7AC68}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{79C75C99-135E-47FA-B78A-D7DE26665F27}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe |
    "{7BB0F5A5-FF3B-43DB-B88B-914F14DDDCD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7FCA9BB7-0C28-4813-A51D-236F5824F77D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{82C88CF0-9204-4A5C-8597-6B0A4CF6F443}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxddcoms.exe |
    "{84EA62E0-A1F4-41E7-A683-125209561764}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{873D9926-3DFE-4244-A430-A8359B90C159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{914341FA-4D3A-41E7-9570-C96D011B8C8D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
    "{961CC15B-63EC-4C81-8759-1EA6230821B6}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{994EB719-1115-491D-A3A3-66DDA515F009}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{9D77039D-B82B-4461-A515-48EDEF395BDF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9E6B2001-CF98-4C9B-88CB-0CCAC55E40A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{9F8FE757-30C3-4BA3-A441-9D5AF2E06766}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{A83396A6-9CB4-4011-8F95-4656675A987B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
    "{BAD758FC-3CF7-4050-BB00-04C2884B0F08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BD245D7F-F615-4589-B0CC-13A4B17C583A}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{BD98A298-8688-4DD4-B3C7-C1F3708AEA85}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe |
    "{CEFF9467-B106-4ADB-8156-DE248F0C7A28}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{D407B5FF-892F-4B45-BC13-54C5E043E354}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{D44B1660-1054-4F94-B4A6-92F0CC1C08FC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{D6601AEC-0451-4E93-BA47-DDAC184313A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DB538661-43B2-49A9-A659-B0DAADE08141}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{DDC24367-B5A8-4B79-B64B-85A271AFB9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E4C9BD46-DB26-4F1E-BC99-07E6F836DD28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{ECD59C57-5896-4A19-B026-33249D14A75B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
    "{F3B830B6-CE9C-43E8-A83E-2B4E14315A12}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{F572A226-606C-41CE-A006-CCE943E180DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F7D2772F-0B81-426F-8578-141D6C46D434}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "TCP Query User{0A142DE5-553A-4C5A-B023-3EE7990BF66E}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
    "TCP Query User{1C39AF90-56DC-4535-99CD-B4B8B8E5F6FD}C:\program files (x86)\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "TCP Query User{443AA167-CF3E-4C96-A9E4-1991D1ADEE67}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
    "TCP Query User{B2C92182-0D45-40EF-94D9-5AF8D66D0798}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{C403EFBB-D2CC-4DE9-9E9D-D2848353AE57}C:\program files (x86)\lexmark 2500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "TCP Query User{CC58243D-F47B-4F22-AD6B-81D7D0F67646}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{1778814F-C119-4C80-AEF5-6C182A4E809C}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
    "UDP Query User{6F55F958-08F9-442C-9EB9-ACD755E0517C}C:\program files (x86)\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |
    "UDP Query User{8A2DE6C3-4D39-45D4-A1D5-03C23C281178}C:\program files (x86)\lexmark 2500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |
    "UDP Query User{DAA0ADCB-A98C-4180-A90D-B4014B5BAFA2}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{E14C171B-5712-4E32-8AE8-D96ED727603A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{EC0562BA-1C50-4B98-9C16-66FB7892A01D}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)
    "{2485EC57-64F8-45BB-8130-E50E2EA75A6E}" = Mobile Connect
    "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Bitdefender" = Bitdefender Antivirus Plus 2012
    "CCleaner" = CCleaner
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Lexmark 2500 Series" = Lexmark 2500 Series
    "Lexmark Fax Solutions" = Lexmark Fax Solutions
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
    "{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{75DBFE59-6890-4531-8D4B-0285BCFCE815}" = Bell Mobile Broadband Drivers
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "888poker" = 888poker
    "AC3Filter_is1" = AC3Filter 2.5b
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "BFGC" = Big Fish Games: Game Manager
    "Flash Player Pro_is1" = Flash Player Pro V5.4
    "GridVista" = Acer GridVista
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "TeamViewer 7" = TeamViewer 7
    "Vid-Saver" = Vid-Saver
    "VLC media player" = VLC media player 1.1.8
    "WildTangent acer Master Uninstall" = Acer Games
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "ExpressFiles" = ExpressFiles
    "Internet Banking Payment Assistant" = Internet Banking Payment Assistant 2.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 17/12/2012 11:07:25 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:25:31 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 12:27:24 PM | Computer Name = reg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/12/2012 7:41:46 PM | Computer Name = reg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: vlc.exe, version: 1.1.8.0, time stamp:
    0x4d8945dd Faulting module name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd
    Exception
    code: 0xc0000005 Fault offset: 0x000017b2 Faulting process id: 0x94 Faulting application
    start time: 0x01cddf0b8e79dc05 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    Faulting
    module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: d08c038c-4afe-11e2-bfd2-00262d77aecf

    [ System Events ]
    Error - 16/03/2013 4:01:08 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 16/03/2013 4:16:12 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 16/03/2013 4:30:12 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 16/03/2013 4:37:20 PM | Computer Name = reg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:06:16 PM on ?16/?03/?2013 was unexpected.

    Error - 16/03/2013 4:38:25 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    trufos

    Error - 16/03/2013 5:10:54 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 16/03/2013 6:29:08 PM | Computer Name = reg-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 16/03/2013 6:50:49 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the RpcSs service.

    Error - 16/03/2013 6:52:16 PM | Computer Name = reg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:20:49 PM on ?16/?03/?2013 was unexpected.

    Error - 16/03/2013 6:53:00 PM | Computer Name = reg-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    trufos


    < End of report >


    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\reg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.77% Memory free
    9.82 Gb Paging File | 7.99 Gb Available in Paging File | 81.34% Paging File free
    Paging file location(s): c:\pagefile.sys 6036 6036 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 227.14 Gb Free Space | 79.34% Space Free | Partition Type: NTFS

    Computer Name: REG-PC | User Name: reg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\reg\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    PRC - C:\Windows\PLFSetI.exe ()
    PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\Users\reg\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll ()
    MOD - C:\Windows\PLFSetI.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
    SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
    SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
    SRV:64bit: - (lxdd_device) -- C:\Windows\SysNative\lxddcoms.exe ( )
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (BellCanadaRcAppSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
    SRV - (ProfileImpSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe (SmithMicro Inc.)
    SRV - (CABellCanada) -- C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
    SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\SwiCardDetect64.exe (Sierra Wireless, Inc.)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe (Novatel Wireless Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
    SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (lxdd_device) -- C:\Windows\SysWOW64\lxddcoms.exe ( )


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
    DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
    DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (bdsandbox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
    DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
    DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
    DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
    DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
    DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
    DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (swg3kser00) -- C:\Windows\SysNative\drivers\swg3kser00.sys (Sierra Wireless Incorporated)
    DRV:64bit: - (SWNC8UA3) -- C:\Windows\SysNative\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
    DRV:64bit: - (swiwdmbx) -- C:\Windows\SysNative\drivers\swiwdmbx64.sys (Sierra Wireless Inc.)
    DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
    DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
    DRV:64bit: - (ss_bus) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
    DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=114162&tt=3412_4&babsrc=SP_iclro&mntrId=9473a8530000000000000017c4d84cc0
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA430
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: crossriderapp3491@crossrider.com:0.81.19
    FF - prefs.js..extensions.enabledAddons: OneClickDownloader@OneClickDownloader.com:1.2
    FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0
    FF - prefs.js..keyword.URL: "http://isearch.claro-search.com/?affID=114162&tt=3412_4&babsrc=KW_iclro&mntrId=9473a8530000000000000017c4d84cc0&q="
    FF - prefs.js..browser.search.defaultenginename: "Claro Search"
    FF - prefs.js..browser.search.selectedEngine: "Claro Search"
    FF - prefs.js..browser.search.order.1: "Claro Search"
    FF - prefs.js..browser.startup.homepage: "http://isearch.claro-search.com/?affID=114162&tt=3412_4&babsrc=HP_iclro&mntrId=9473a8530000000000000017c4d84cc0"


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

    [2012/03/17 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Extensions
    [2013/03/14 11:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions
    [2012/05/06 11:50:29 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions\crossriderapp3491@crossrider.com
    [2012/05/21 01:43:59 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi

    ========== Chrome ==========

    CHR - homepage: Google
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: Google
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: 1Click Downloader = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\
    CHR - Extension: Skype Click to Call = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
    CHR - Extension: Vid-Saver = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.17.19_0\

    O1 HOSTS File: ([2009/06/10 18:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)
    O4:64bit: - HKLM..\Run: [LXDDCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXDDtime.DLL (Lexmark International, Inc.)
    O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Bell Canada Connection Manager] C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe (Bell)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEFFE044-84AE-41F2-8113-71C4DA3FE783}: DhcpNameServer = 207.231.231.254 206.47.201.246
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{0adc025c-4a4d-11e2-8a19-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{0adc025c-4a4d-11e2-8a19-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O33 - MountPoints2\{c8fdbce7-ebdf-11e1-9b7a-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{c8fdbce7-ebdf-11e1-9b7a-00262d77aecf}\Shell\AutoRun\command - "" = F:\AutoLaunch.exe
    O33 - MountPoints2\{d611254c-d779-11e1-b968-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d611254c-d779-11e1-b968-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{d6112564-d779-11e1-b968-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d6112564-d779-11e1-b968-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{d9fc5746-dceb-11e1-9681-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9fc5746-dceb-11e1-9681-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O33 - MountPoints2\{d9fc57cb-dceb-11e1-9681-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9fc57cb-dceb-11e1-9681-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/16 20:32:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\reg\Desktop\OTL.exe
    [2013/03/16 07:06:02 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\reg\Desktop\JRT.exe
    [2013/03/16 07:00:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/03/16 06:58:48 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/03/15 21:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2013/03/15 19:45:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 19:43:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/14 00:16:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/03/14 00:16:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/03/14 00:16:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/03/14 00:16:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/03/14 00:16:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/03/14 00:16:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/03/14 00:16:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/03/14 00:16:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/03/14 00:16:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/03/14 00:16:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/03/14 00:16:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/03/14 00:16:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/03/14 00:16:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/03/14 00:16:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/03/14 00:16:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/03/12 20:43:53 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/03/12 19:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/12 19:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/12 19:11:19 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Programs
    [2013/03/12 17:58:35 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SUPERAntiSpyware.com
    [2013/03/12 17:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/03/12 17:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/03/12 17:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/03/12 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
    [2013/03/12 09:38:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\My Vaults
    [2013/03/12 00:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\microsoft
    [2013/03/11 13:51:55 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
    [2013/03/11 13:51:53 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2013/03/11 13:47:33 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Proxure
    [2013/03/11 13:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
    [2013/03/08 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\{7A8D5F58-A3ED-4713-8AE8-F952200797EB}
    [2013/03/07 00:01:20 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/03/07 00:01:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/03/07 00:01:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/03/07 00:01:10 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/03/07 00:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/03/01 20:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/03/01 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/03/01 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2013/02/27 22:32:51 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/02/27 22:32:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/02/27 22:32:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/02/27 22:32:51 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/02/27 22:32:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/02/27 22:32:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/02/27 22:32:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/02/27 22:32:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/02/27 22:32:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/27 22:32:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/27 22:32:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/27 22:32:43 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/27 22:32:42 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/02/27 22:32:42 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/02/27 22:32:42 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/02/27 22:32:42 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/02/27 22:32:42 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/02/27 22:32:42 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/02/27 22:32:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/02/27 22:32:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/27 22:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/27 22:32:41 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/02/27 22:32:41 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/02/27 22:32:41 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/02/27 22:32:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/02/27 22:32:41 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/02/27 22:32:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/02/27 22:32:41 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/02/27 12:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
    [2013/02/21 23:23:00 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 23:13:20 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
    [2013/02/19 16:37:03 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Apps

    ========== Files - Modified Within 30 Days ==========

    [2013/03/16 20:32:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\reg\Desktop\OTL.exe
    [2013/03/16 20:30:06 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/16 20:30:06 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/16 20:28:46 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/16 20:28:46 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/16 20:28:46 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/16 20:27:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/16 20:22:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/16 20:22:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/03/16 20:21:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/16 20:21:48 | 3165,327,360 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/16 15:51:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/16 07:06:07 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\reg\Desktop\JRT.exe
    [2013/03/16 07:05:31 | 000,890,798 | ---- | M] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 20:18:23 | 487,434,356 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 19:47:12 | 000,377,856 | ---- | M] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/15 19:45:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 19:43:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/15 17:58:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/12 21:55:05 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/03/12 21:55:05 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/03/12 19:17:25 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/12 19:11:37 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 17:58:30 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 15:56:24 | 000,000,000 | ---- | M] () -- C:\END
    [2013/03/12 15:55:25 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 14:11:31 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 13:47:58 | 000,000,288 | ---- | M] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/07 00:01:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/03/07 00:01:04 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/03/07 00:01:04 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/03/07 00:01:04 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/03/07 00:01:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/03/07 00:01:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/03/06 16:21:39 | 000,424,807 | ---- | M] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2013/03/06 09:50:44 | 000,000,240 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
    [2013/02/21 23:23:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 23:13:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

    ========== Files Created - No Company Name ==========

    [2013/03/16 07:05:30 | 000,890,798 | ---- | C] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 20:18:23 | 487,434,356 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 19:47:12 | 000,377,856 | ---- | C] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/12 19:11:37 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 17:58:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/12 17:58:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/12 17:58:30 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 15:55:25 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 15:54:41 | 000,000,000 | ---- | C] () -- C:\END
    [2013/03/12 14:11:31 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 13:47:58 | 000,000,288 | ---- | C] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/06 16:21:35 | 000,424,807 | ---- | C] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2012/12/03 13:04:04 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
    [2012/12/03 13:04:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
    [2012/12/03 13:03:56 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
    [2012/12/03 13:03:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
    [2012/12/03 13:03:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
    [2012/12/03 13:03:32 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
    [2012/12/03 13:03:31 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
    [2012/12/03 13:03:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
    [2012/12/03 13:03:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe
    [2012/12/03 13:03:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
    [2012/12/03 13:03:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
    [2012/12/03 13:03:21 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe
    [2012/12/03 13:03:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
    [2012/12/03 13:03:18 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe
    [2012/12/03 13:03:14 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
    [2012/12/03 13:03:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
    [2012/12/03 13:03:12 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe
    [2012/11/11 13:50:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/03/08 09:27:00 | 000,163,642 | ---- | C] () -- C:\ProgramData\1331207614.bdinstall.bin
    [2012/02/29 14:04:07 | 001,141,571 | ---- | C] () -- C:\ProgramData\1330519166.bdinstall.bin
    [2012/02/29 10:05:52 | 000,291,462 | ---- | C] () -- C:\ProgramData\1330517945.bdinstall.bin
    [2012/02/28 21:26:31 | 000,000,783 | ---- | C] () -- C:\ProgramData\1330473362.4432.bin
    [2012/02/28 21:26:10 | 000,006,245 | ---- | C] () -- C:\ProgramData\1330473362.3960.bin
    [2012/02/28 21:26:08 | 001,402,986 | ---- | C] () -- C:\ProgramData\1330473362.5092.bin
    [2012/02/28 21:26:08 | 000,010,196 | ---- | C] () -- C:\ProgramData\1330473362.5088.bin
    [2012/02/28 21:26:08 | 000,001,698 | ---- | C] () -- C:\ProgramData\1330473362.5096.bin
    [2012/02/28 21:26:08 | 000,000,739 | ---- | C] () -- C:\ProgramData\1330473362.5100.bin
    [2012/02/28 21:26:05 | 001,486,683 | ---- | C] () -- C:\ProgramData\1330473362.5064.bin
    [2012/02/28 21:26:03 | 000,005,716 | ---- | C] () -- C:\ProgramData\1330473362.5052.bin
    [2012/02/28 21:26:02 | 000,043,876 | ---- | C] () -- C:\ProgramData\1330473362.4952.bin
    [2012/02/28 20:55:08 | 000,029,203 | ---- | C] () -- C:\ProgramData\1330470337.1300.bin
    [2012/02/28 20:36:02 | 000,032,372 | ---- | C] () -- C:\ProgramData\1330470337.924.bin
    [2012/02/28 20:36:01 | 000,006,242 | ---- | C] () -- C:\ProgramData\1330470337.4824.bin
    [2012/02/28 20:35:46 | 000,010,165 | ---- | C] () -- C:\ProgramData\1330470337.4980.bin
    [2012/02/28 20:35:46 | 000,004,337 | ---- | C] () -- C:\ProgramData\1330470337.3800.bin
    [2012/02/28 20:35:46 | 000,001,815 | ---- | C] () -- C:\ProgramData\1330470337.364.bin
    [2012/02/28 20:35:46 | 000,001,783 | ---- | C] () -- C:\ProgramData\1330470337.3124.bin
    [2012/02/28 20:35:39 | 000,110,265 | ---- | C] () -- C:\ProgramData\1330470337.2488.bin
    [2012/02/28 20:35:38 | 000,009,029 | ---- | C] () -- C:\ProgramData\1330470337.1208.bin
    [2012/02/28 20:35:37 | 000,049,543 | ---- | C] () -- C:\ProgramData\1330470337.1652.bin
    [2011/11/17 20:33:10 | 000,006,656 | ---- | C] () -- C:\Users\reg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/08 14:05:21 | 000,000,229 | ---- | C] () -- C:\ProgramData\settings.xml
    [2011/07/06 23:08:45 | 000,001,207 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/05 20:48:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/06/04 23:32:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2011/05/06 12:51:24 | 000,000,208 | ---- | C] () -- C:\Users\reg\AppData\Roaming\wklnhst.dat
    [2011/05/02 20:25:49 | 000,706,526 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/05/02 14:22:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2011/05/02 14:22:27 | 000,001,542 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2011/05/02 12:38:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2011/05/02 12:38:02 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2011/05/02 12:38:02 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
    [2010/07/08 14:07:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 02:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 03:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/06/14 04:19:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\4 Friends Games
    [2012/06/26 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    [2012/02/19 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Alawar Stargaze
    [2012/06/19 04:51:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\AlawarEntertainment
    [2012/02/06 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Amaranth Games
    [2012/04/16 22:22:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Anarchy
    [2012/06/26 06:54:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artifex Mundi
    [2012/04/09 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artogon
    [2011/08/09 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Awem
    [2012/09/28 19:35:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Azureus
    [2012/03/08 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Bitdefender
    [2011/12/01 11:22:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\BlamGames
    [2012/11/19 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Blue Tea Games
    [2012/01/23 10:06:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boolat Games
    [2011/12/04 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boomzap
    [2011/09/16 11:38:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\casualArts
    [2011/12/07 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\cerasus.media
    [2012/11/23 16:28:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DAEMON Tools Lite
    [2012/10/12 14:12:35 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DailyMagic
    [2012/04/09 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Dark Blue Games
    [2011/11/16 14:06:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DarkParablesBriarRoseSE_BFG
    [2012/01/31 16:50:00 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Deep Shadows
    [2011/11/30 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DieselPuppet
    [2012/06/17 18:52:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Eipix
    [2012/01/30 10:40:11 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\EleFun Games
    [2013/01/29 17:41:18 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Elephant Games
    [2013/02/12 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ERS Game Studios
    [2012/08/10 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ExpressFiles
    [2011/11/10 16:28:12 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Fenomen Games
    [2012/06/26 11:40:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Freeze Tag
    [2012/04/16 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Friday's games
    [2011/11/10 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Frogwares
    [2012/05/20 16:23:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameDevo
    [2012/04/09 17:03:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameInvest
    [2012/04/20 18:34:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameMill Entertainment
    [2012/09/30 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GlarySoft
    [2012/12/20 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HdO Adventure
    [2011/10/13 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HitPoint Studios
    [2012/11/11 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Iroz Games
    [2012/05/05 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lazy Turtle Games
    [2012/12/03 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lexmark Imaging Studio
    [2012/06/17 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Mad Head Games
    [2012/01/23 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MagicIndie
    [2012/06/25 06:01:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MediaArt
    [2012/06/25 05:01:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Meridian93
    [2012/06/26 07:40:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Orneon
    [2012/12/20 17:34:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PacificPoker
    [2011/09/19 14:50:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Phantasmat_spintop_ce
    [2011/12/08 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFavoriteGames
    [2011/11/16 14:21:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFirst
    [2012/04/20 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayPond
    [2012/01/29 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\quickclick
    [2011/05/02 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\QuickScan
    [2011/11/08 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Red Dot
    [2012/12/14 19:47:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Rovio
    [2013/03/11 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2011/11/17 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Shareaza
    [2012/08/02 19:40:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Sierra Wireless
    [2012/06/21 15:59:17 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Silverback Productions
    [2011/07/28 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Skunk Studios
    [2011/11/07 16:42:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SMIGames
    [2012/07/16 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Specialbit
    [2011/09/19 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SpinTop
    [2011/07/27 20:25:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SulusGames
    [2012/05/07 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\tabagames
    [2011/06/06 12:14:23 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Template
    [2012/11/11 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ThreeDays2
    [2012/11/11 22:49:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\TitanicMystery
    [2011/05/06 00:25:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Trusteer
    [2012/01/29 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vast Studios
    [2011/11/11 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\VendelGAMES
    [2011/12/04 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vogat Interactive
    [2012/10/01 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\WildTangent
    [2013/01/25 00:44:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Windows Live Writer
    [2012/06/14 05:19:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\World-LooM
    [2012/01/30 15:48:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/02/28 18:51:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    [2012/02/28 18:51:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B1381B34
    @Alternate Data Stream - 250 bytes -> C:\ProgramData\Temp:37C279BE
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:EDDBC69E
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:8075370B
    @Alternate Data Stream - 16 bytes -> C:\Users\reg\Downloads:Shareaza.GUID
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:84C34762
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:319D783D
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:4244811A
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9BB8C675
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E40AB54F
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:98CF1A39
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:ED2D63E4
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AABECEFB
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:A819A132
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9195103F
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6CF828C2
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1604D047
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:14B2E0BD
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8E11CC80
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:754E278B
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:371060CE
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:18B5F839
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:7BE5BAAB
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:27A88EF2
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp026A5A4
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:CB8C8B5D
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FB71A279
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E402E439
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C37283B5
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C178954A
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:8AE92FD3
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1E2D49E0
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:18DEBC51
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:12D21A9A
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F5B51004
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp6D084A5
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:823606DE
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6294B369
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AD020DC3
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0BACBDD9
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F68CB1A4
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:041ED421
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:BF6A2C54
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:53DF59D1
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3EC5BC08
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E87AB4E3
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5E73E1C2
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2A874675
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EE198B1F
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E40D7F76
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C0BCE04B
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B4258C5D
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A5584049
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:762408BA
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2AD33723
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:18A25CF1
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FCBEDCFD
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:587F3582
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1416AAA6
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:114C90CA
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:98CD9221
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:887F3A41
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6896CCCE
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ED0B32CA
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TempBC3D477
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A9056F42
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A6F30843
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:9F3CEEE6
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6E2D80C8
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5133A494
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2AE74FF9
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0F64164E
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:092BD83A
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CC141B05
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A8185163
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:943971F5
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6ECE93A8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5FC043A8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2B40A7DB
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TempC7EDF41
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:952245B1
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CD3F344
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:398EFF0F
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:31C9BA96
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:27974442
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F156EE59
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EE2DD6CC
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:58E38390
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:28DFF83F
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FDEE14AC
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9E05DEB0
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:43CBFAB2
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3C4BD225
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:852F2262
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:834DD57E
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:4C9782FB
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:206470A5
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:35501BA4
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F26F5952
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C6920A5D
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BEE39E9B
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A798AA1A
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:12258D63
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C370B84F
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:90C320E1
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5520ED93
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:26499772
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F2D66591
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1E942FB9
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6A0A47E7
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5ECEFF17
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1A15E356
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:927EC486
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2D2461E7
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:1B96CF22
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BBC9C1EB
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:65137F0D
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5084131D
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BEF18713
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:72A1B66A
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5A9F1AE5
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5496666
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8029E75F
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:1ECED34B
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:13CDB0E0
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A6D89509
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:4EFA2FC7
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BCFEA004
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4241298
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp226A81A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TempBEF355E

    < End of report >

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Please rescan with AdwCleaner.
    Double-click AdwCleaner.exe to run the tool.
    Click Delete.
    Everything that was found will be deleted.
    Save and open files and approve the reboot. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.

    Next

    We need to run a fix using OTL.

    Warning This fix is only relevant for this system and no other, using on another computer may cause problems

    Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following text in the code box, do not include the word "code"

    Code:
    :OTL
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=114162&tt=3412_4&babsrc=SP_iclro&mntrId=9473a8530000000000000017c4d84cc0
    FF - prefs.js..browser.search.defaultenginename: "Claro Search"
    FF - prefs.js..browser.search.selectedEngine: "Claro Search"
    FF - prefs.js..browser.search.order.1: "Claro Search"
    FF - prefs.js..browser.startup.homepage: "http://isearch.claro-search.com/?affID=114162&tt=3412_4&babsrc=HP_iclro&mntrId=9473a8530000000000000017c4d84cc0"
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{0adc025c-4a4d-11e2-8a19-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O33 - MountPoints2\{c8fdbce7-ebdf-11e1-9b7a-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{c8fdbce7-ebdf-11e1-9b7a-00262d77aecf}\Shell\AutoRun\command - "" = F:\AutoLaunch.exe
    O33 - MountPoints2\{d611254c-d779-11e1-b968-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d611254c-d779-11e1-b968-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{d6112564-d779-11e1-b968-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d6112564-d779-11e1-b968-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{d9fc5746-dceb-11e1-9681-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9fc5746-dceb-11e1-9681-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    O33 - MountPoints2\{d9fc57cb-dceb-11e1-9681-00262d77aecf}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9fc57cb-dceb-11e1-9681-00262d77aecf}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe
    [2012/02/28 18:51:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    [2012/02/28 18:51:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B1381B34
    @Alternate Data Stream - 250 bytes -> C:\ProgramData\Temp:37C279BE
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:EDDBC69E
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:8075370B
    @Alternate Data Stream - 16 bytes -> C:\Users\reg\Downloads:Shareaza.GUID
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:84C34762
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:319D783D
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:4244811A
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9BB8C675
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E40AB54F
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:98CF1A39
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:ED2D63E4
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AABECEFB
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:A819A132
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9195103F
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:6CF828C2
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1604D047
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:14B2E0BD
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8E11CC80
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:754E278B
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:371060CE
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:18B5F839
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:7BE5BAAB
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:27A88EF2
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp026A5A4
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:CB8C8B5D
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FB71A279
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E402E439
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C37283B5
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C178954A
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:8AE92FD3
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1E2D49E0
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:18DEBC51
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:12D21A9A
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F5B51004
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp6D084A5
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:823606DE
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6294B369
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AD020DC3
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0BACBDD9
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F68CB1A4
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:041ED421
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:BF6A2C54
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:53DF59D1
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3EC5BC08
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E87AB4E3
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5E73E1C2
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2A874675
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EE198B1F
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E40D7F76
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C0BCE04B
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B4258C5D
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A5584049
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:762408BA
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2AD33723
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:18A25CF1
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FCBEDCFD
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:587F3582
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1416AAA6
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:114C90CA
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:98CD9221
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:887F3A41
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6896CCCE
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ED0B32CA
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TempBC3D477
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A9056F42
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A6F30843
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:9F3CEEE6
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6E2D80C8
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5133A494
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2AE74FF9
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0F64164E
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:092BD83A
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CC141B05
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A8185163
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:943971F5
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6ECE93A8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5FC043A8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2B40A7DB
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TempC7EDF41
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:952245B1
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CD3F344
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:398EFF0F
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:31C9BA96
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:27974442
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F156EE59
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EE2DD6CC
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:58E38390
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:28DFF83F
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FDEE14AC
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9E05DEB0
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:43CBFAB2
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3C4BD225
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:852F2262
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:834DD57E
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:4C9782FB
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:206470A5
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:35501BA4
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F26F5952
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C6920A5D
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BEE39E9B
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A798AA1A
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:12258D63
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C370B84F
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:90C320E1
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5520ED93
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:26499772
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F2D66591
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1E942FB9
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6A0A47E7
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5ECEFF17
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1A15E356
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:927EC486
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2D2461E7
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:1B96CF22
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BBC9C1EB
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:65137F0D
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5084131D
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BEF18713
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:72A1B66A
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5A9F1AE5
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5496666
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8029E75F
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:1ECED34B
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:13CDB0E0
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A6D89509
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:4EFA2FC7
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BCFEA004
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4241298
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp226A81A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TempBEF355E
    
    :COMMANDS
    [EMPTYTEMP]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


    In your next reply please post:
    • AdwCleaner log
    • The otl fix log.
    Last edited by zep516; 03-18-2013 at 07:55 PM.

  7. #7
    Member
    Join Date
    Mar 2013
    Posts
    9
    Points
    0

    Default

    Hi, sorry for the delay in getting back to you,but been busy. I did the AdwCleaner log,but i didnt save it when i did the OTL,so i couldnt find it afterwards and so i ran it again after doing the OTL. Does it matter if i done it that way? Also, when i ran OTL, my anti-virus picked up on it and deleted it off my desktop or done something to it as i had to download it again to do the quick scan.Here are the logs.

    # AdwCleaner v2.115 - Logfile created 03/18/2013 at 20:12:11
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : reg - REG-PC
    # Boot Mode : Normal
    # Running from : C:\Users\reg\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Registry is clean.

    -\\ Mozilla Firefox v11.0 (en-US)

    File : C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [13418 octets] - [16/03/2013 06:53:58]
    AdwCleaner[R2].txt - [12060 octets] - [18/03/2013 19:27:45]
    AdwCleaner[R3].txt - [1051 octets] - [18/03/2013 20:12:11]
    AdwCleaner[S1].txt - [12306 octets] - [18/03/2013 19:28:06]

    ########## EOF - C:\AdwCleaner[R3].txt - [1172 octets] ##########

    OTL logfile created on: 18/03/2013 7:55:13 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\reg\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 55.56% Memory free
    9.82 Gb Paging File | 7.60 Gb Available in Paging File | 77.41% Paging File free
    Paging file location(s): c:\pagefile.sys 6036 6036 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 227.69 Gb Free Space | 79.54% Space Free | Partition Type: NTFS

    Computer Name: REG-PC | User Name: reg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\reg\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe (Bell)
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
    PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe (Sierra Wireless, Inc.)
    PRC - C:\Windows\PLFSetI.exe ()
    PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\Users\reg\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll ()
    MOD - C:\Program Files (x86)\Bell\Mobile Connect\SMVPNEngine.dll ()
    MOD - C:\Program Files (x86)\Bell\Mobile Connect\Pac.dll ()
    MOD - C:\Program Files (x86)\Bell\Mobile Connect\Eap.dll ()
    MOD - C:\Windows\PLFSetI.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
    SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
    SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
    SRV:64bit: - (lxdd_device) -- C:\Windows\SysNative\lxddcoms.exe ( )
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (BellCanadaRcAppSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
    SRV - (ProfileImpSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe (SmithMicro Inc.)
    SRV - (CABellCanada) -- C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
    SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\SwiCardDetect64.exe (Sierra Wireless, Inc.)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe (Novatel Wireless Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
    SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (lxdd_device) -- C:\Windows\SysWOW64\lxddcoms.exe ( )


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
    DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
    DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (bdsandbox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
    DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
    DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
    DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
    DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
    DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
    DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (swg3kser00) -- C:\Windows\SysNative\drivers\swg3kser00.sys (Sierra Wireless Incorporated)
    DRV:64bit: - (SWNC8UA3) -- C:\Windows\SysNative\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
    DRV:64bit: - (swiwdmbx) -- C:\Windows\SysNative\drivers\swiwdmbx64.sys (Sierra Wireless Inc.)
    DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
    DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
    DRV:64bit: - (ss_bus) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
    DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA430
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

    [2012/03/17 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Extensions
    [2013/03/18 19:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions
    [2012/05/21 01:43:59 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi

    ========== Chrome ==========

    CHR - homepage: Google
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: Google
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Skype Click to Call = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
    CHR - Extension: Vid-Saver = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.17.19_0\

    O1 HOSTS File: ([2009/06/10 18:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)
    O4:64bit: - HKLM..\Run: [LXDDCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXDDtime.DLL (Lexmark International, Inc.)
    O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Bell Canada Connection Manager] C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe (Bell)
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 70.28.245.227 184.151.118.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEFFE044-84AE-41F2-8113-71C4DA3FE783}: DhcpNameServer = 70.28.245.227 184.151.118.254
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/18 19:35:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/03/17 13:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imikimi
    [2013/03/16 07:06:02 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\reg\Desktop\JRT.exe
    [2013/03/16 07:00:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/03/16 06:58:48 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/03/15 21:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2013/03/15 19:45:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 19:43:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/12 19:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/12 19:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/12 19:11:19 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Programs
    [2013/03/12 17:58:35 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SUPERAntiSpyware.com
    [2013/03/12 17:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/03/12 17:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/03/12 17:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/03/12 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
    [2013/03/12 09:38:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\My Vaults
    [2013/03/12 00:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\microsoft
    [2013/03/11 13:51:55 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
    [2013/03/11 13:51:53 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2013/03/11 13:47:33 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Proxure
    [2013/03/11 13:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
    [2013/03/08 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\{7A8D5F58-A3ED-4713-8AE8-F952200797EB}
    [2013/03/07 00:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/03/01 20:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/03/01 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/03/01 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2013/02/21 23:23:00 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 23:13:20 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
    [2013/02/19 16:37:03 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Apps

    ========== Files - Modified Within 30 Days ==========

    [2013/03/18 19:51:01 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/18 19:51:01 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/18 19:50:38 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/18 19:50:38 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/18 19:50:38 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/18 19:43:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/18 19:43:00 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/03/18 19:42:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/18 19:42:19 | 3165,327,360 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/18 19:27:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/17 17:58:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/17 17:51:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/17 08:28:02 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/16 07:06:07 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\reg\Desktop\JRT.exe
    [2013/03/16 07:05:31 | 000,890,798 | ---- | M] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 20:18:23 | 487,434,356 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 19:47:12 | 000,377,856 | ---- | M] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/15 19:45:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 19:43:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/12 19:11:37 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 17:58:30 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 15:55:25 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 14:11:31 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 13:47:58 | 000,000,288 | ---- | M] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/06 16:21:39 | 000,424,807 | ---- | M] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2013/03/06 09:50:44 | 000,000,240 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
    [2013/02/21 23:23:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 23:13:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

    ========== Files Created - No Company Name ==========

    [2013/03/16 07:05:30 | 000,890,798 | ---- | C] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 20:18:23 | 487,434,356 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 19:47:12 | 000,377,856 | ---- | C] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/12 19:11:37 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 17:58:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/12 17:58:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/12 17:58:30 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 15:55:25 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 14:11:31 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 13:47:58 | 000,000,288 | ---- | C] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/06 16:21:35 | 000,424,807 | ---- | C] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2012/12/03 13:04:04 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
    [2012/12/03 13:04:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
    [2012/12/03 13:03:56 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
    [2012/12/03 13:03:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
    [2012/12/03 13:03:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
    [2012/12/03 13:03:32 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
    [2012/12/03 13:03:31 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
    [2012/12/03 13:03:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
    [2012/12/03 13:03:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe
    [2012/12/03 13:03:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
    [2012/12/03 13:03:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
    [2012/12/03 13:03:21 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe
    [2012/12/03 13:03:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
    [2012/12/03 13:03:18 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe
    [2012/12/03 13:03:14 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
    [2012/12/03 13:03:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
    [2012/12/03 13:03:12 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe
    [2012/11/11 13:50:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/03/08 09:27:00 | 000,163,642 | ---- | C] () -- C:\ProgramData\1331207614.bdinstall.bin
    [2012/02/29 14:04:07 | 001,141,571 | ---- | C] () -- C:\ProgramData\1330519166.bdinstall.bin
    [2012/02/29 10:05:52 | 000,291,462 | ---- | C] () -- C:\ProgramData\1330517945.bdinstall.bin
    [2012/02/28 21:26:31 | 000,000,783 | ---- | C] () -- C:\ProgramData\1330473362.4432.bin
    [2012/02/28 21:26:10 | 000,006,245 | ---- | C] () -- C:\ProgramData\1330473362.3960.bin
    [2012/02/28 21:26:08 | 001,402,986 | ---- | C] () -- C:\ProgramData\1330473362.5092.bin
    [2012/02/28 21:26:08 | 000,010,196 | ---- | C] () -- C:\ProgramData\1330473362.5088.bin
    [2012/02/28 21:26:08 | 000,001,698 | ---- | C] () -- C:\ProgramData\1330473362.5096.bin
    [2012/02/28 21:26:08 | 000,000,739 | ---- | C] () -- C:\ProgramData\1330473362.5100.bin
    [2012/02/28 21:26:05 | 001,486,683 | ---- | C] () -- C:\ProgramData\1330473362.5064.bin
    [2012/02/28 21:26:03 | 000,005,716 | ---- | C] () -- C:\ProgramData\1330473362.5052.bin
    [2012/02/28 21:26:02 | 000,043,876 | ---- | C] () -- C:\ProgramData\1330473362.4952.bin
    [2012/02/28 20:55:08 | 000,029,203 | ---- | C] () -- C:\ProgramData\1330470337.1300.bin
    [2012/02/28 20:36:02 | 000,032,372 | ---- | C] () -- C:\ProgramData\1330470337.924.bin
    [2012/02/28 20:36:01 | 000,006,242 | ---- | C] () -- C:\ProgramData\1330470337.4824.bin
    [2012/02/28 20:35:46 | 000,010,165 | ---- | C] () -- C:\ProgramData\1330470337.4980.bin
    [2012/02/28 20:35:46 | 000,004,337 | ---- | C] () -- C:\ProgramData\1330470337.3800.bin
    [2012/02/28 20:35:46 | 000,001,815 | ---- | C] () -- C:\ProgramData\1330470337.364.bin
    [2012/02/28 20:35:46 | 000,001,783 | ---- | C] () -- C:\ProgramData\1330470337.3124.bin
    [2012/02/28 20:35:39 | 000,110,265 | ---- | C] () -- C:\ProgramData\1330470337.2488.bin
    [2012/02/28 20:35:38 | 000,009,029 | ---- | C] () -- C:\ProgramData\1330470337.1208.bin
    [2012/02/28 20:35:37 | 000,049,543 | ---- | C] () -- C:\ProgramData\1330470337.1652.bin
    [2011/11/17 20:33:10 | 000,006,656 | ---- | C] () -- C:\Users\reg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/08 14:05:21 | 000,000,229 | ---- | C] () -- C:\ProgramData\settings.xml
    [2011/07/06 23:08:45 | 000,001,207 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/05 20:48:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/06/04 23:32:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2011/05/06 12:51:24 | 000,000,208 | ---- | C] () -- C:\Users\reg\AppData\Roaming\wklnhst.dat
    [2011/05/02 20:25:49 | 000,706,526 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/05/02 14:22:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2011/05/02 14:22:27 | 000,001,542 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2011/05/02 12:38:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2011/05/02 12:38:02 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2011/05/02 12:38:02 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
    [2010/07/08 14:07:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 02:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 03:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/06/14 04:19:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\4 Friends Games
    [2012/06/26 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    [2012/02/19 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Alawar Stargaze
    [2012/06/19 04:51:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\AlawarEntertainment
    [2012/02/06 10:30:02 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Amaranth Games
    [2012/04/16 22:22:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Anarchy
    [2012/06/26 06:54:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artifex Mundi
    [2012/04/09 16:31:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artogon
    [2011/08/09 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Awem
    [2012/09/28 19:35:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Azureus
    [2012/03/08 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Bitdefender
    [2011/12/01 11:22:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\BlamGames
    [2012/11/19 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Blue Tea Games
    [2012/01/23 10:06:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boolat Games
    [2011/12/04 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boomzap
    [2011/09/16 11:38:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\casualArts
    [2011/12/07 15:03:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\cerasus.media
    [2012/11/23 16:28:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DAEMON Tools Lite
    [2012/10/12 14:12:35 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DailyMagic
    [2012/04/09 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Dark Blue Games
    [2011/11/16 14:06:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DarkParablesBriarRoseSE_BFG
    [2012/01/31 16:50:00 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Deep Shadows
    [2011/11/30 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DieselPuppet
    [2012/06/17 18:52:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Eipix
    [2012/01/30 10:40:11 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\EleFun Games
    [2013/01/29 17:41:18 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Elephant Games
    [2013/02/12 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ERS Game Studios
    [2012/08/10 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ExpressFiles
    [2011/11/10 16:28:12 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Fenomen Games
    [2012/06/26 11:40:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Freeze Tag
    [2012/04/16 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Friday's games
    [2011/11/10 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Frogwares
    [2012/05/20 16:23:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameDevo
    [2012/04/09 17:03:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameInvest
    [2012/04/20 18:34:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameMill Entertainment
    [2012/09/30 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GlarySoft
    [2012/12/20 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HdO Adventure
    [2011/10/13 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HitPoint Studios
    [2012/11/11 13:51:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Iroz Games
    [2012/05/05 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lazy Turtle Games
    [2012/12/03 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lexmark Imaging Studio
    [2012/06/17 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Mad Head Games
    [2012/01/23 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MagicIndie
    [2012/06/25 06:01:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MediaArt
    [2012/06/25 05:01:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Meridian93
    [2012/06/26 07:40:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Orneon
    [2012/12/20 17:34:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PacificPoker
    [2011/09/19 14:50:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Phantasmat_spintop_ce
    [2011/12/08 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFavoriteGames
    [2011/11/16 14:21:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFirst
    [2012/04/20 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayPond
    [2012/01/29 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\quickclick
    [2011/05/02 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\QuickScan
    [2011/11/08 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Red Dot
    [2012/12/14 19:47:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Rovio
    [2013/03/11 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2011/11/17 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Shareaza
    [2012/08/02 19:40:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Sierra Wireless
    [2012/06/21 15:59:17 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Silverback Productions
    [2011/07/28 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Skunk Studios
    [2011/11/07 16:42:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SMIGames
    [2012/07/16 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Specialbit
    [2011/09/19 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SpinTop
    [2011/07/27 20:25:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SulusGames
    [2012/05/07 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\tabagames
    [2011/06/06 12:14:23 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Template
    [2012/11/11 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ThreeDays2
    [2012/11/11 22:49:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\TitanicMystery
    [2011/05/06 00:25:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Trusteer
    [2012/01/29 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vast Studios
    [2011/11/11 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\VendelGAMES
    [2011/12/04 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vogat Interactive
    [2012/10/01 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\WildTangent
    [2013/01/25 00:44:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Windows Live Writer
    [2012/06/14 05:19:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\World-LooM
    [2012/01/30 15:48:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 16 bytes -> C:\Users\reg\Downloads:Shareaza.GUID
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp026A5A4
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp6D084A5
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TempBC3D477
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TempC7EDF41
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp226A81A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TempBEF355E

    < End of report >

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Thanks good enough,

    Some left overs so we run another fix to get rid of it.

    Next

    We need to run a fix using OTL.

    Warning This fix is only relevant for this system and no other, using on another computer may cause problems

    Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following text in the code box, do not include the word "code"

    Code:
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    @Alternate Data Stream - 16 bytes -> C:\Users\reg\Downloads:Shareaza.GUID
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp026A5A4
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp6D084A5
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TempBC3D477
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TempC7EDF41
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp226A81A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TempBEF355E
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    [2013/03/16 07:06:02 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\reg\Desktop\JRT.exe
    [2013/03/16 06:58:48 | 000,000,000 | ---D | C] -- C:\JRT
    
    :COMMANDS
    [reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


    Next

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\
    • Copy and paste that log as a reply to this topic.
    • Now click on: (Selecting Uninstall application on close if you so wish)



    In your next reply please post:
    • EsetOnlineScanner\log.txt
    • Tell me how the computer is running

  9. #9
    Member
    Join Date
    Mar 2013
    Posts
    9
    Points
    0

    Default

    Here is the OTL log. I will do the EsetOnline Scanner now and post the results when i get them.

    OTL logfile created on: 18/03/2013 6:37:55 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\reg\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.84% Memory free
    9.82 Gb Paging File | 7.87 Gb Available in Paging File | 80.10% Paging File free
    Paging file location(s): c:\pagefile.sys 6036 6036 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.27 Gb Total Space | 227.67 Gb Free Space | 79.53% Space Free | Partition Type: NTFS

    Computer Name: REG-PC | User Name: reg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\reg\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (Express Files)
    PRC - C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe (Bell)
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
    PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    PRC - C:\Program Files (x86)\Bell\Mobile Connect\SwiApiMuxX.exe (Sierra Wireless, Inc.)
    PRC - C:\Windows\PLFSetI.exe ()
    PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\Users\reg\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll ()
    MOD - C:\Program Files (x86)\Bell\Mobile Connect\SMVPNEngine.dll ()
    MOD - C:\Program Files (x86)\Bell\Mobile Connect\Pac.dll ()
    MOD - C:\Program Files (x86)\Bell\Mobile Connect\Eap.dll ()
    MOD - C:\Windows\PLFSetI.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll ()
    MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
    SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
    SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
    SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
    SRV:64bit: - (lxdd_device) -- C:\Windows\SysNative\lxddcoms.exe ( )
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (BellCanadaRcAppSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
    SRV - (ProfileImpSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe (SmithMicro Inc.)
    SRV - (CABellCanada) -- C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
    SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
    SRV - (SwiCardDetectSvc) -- C:\Program Files (x86)\Bell\Mobile Connect\SwiCardDetect64.exe (Sierra Wireless, Inc.)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (NWHelper) -- C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe (Novatel Wireless Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
    SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
    SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (lxdd_device) -- C:\Windows\SysWOW64\lxddcoms.exe ( )


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
    DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
    DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (bdsandbox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
    DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
    DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
    DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
    DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
    DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
    DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (swg3kser00) -- C:\Windows\SysNative\drivers\swg3kser00.sys (Sierra Wireless Incorporated)
    DRV:64bit: - (SWNC8UA3) -- C:\Windows\SysNative\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
    DRV:64bit: - (swiwdmbx) -- C:\Windows\SysNative\drivers\swiwdmbx64.sys (Sierra Wireless Inc.)
    DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.sys (Smith Micro Inc.)
    DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
    DRV:64bit: - (ss_bus) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
    DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA430
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

    [2012/03/17 16:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Extensions
    [2013/03/18 15:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions
    [2012/05/20 22:13:59 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\reg\AppData\Roaming\Mozilla\Firefox\Profiles\vaxfqvog.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi

    ========== Chrome ==========

    CHR - homepage: Google
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: Google
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Skype Click to Call = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
    CHR - Extension: Vid-Saver = C:\Users\reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.17.19_0\

    O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe (Lexmark)
    O4:64bit: - HKLM..\Run: [LXDDCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXDDtime.DLL (Lexmark International, Inc.)
    O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Bell Canada Connection Manager] C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe (Bell)
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\reg\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Phantasmat/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 70.28.245.227 184.151.118.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEFFE044-84AE-41F2-8113-71C4DA3FE783}: DhcpNameServer = 70.28.245.227 184.151.118.254
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/18 16:05:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/03/17 10:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imikimi
    [2013/03/16 03:30:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/03/15 18:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2013/03/15 16:15:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 16:13:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/12 15:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/12 15:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/12 15:41:19 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Programs
    [2013/03/12 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SUPERAntiSpyware.com
    [2013/03/12 14:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/03/12 14:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/03/12 14:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/03/12 12:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
    [2013/03/12 06:08:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\My Vaults
    [2013/03/11 21:27:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\microsoft
    [2013/03/11 10:21:55 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
    [2013/03/11 10:21:53 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 10:20:24 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2013/03/11 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Proxure
    [2013/03/11 10:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
    [2013/03/08 19:02:42 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\{7A8D5F58-A3ED-4713-8AE8-F952200797EB}
    [2013/03/06 20:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/03/01 17:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/03/01 17:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013/03/01 17:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2013/02/21 19:53:00 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 19:43:20 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
    [2013/02/19 13:07:03 | 000,000,000 | ---D | C] -- C:\Users\reg\AppData\Local\Apps

    ========== Files - Modified Within 30 Days ==========

    [2013/03/18 18:42:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/18 18:42:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/18 18:41:48 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/18 18:41:48 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/18 18:41:48 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/18 18:34:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/18 18:34:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/03/18 18:33:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/18 18:33:48 | 3165,327,360 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/18 16:41:49 | 000,609,993 | ---- | M] () -- C:\Users\reg\Desktop\adwcleaner.exe
    [2013/03/18 15:57:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/17 14:28:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/17 14:21:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/17 04:58:02 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/16 03:35:31 | 000,890,798 | ---- | M] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 16:48:23 | 487,434,356 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 16:17:12 | 000,377,856 | ---- | M] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/15 16:15:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\reg\Desktop\dds.scr
    [2013/03/15 16:13:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\reg\Desktop\HijackThis.exe
    [2013/03/12 15:41:37 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 14:28:30 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 12:25:25 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 10:41:31 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 10:17:58 | 000,000,288 | ---- | M] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/06 12:51:39 | 000,424,807 | ---- | M] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2013/03/06 06:20:44 | 000,000,240 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
    [2013/02/21 19:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
    [2013/02/21 19:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

    ========== Files Created - No Company Name ==========

    [2013/03/18 16:41:49 | 000,609,993 | ---- | C] () -- C:\Users\reg\Desktop\adwcleaner.exe
    [2013/03/16 03:35:30 | 000,890,798 | ---- | C] () -- C:\Users\reg\Desktop\SecurityCheck.exe
    [2013/03/15 16:48:23 | 487,434,356 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/03/15 16:17:12 | 000,377,856 | ---- | C] () -- C:\Users\reg\Desktop\377uy0w7.exe
    [2013/03/12 15:41:37 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/12 14:28:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9d8dfaaa-d538-47ab-be7c-e5c7dbe96404.job
    [2013/03/12 14:28:49 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0ddec141-f30d-42cc-a320-10a4b81096d5.job
    [2013/03/12 14:28:30 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/03/12 12:25:25 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Express Files.lnk
    [2013/03/12 10:41:31 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/03/11 10:17:58 | 000,000,288 | ---- | C] () -- C:\Users\reg\AppData\Roaming\.backup.dm
    [2013/03/06 12:51:35 | 000,424,807 | ---- | C] () -- C:\Users\reg\Documents\Reginald Vincent-Rehire-Operator-March 19, 2013.pdf
    [2012/12/03 09:34:04 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll
    [2012/12/03 09:34:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll
    [2012/12/03 09:33:56 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll
    [2012/12/03 09:33:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll
    [2012/12/03 09:33:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll
    [2012/12/03 09:33:32 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll
    [2012/12/03 09:33:31 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll
    [2012/12/03 09:33:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll
    [2012/12/03 09:33:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe
    [2012/12/03 09:33:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll
    [2012/12/03 09:33:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll
    [2012/12/03 09:33:21 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe
    [2012/12/03 09:33:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll
    [2012/12/03 09:33:18 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe
    [2012/12/03 09:33:14 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll
    [2012/12/03 09:33:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll
    [2012/12/03 09:33:12 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe
    [2012/11/11 10:20:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/03/08 05:57:00 | 000,163,642 | ---- | C] () -- C:\ProgramData\1331207614.bdinstall.bin
    [2012/02/29 10:34:07 | 001,141,571 | ---- | C] () -- C:\ProgramData\1330519166.bdinstall.bin
    [2012/02/29 06:35:52 | 000,291,462 | ---- | C] () -- C:\ProgramData\1330517945.bdinstall.bin
    [2012/02/28 17:56:31 | 000,000,783 | ---- | C] () -- C:\ProgramData\1330473362.4432.bin
    [2012/02/28 17:56:10 | 000,006,245 | ---- | C] () -- C:\ProgramData\1330473362.3960.bin
    [2012/02/28 17:56:08 | 001,402,986 | ---- | C] () -- C:\ProgramData\1330473362.5092.bin
    [2012/02/28 17:56:08 | 000,010,196 | ---- | C] () -- C:\ProgramData\1330473362.5088.bin
    [2012/02/28 17:56:08 | 000,001,698 | ---- | C] () -- C:\ProgramData\1330473362.5096.bin
    [2012/02/28 17:56:08 | 000,000,739 | ---- | C] () -- C:\ProgramData\1330473362.5100.bin
    [2012/02/28 17:56:05 | 001,486,683 | ---- | C] () -- C:\ProgramData\1330473362.5064.bin
    [2012/02/28 17:56:03 | 000,005,716 | ---- | C] () -- C:\ProgramData\1330473362.5052.bin
    [2012/02/28 17:56:02 | 000,043,876 | ---- | C] () -- C:\ProgramData\1330473362.4952.bin
    [2012/02/28 17:25:08 | 000,029,203 | ---- | C] () -- C:\ProgramData\1330470337.1300.bin
    [2012/02/28 17:06:02 | 000,032,372 | ---- | C] () -- C:\ProgramData\1330470337.924.bin
    [2012/02/28 17:06:01 | 000,006,242 | ---- | C] () -- C:\ProgramData\1330470337.4824.bin
    [2012/02/28 17:05:46 | 000,010,165 | ---- | C] () -- C:\ProgramData\1330470337.4980.bin
    [2012/02/28 17:05:46 | 000,004,337 | ---- | C] () -- C:\ProgramData\1330470337.3800.bin
    [2012/02/28 17:05:46 | 000,001,815 | ---- | C] () -- C:\ProgramData\1330470337.364.bin
    [2012/02/28 17:05:46 | 000,001,783 | ---- | C] () -- C:\ProgramData\1330470337.3124.bin
    [2012/02/28 17:05:39 | 000,110,265 | ---- | C] () -- C:\ProgramData\1330470337.2488.bin
    [2012/02/28 17:05:38 | 000,009,029 | ---- | C] () -- C:\ProgramData\1330470337.1208.bin
    [2012/02/28 17:05:37 | 000,049,543 | ---- | C] () -- C:\ProgramData\1330470337.1652.bin
    [2011/11/17 17:03:10 | 000,006,656 | ---- | C] () -- C:\Users\reg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/08 10:35:21 | 000,000,229 | ---- | C] () -- C:\ProgramData\settings.xml
    [2011/07/06 19:38:45 | 000,001,207 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/06/05 17:18:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/06/04 20:02:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2011/05/06 09:21:24 | 000,000,208 | ---- | C] () -- C:\Users\reg\AppData\Roaming\wklnhst.dat
    [2011/05/02 16:55:49 | 000,706,526 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/05/02 10:52:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2011/05/02 10:52:27 | 000,001,542 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2011/05/02 09:08:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2011/05/02 09:08:02 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
    [2011/05/02 09:08:02 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
    [2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/06/14 00:49:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\4 Friends Games
    [2012/06/26 07:56:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    [2012/02/18 20:52:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Alawar Stargaze
    [2012/06/19 01:21:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\AlawarEntertainment
    [2012/02/06 07:00:02 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Amaranth Games
    [2012/04/16 18:52:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Anarchy
    [2012/06/26 03:24:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artifex Mundi
    [2012/04/09 13:01:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Artogon
    [2011/08/09 17:56:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Awem
    [2012/09/28 16:05:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Azureus
    [2012/03/08 05:56:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Bitdefender
    [2011/12/01 07:52:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\BlamGames
    [2012/11/19 13:08:07 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Blue Tea Games
    [2012/01/23 06:36:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boolat Games
    [2011/12/04 10:29:33 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Boomzap
    [2011/09/16 08:08:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\casualArts
    [2011/12/07 11:33:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\cerasus.media
    [2012/11/23 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DAEMON Tools Lite
    [2012/10/12 10:42:35 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DailyMagic
    [2012/04/09 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Dark Blue Games
    [2011/11/16 10:36:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DarkParablesBriarRoseSE_BFG
    [2012/01/31 13:20:00 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Deep Shadows
    [2011/11/30 09:03:25 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\DieselPuppet
    [2012/06/17 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Eipix
    [2012/01/30 07:10:11 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\EleFun Games
    [2013/01/29 14:11:18 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Elephant Games
    [2013/02/12 18:35:15 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ERS Game Studios
    [2012/08/10 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ExpressFiles
    [2011/11/10 12:58:12 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Fenomen Games
    [2012/06/26 08:10:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Freeze Tag
    [2012/04/16 17:51:36 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Friday's games
    [2011/11/10 17:52:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Frogwares
    [2012/05/20 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameDevo
    [2012/04/09 13:33:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameInvest
    [2012/04/20 15:04:39 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GameMill Entertainment
    [2012/09/30 12:43:03 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\GlarySoft
    [2012/12/20 19:25:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HdO Adventure
    [2011/10/13 11:31:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\HitPoint Studios
    [2012/11/11 10:21:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Iroz Games
    [2012/05/05 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lazy Turtle Games
    [2012/12/03 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Lexmark Imaging Studio
    [2012/06/17 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Mad Head Games
    [2012/01/23 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MagicIndie
    [2012/06/25 02:31:46 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\MediaArt
    [2012/06/25 01:31:20 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Meridian93
    [2012/06/26 04:10:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Orneon
    [2012/12/20 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PacificPoker
    [2011/09/19 11:20:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Phantasmat_spintop_ce
    [2011/12/08 18:40:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFavoriteGames
    [2011/11/16 10:51:29 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayFirst
    [2012/04/20 16:39:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\PlayPond
    [2012/01/29 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\quickclick
    [2011/05/02 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\QuickScan
    [2011/11/08 10:26:59 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Red Dot
    [2012/12/14 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Rovio
    [2013/03/11 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk
    [2013/03/11 10:20:24 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SanDisk SecureAccess
    [2011/11/17 17:06:48 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Shareaza
    [2012/08/02 16:10:04 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Sierra Wireless
    [2012/06/21 12:29:17 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Silverback Productions
    [2011/07/28 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Skunk Studios
    [2011/11/07 13:12:38 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SMIGames
    [2012/07/16 12:47:57 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Specialbit
    [2011/09/19 10:43:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SpinTop
    [2011/07/27 16:55:34 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\SulusGames
    [2012/05/07 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\tabagames
    [2011/06/06 08:44:23 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Template
    [2012/11/11 18:15:40 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\ThreeDays2
    [2012/11/11 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\TitanicMystery
    [2011/05/05 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Trusteer
    [2012/01/29 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vast Studios
    [2011/11/11 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\VendelGAMES
    [2011/12/04 16:51:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Vogat Interactive
    [2012/10/01 12:39:50 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\WildTangent
    [2013/01/24 21:14:22 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\Windows Live Writer
    [2012/06/14 01:49:56 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\World-LooM
    [2012/01/30 12:18:19 | 000,000,000 | ---D | M] -- C:\Users\reg\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 16 bytes -> C:\Users\reg\Downloads:Shareaza.GUID
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp026A5A4
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp6D084A5
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TempBC3D477
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TempC7EDF41
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp226A81A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TempBEF355E

    < End of report >

  10. #10
    Member
    Join Date
    Mar 2013
    Posts
    9
    Points
    0

    Default

    Computer seems to be ok now. Here is the log of the scan.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=2c496cc518079149ae300f26030c0413
    # engine=13423
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-03-19 02:37:42
    # local_time=2013-03-18 08:37:42 (-0700, Mountain Daylight Time)
    # country="Canada"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=2054 16777213 100 85 0 121803960 0 0
    # compatibility_mode=5893 16776574 100 94 56014026 115204112 0 0
    # scanned=166679
    # found=6
    # cleaned=0
    # scan_time=5260
    sh=36C513B8D860984CDA7C81A6FC4261D8D37A9032 ft=1 fh=6351dabb7e38847a vn="a variant of Win32/YourFileDownloader.B application" ac=I fn="C:\Program Files (x86)\ExpressFiles\EFUpdater.exe"
    sh=68998EDA1CB7FFA330E3CC18A765B39CDBE1F819 ft=1 fh=cfddd1a22fe3492b vn="a variant of Win32/ExpressFiles.A application" ac=I fn="C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe"
    sh=F3B4E75053A66773857CCD301CFEFD86DC5DD74D ft=1 fh=e3322eed538a5650 vn="a variant of Win32/ExpressFiles.B application" ac=I fn="C:\Program Files (x86)\ExpressFiles\uninstall.exe"
    sh=EEFB241EDB534614004D6FA41F2EBFABE9AAFB39 ft=1 fh=d0fbe6c156bd37dc vn="Win32/OpenCandy application" ac=I fn="C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll"
    sh=F3B4E75053A66773857CCD301CFEFD86DC5DD74D ft=1 fh=e3322eed538a5650 vn="a variant of Win32/ExpressFiles.B application" ac=I fn="C:\Users\reg\Videos\muvees\a_good_day_to_die_hard_downloader_ca_99254.exe"
    sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/YourFileDownloader.B application" ac=I fn="${Memory}"

Page 1 of 2 12 LastLast