Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    Jul 2008
    Posts
    22
    Points
    0

    Default S AntiSpyware does not run - HJT

    hi everyone,

    did Avast scan, then uninstalled avast, since i have zone alarm running a firewall, i did not want conflicts,

    super antispyware does not run at all,

    so here is my HJT log file, (found nothing in the detective)

    thanks very much for your time, you rock !!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:25:49 AM, on 8/26/2013
    Platform: Windows 7 (WinNT 6.00.3004)
    MSIE: Internet Explorer v8.00 (8.00.7100.0000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Search - Web Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIFE82~1\Office12\REFIEBAR.DLL
    O15 - Trusted Zone: http://*.cinemanow.com
    O15 - Trusted Zone: Thai TV Live free from ThaiTV | Lakorn and more | Thaitv.TV
    O15 - Trusted Zone: *.thaitv.tv
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 3858 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi changintimes55,

    Windows 7 has a great firewall and there is no need for a 3rd party firewall such as Zonealarm. ZA will not interfere with Avast unless you have the Pro version of Avast which includes a firewall. Personally, I would have uninstall ZA and left Avast. If anything gets past ZA you are totally unprotected.

    What issues are you experiencing? Were you able to scan with Malwarebytes?

    Please note: I am presently in training and if any infections are found in your logs, I will have to consult with my instructor which may delay my responses to you. For now, please do the following so I can get a more in depth look at what we have.

    Please download WVCheck
    • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
    • As indicated by the prompt, This program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the notepad file and paste in your reply.


    Next:

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Please post the following logs in your next reply:
    OTL.txt
    Extras.txt
    WVCheck.txt

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Jul 2013
    Posts
    126
    Points
    3

    Default

    is there a diifrence between Avira & zonealarm

  4. #4
    Member
    Join Date
    Jul 2008
    Posts
    22
    Points
    0

    Default

    thanks Donna, here i go.........

  5. #5
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Quote Originally Posted by ct8559 View Post
    is there a diifrence between Avira & zonealarm
    Hi ct8559,

    Go ahead and ask zep516 in your thread in the Computer help forum you started here. He'll be able to answer that question for you.

    @ changintimes55

    You're welcome! Anytime you're ready please post the logs for my viewing pleasure!
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. #6
    Member
    Join Date
    Jul 2008
    Posts
    22
    Points
    0

    Default

    OTL logfile created on: 8/27/2013 1:54:03 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
    Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7100.0)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.48% Memory free
    5.49 Gb Paging File | 4.52 Gb Available in Paging File | 82.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 110.06 Gb Free Space | 73.89% Space Free | Partition Type: NTFS

    Computer Name: LARRY-M | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/08/27 01:52:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2013/08/25 17:51:38 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2013/08/22 07:12:24 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
    PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2009/04/22 01:19:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/04/22 01:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/25 17:51:37 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2013/08/22 07:12:23 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    MOD - [2011/07/18 17:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2013/08/22 07:15:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/08/18 06:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
    SRV - [2012/07/20 14:08:04 | 008,186,368 | ---- | M] () [Disabled | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
    SRV - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2010/06/03 18:22:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/04/22 01:21:49 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/04/22 01:21:40 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/04/22 01:20:52 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - [2013/02/06 04:21:51 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/04/26 22:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
    DRV - [2010/04/26 22:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
    DRV - [2010/04/26 22:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
    DRV - [2009/04/22 01:23:55 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/04/22 01:23:47 | 000,040,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/04/22 01:23:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/04/21 23:49:36 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/04/21 23:26:30 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/04/21 23:26:29 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=A74A7EFC-8EBA-4307-BFC6-F2E479C1213E&psa=&ind=2010101614&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Search - Web Search
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = JavaScript Browser Object Examples
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=A74A7EFC-8EBA-4307-BFC6-F2E479C1213E&psa=&ind=2010101614&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111117&iesrc={referrer:source}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{BAAF00A8-0C59-4860-85A9-67174F313469}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{BEACA5A4-2A5A-49D7-9856-8945521FA17C}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..CT3247436.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.w3schools.com/js/js_ex_dom.asp"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/06 13:38:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/06 13:38:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/25 17:51:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/25 17:51:27 | 000,000,000 | ---D | M]

    [2009/11/15 22:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
    [2013/08/22 07:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions
    [2010/05/02 15:24:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/08/22 07:02:27 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2013/02/06 04:21:27 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2011/11/17 12:53:02 | 000,001,945 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\bing-zugo.xml
    [2010/11/07 15:12:49 | 000,009,927 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\IObitBar.xml
    [2012/01/07 10:36:33 | 000,003,915 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\sweetim.xml
    [2013/02/08 06:18:34 | 000,001,070 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\upmedia-customized-web-search.xml
    [2013/08/25 17:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/08/25 17:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/25 17:51:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/03/02 18:10:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/07/06 13:38:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2013/02/18 01:54:57 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Blekko (Enabled)
    CHR - default_search_provider: search_url = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201203319F6F495EBABA7FB1D5C4AB40&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: Google
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/03/20 11:31:18 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: thaitv.tv ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: thaitv.tv ([www] http in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBE9F94-42BD-4823-98FB-B6DC646BE258}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/20 11:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/27 01:51:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2013/08/25 23:47:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/08/25 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
    [2013/08/25 23:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/08/25 23:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/08/25 23:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/08/25 18:30:16 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013/08/25 18:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/08/25 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/08/27 01:59:07 | 000,002,247 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2013/08/27 01:52:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2013/08/27 01:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/27 01:15:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/27 01:09:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/27 01:09:12 | 2213,007,360 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/27 00:06:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/08/26 23:11:43 | 000,627,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/08/26 23:11:43 | 000,107,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/08/26 08:28:37 | 000,013,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/26 08:28:37 | 000,013,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/26 01:25:49 | 000,003,859 | ---- | M] () -- C:\Users\User\Desktop\hijackthis 3
    [2013/08/25 23:49:11 | 000,004,184 | ---- | M] () -- C:\Users\User\Desktop\hijackthis 2
    [2013/08/25 23:47:52 | 000,002,959 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk
    [2013/08/25 23:24:31 | 000,000,010 | RHS- | M] () -- C:\config.sys
    [2013/08/25 23:15:39 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/25 20:37:10 | 000,312,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/08/25 18:32:55 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/08/25 18:30:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013/08/25 18:23:09 | 000,001,092 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/08/24 05:45:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/22 07:15:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/08/22 07:15:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/08/26 01:25:49 | 000,003,859 | ---- | C] () -- C:\Users\User\Desktop\hijackthis 3
    [2013/08/25 23:49:10 | 000,004,184 | ---- | C] () -- C:\Users\User\Desktop\hijackthis 2
    [2013/08/25 23:47:52 | 000,002,959 | ---- | C] () -- C:\Users\User\Desktop\HiJackThis.lnk
    [2013/08/25 23:15:39 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/25 18:32:55 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/08/22 07:12:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/09 01:29:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
    [2013/01/06 02:58:48 | 000,129,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2012/08/13 03:00:01 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
    [2012/07/26 07:57:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
    [2011/12/11 05:05:20 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{B6D4A2C4-FC21-4502-A02C-7F1FA6F73C29}
    [2011/11/05 12:54:52 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{0BE98646-10FD-4E3D-9755-2DEF80044ACE}
    [2011/11/05 01:08:07 | 000,007,616 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
    [2010/12/24 01:07:22 | 000,013,824 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2009/04/22 04:16:17 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2009/04/22 01:21:56 | 012,855,296 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/22 01:20:29 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/22 01:22:12 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:30FD0CBD

    < End of report >

    OTL Extras logfile created on: 8/27/2013 1:54:04 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
    Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7100.0)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.48% Memory free
    5.49 Gb Paging File | 4.52 Gb Available in Paging File | 82.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 110.06 Gb Free Space | 73.89% Space Free | Partition Type: NTFS

    Computer Name: LARRY-M | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- Reg Error: Value error. File not found
    .hta [@ = htafile] -- "%1" %*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- Reg Error: Value error.
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "ANTIVIRUSDISABLENOTIFY" = 0
    "FIREWALLDISABLENOTIFY" = 0
    "UPDATESDISABLENOTIFY" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{18A2E665-3B34-45A6-BB24-9227DC749D38}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2E6BE135-AD68-4864-B631-915791BAD3CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{34C11244-D66D-4A83-B36A-3BA7324797CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3D8F6D7E-325A-4E78-96C9-4E1E7006AC0D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3DEB7120-2039-407E-B04E-A6A87EC71414}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{3E1F6DA5-4B3D-465C-B580-9F74372F49E2}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{44887750-8215-412C-A7C5-6D3228C0D62C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4488C53D-BA71-4C41-BD9B-3FB4D5EFF99A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4E8C1050-34E6-4FC2-ABEE-E2F238EC8768}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5BFFD609-C1CC-4BD4-81C3-0AA5093B1FA4}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{66DFF23A-4070-4CBD-B635-5DB1EFF36F50}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7E23A66D-8D47-4301-9987-B23A01B3BB70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{AB9BBF85-A52C-4C4F-87B7-2EF2C8AF94D0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B2F6D41E-1891-4EBF-B037-94CFD2FDA511}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BF7DDB74-4C6C-4FAD-AE92-1EBE55329C6D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C1325A77-B5CF-4BB8-A741-BA279C43061A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D3066CD5-B9B0-43E8-A75A-77F2450E26CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DD1D4B5C-BE9A-4C73-B8DB-AAF7EB2D915C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{DE3BE933-1B78-45A3-BE71-C870EF4C4BA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E5F3FE69-2D39-45FF-A317-0A1CFED53024}" = lport=137 | protocol=17 | dir=in | app=system |
    "{EF7F6647-0CAE-4822-924D-794449DEE7BA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F6C8C6FF-4DDB-4300-A406-E54549393AB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F742ACDD-7CDE-4DFC-B76C-69FFE7663CB4}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01B07E45-E7CB-45AC-A304-4D486633FDF2}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{22F5FF79-E3E4-4E3A-ACDF-A7E493130F03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{27116730-045E-42A8-BE75-E941170EB052}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{2DC7D889-8A4A-484C-BE15-5619F2F6372D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2E4D12AE-4964-4295-A506-94B139675185}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{33C73B1F-E0F9-43A0-A984-31EBC99A61D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{38305F06-AF34-4993-B282-BBF63F03DC08}" = protocol=6 | dir=out | app=system |
    "{3DE1CA9F-1B20-46FA-A6E5-EA122E75800B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{44BCB2FC-B64C-4DB1-A3CE-F661D1592698}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4EA127F9-E4A1-4A16-B158-CA5814DFA966}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{672E43BF-A92B-45A0-9BF8-10AB45A8F798}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{6A2AE9E2-24DA-43BA-AE38-FF67ACEF88FC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{6F7DC18E-A9BF-4530-8F7B-C7738381A6B5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{700C2368-70F9-448E-8FEF-017B61C3C8A6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{738763A9-4B03-405B-9A1F-797AF326BA79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{74154C0A-4DB0-4FEB-B2AF-F8913B859A63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{774ECE27-3DD9-4BAB-AF6F-F92F44127896}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{78DE2DE6-3F36-41CC-9C0D-AFDB1AEF4D4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{86CB61B5-5B94-45F8-AA56-74C5C6FB3E2F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{8B4945C1-C29D-4BCA-907E-208D79A13FCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A384484B-639B-4D88-8F13-E62D620BD80E}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{ACAD5FEF-947F-40DE-89C9-CA257E7DEC4F}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{AE330EAD-2932-4AFD-8AE3-C1F5E08EB4F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B433209D-FD30-4A8B-AECA-F0F79FE5165B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{BB5EBCA5-FC8C-4496-A80B-87DC4F381EC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C556CC51-BFC5-4E38-A58B-54CAFE0C6487}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CDA636E2-ABC6-4115-8437-BDCD04B9C7C1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{F79436A1-CDCE-4FF8-A92F-C2EBAA9981CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{31FCB5A2-5FCD-4434-AB5D-6398A40AEF82}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{38828A8B-4D18-4612-8716-F3BEA64A0CAE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{617F5AC5-76D5-41E8-9239-2DB50281DE62}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{69778FA5-F5A7-4A45-836E-8DF55FCE810D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{83CA298C-70D3-4B31-AF58-6C0520A19F5F}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{474EE1DA-672F-48F5-A39F-C522E421C6AE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{5A1AB211-969F-4C84-982D-3CD0CADCD48A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{D3B39BB8-370A-4C10-A554-D0C718F7AFE8}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{EC2BA740-12A9-495C-899F-773F35F0C073}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{FC479975-8D7B-4B09-8636-60967B3B9E05}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
    "{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
    "{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
    "{AE0F5DEF-1B8F-454B-A784-B19600FAB40E}_is1" = Console Classix 4.14
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F70701D1-C08C-4FFD-9324-870DD65BB829}_is1" = Sound-Record Waspy LE VSTi 1.3
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "Audacity_is1" = Audacity 2.0
    "CCleaner" = CCleaner
    "Coffee Break PacMan" = Coffee Break PacMan
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
    "Google Chrome" = Google Chrome
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
    "Notepad++" = Notepad++
    "Opera 12.14.1738" = Opera 12.14
    "RealPlayer 15.0" = RealPlayer
    "WebDesigner" = Microsoft Expression Web
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/6/2011 12:28:03 PM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 8/14/2011 3:00:27 PM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 8/15/2011 1:17:19 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/3/2011 9:27:06 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/12/2011 2:27:40 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/14/2011 12:34:59 AM | Computer Name = Larry-M | Source = Application Error | ID = 1000
    Description = Faulting application name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4d8b60ed Faulting module name: SDL_net.dll, version: 1.2.7.0, time stamp:
    0x4b0a819f Exception code: 0xc0000005 Fault offset: 0x00001485 Faulting process id:
    0xdf4 Faulting application start time: 0x01cc72974190e6b3 Faulting application path:
    C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Faulting module path: C:\Program
    Files\ConsoleClassix.com\SDL_net.dll Report Id: e72f5506-de8a-11e0-9ebf-001eecde34ac

    Error - 9/14/2011 12:36:14 AM | Computer Name = Larry-M | Source = Application Error | ID = 1000
    Description = Faulting application name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4e493d94 Faulting module name: SDL_net.dll, version: 1.2.7.0, time stamp:
    0x4b0a819f Exception code: 0xc0000005 Fault offset: 0x00001485 Faulting process id:
    0x82c Faulting application start time: 0x01cc7297c7cd858b Faulting application path:
    C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Faulting module path: C:\Program
    Files\ConsoleClassix.com\SDL_net.dll Report Id: 138e364c-de8b-11e0-9ebf-001eecde34ac

    Error - 9/14/2011 12:43:57 AM | Computer Name = Larry-M | Source = Application Error | ID = 1000
    Description = Faulting application name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4e493d94 Faulting module name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4e493d94 Exception code: 0xc0000005 Fault offset: 0x000432b0 Faulting process
    id: 0x9c4 Faulting application start time: 0x01cc7297dbe5c401 Faulting application
    path: C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Faulting module path:
    C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Report Id: 27a7cdf1-de8c-11e0-9ebf-001eecde34ac

    Error - 9/14/2011 9:04:44 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/17/2011 3:33:37 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    [ OSession Events ]
    Error - 10/30/2011 7:17:37 PM | Computer Name = Larry-M | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1125
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 4/28/2012 4:39:48 AM | Computer Name = Larry-M | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 656
    seconds with 360 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/27/2013 1:11:57 AM | Computer Name = Larry-M | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort2.

    Error - 8/27/2013 1:11:57 AM | Computer Name = Larry-M | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort2.

    Error - 8/27/2013 1:11:57 AM | Computer Name = Larry-M | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort2.

    Error - 8/27/2013 1:12:31 AM | Computer Name = Larry-M | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 8/27/2013 1:13:46 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 8/27/2013 1:14:46 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Media Player Network Sharing Service service to connect.

    Error - 8/27/2013 1:14:46 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7000
    Description = The Windows Media Player Network Sharing Service service failed to
    start due to the following error: %%1053

    Error - 8/27/2013 1:16:02 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7031
    Description = The Windows Search service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 30000 milliseconds:
    Restart the service.

    Error - 8/27/2013 1:17:02 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Search service to connect.

    Error - 8/27/2013 1:17:02 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053


    < End of report >

  7. #7
    Member
    Join Date
    Jul 2008
    Posts
    22
    Points
    0

    Default

    OTL logfile created on: 8/27/2013 1:54:03 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
    Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7100.0)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.48% Memory free
    5.49 Gb Paging File | 4.52 Gb Available in Paging File | 82.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 110.06 Gb Free Space | 73.89% Space Free | Partition Type: NTFS

    Computer Name: LARRY-M | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/08/27 01:52:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2013/08/25 17:51:38 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2013/08/22 07:12:24 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
    PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2009/04/22 01:19:35 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/04/22 01:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/25 17:51:37 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2013/08/22 07:12:23 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    MOD - [2011/07/18 17:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2013/08/22 07:15:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/08/18 06:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
    SRV - [2012/07/20 14:08:04 | 008,186,368 | ---- | M] () [Disabled | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
    SRV - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2010/06/03 18:22:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/04/22 01:21:49 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/04/22 01:21:40 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/04/22 01:20:52 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - [2013/02/06 04:21:51 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/04/26 22:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
    DRV - [2010/04/26 22:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
    DRV - [2010/04/26 22:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
    DRV - [2009/04/22 01:23:55 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/04/22 01:23:47 | 000,040,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/04/22 01:23:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/04/21 23:49:36 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/04/21 23:26:30 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/04/21 23:26:29 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=A74A7EFC-8EBA-4307-BFC6-F2E479C1213E&psa=&ind=2010101614&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Search - Web Search
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = JavaScript Browser Object Examples
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=A74A7EFC-8EBA-4307-BFC6-F2E479C1213E&psa=&ind=2010101614&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111117&iesrc={referrer:source}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{BAAF00A8-0C59-4860-85A9-67174F313469}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{BEACA5A4-2A5A-49D7-9856-8945521FA17C}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..CT3247436.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.w3schools.com/js/js_ex_dom.asp"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/06 13:38:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/06 13:38:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/25 17:51:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/25 17:51:27 | 000,000,000 | ---D | M]

    [2009/11/15 22:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
    [2013/08/22 07:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions
    [2010/05/02 15:24:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/08/22 07:02:27 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2013/02/06 04:21:27 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\54dckrw3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2011/11/17 12:53:02 | 000,001,945 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\bing-zugo.xml
    [2010/11/07 15:12:49 | 000,009,927 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\IObitBar.xml
    [2012/01/07 10:36:33 | 000,003,915 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\sweetim.xml
    [2013/02/08 06:18:34 | 000,001,070 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\54dckrw3.default\searchplugins\upmedia-customized-web-search.xml
    [2013/08/25 17:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/08/25 17:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/25 17:51:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/03/02 18:10:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/07/06 13:38:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2013/02/18 01:54:57 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Blekko (Enabled)
    CHR - default_search_provider: search_url = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201203319F6F495EBABA7FB1D5C4AB40&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: Google
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/03/20 11:31:18 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..\Toolbar\WebBrowser: (no name) - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: thaitv.tv ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2672891020-1956198743-3270850450-1000\..Trusted Domains: thaitv.tv ([www] http in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBE9F94-42BD-4823-98FB-B6DC646BE258}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/20 11:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/27 01:51:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2013/08/25 23:47:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/08/25 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
    [2013/08/25 23:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/08/25 23:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/08/25 23:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/08/25 18:30:16 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013/08/25 18:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/08/25 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/08/27 01:59:07 | 000,002,247 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2013/08/27 01:52:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2013/08/27 01:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/27 01:15:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/27 01:09:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/08/27 01:09:12 | 2213,007,360 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/27 00:06:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/08/26 23:11:43 | 000,627,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/08/26 23:11:43 | 000,107,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/08/26 08:28:37 | 000,013,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/26 08:28:37 | 000,013,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/26 01:25:49 | 000,003,859 | ---- | M] () -- C:\Users\User\Desktop\hijackthis 3
    [2013/08/25 23:49:11 | 000,004,184 | ---- | M] () -- C:\Users\User\Desktop\hijackthis 2
    [2013/08/25 23:47:52 | 000,002,959 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk
    [2013/08/25 23:24:31 | 000,000,010 | RHS- | M] () -- C:\config.sys
    [2013/08/25 23:15:39 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/25 20:37:10 | 000,312,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/08/25 18:32:55 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/08/25 18:30:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013/08/25 18:23:09 | 000,001,092 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/08/24 05:45:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/22 07:15:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/08/22 07:15:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/08/26 01:25:49 | 000,003,859 | ---- | C] () -- C:\Users\User\Desktop\hijackthis 3
    [2013/08/25 23:49:10 | 000,004,184 | ---- | C] () -- C:\Users\User\Desktop\hijackthis 2
    [2013/08/25 23:47:52 | 000,002,959 | ---- | C] () -- C:\Users\User\Desktop\HiJackThis.lnk
    [2013/08/25 23:15:39 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/25 18:32:55 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/08/25 18:32:55 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/08/22 07:12:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/09 01:29:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
    [2013/01/06 02:58:48 | 000,129,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2012/08/13 03:00:01 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
    [2012/07/26 07:57:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
    [2011/12/11 05:05:20 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{B6D4A2C4-FC21-4502-A02C-7F1FA6F73C29}
    [2011/11/05 12:54:52 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{0BE98646-10FD-4E3D-9755-2DEF80044ACE}
    [2011/11/05 01:08:07 | 000,007,616 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
    [2010/12/24 01:07:22 | 000,013,824 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2009/04/22 04:16:17 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2009/04/22 01:21:56 | 012,855,296 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/22 01:20:29 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/22 01:22:12 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:30FD0CBD

    < End of report >

    OTL Extras logfile created on: 8/27/2013 1:54:04 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
    Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7100.0)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.48% Memory free
    5.49 Gb Paging File | 4.52 Gb Available in Paging File | 82.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 110.06 Gb Free Space | 73.89% Space Free | Partition Type: NTFS

    Computer Name: LARRY-M | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- Reg Error: Value error. File not found
    .hta [@ = htafile] -- "%1" %*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- Reg Error: Value error.
    htafile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "ANTIVIRUSDISABLENOTIFY" = 0
    "FIREWALLDISABLENOTIFY" = 0
    "UPDATESDISABLENOTIFY" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{18A2E665-3B34-45A6-BB24-9227DC749D38}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2E6BE135-AD68-4864-B631-915791BAD3CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{34C11244-D66D-4A83-B36A-3BA7324797CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3D8F6D7E-325A-4E78-96C9-4E1E7006AC0D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3DEB7120-2039-407E-B04E-A6A87EC71414}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{3E1F6DA5-4B3D-465C-B580-9F74372F49E2}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{44887750-8215-412C-A7C5-6D3228C0D62C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4488C53D-BA71-4C41-BD9B-3FB4D5EFF99A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4E8C1050-34E6-4FC2-ABEE-E2F238EC8768}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5BFFD609-C1CC-4BD4-81C3-0AA5093B1FA4}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{66DFF23A-4070-4CBD-B635-5DB1EFF36F50}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7E23A66D-8D47-4301-9987-B23A01B3BB70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{AB9BBF85-A52C-4C4F-87B7-2EF2C8AF94D0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B2F6D41E-1891-4EBF-B037-94CFD2FDA511}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BF7DDB74-4C6C-4FAD-AE92-1EBE55329C6D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C1325A77-B5CF-4BB8-A741-BA279C43061A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D3066CD5-B9B0-43E8-A75A-77F2450E26CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DD1D4B5C-BE9A-4C73-B8DB-AAF7EB2D915C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{DE3BE933-1B78-45A3-BE71-C870EF4C4BA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E5F3FE69-2D39-45FF-A317-0A1CFED53024}" = lport=137 | protocol=17 | dir=in | app=system |
    "{EF7F6647-0CAE-4822-924D-794449DEE7BA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F6C8C6FF-4DDB-4300-A406-E54549393AB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F742ACDD-7CDE-4DFC-B76C-69FFE7663CB4}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01B07E45-E7CB-45AC-A304-4D486633FDF2}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{22F5FF79-E3E4-4E3A-ACDF-A7E493130F03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{27116730-045E-42A8-BE75-E941170EB052}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{2DC7D889-8A4A-484C-BE15-5619F2F6372D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2E4D12AE-4964-4295-A506-94B139675185}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{33C73B1F-E0F9-43A0-A984-31EBC99A61D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{38305F06-AF34-4993-B282-BBF63F03DC08}" = protocol=6 | dir=out | app=system |
    "{3DE1CA9F-1B20-46FA-A6E5-EA122E75800B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{44BCB2FC-B64C-4DB1-A3CE-F661D1592698}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4EA127F9-E4A1-4A16-B158-CA5814DFA966}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{672E43BF-A92B-45A0-9BF8-10AB45A8F798}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{6A2AE9E2-24DA-43BA-AE38-FF67ACEF88FC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{6F7DC18E-A9BF-4530-8F7B-C7738381A6B5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{700C2368-70F9-448E-8FEF-017B61C3C8A6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{738763A9-4B03-405B-9A1F-797AF326BA79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{74154C0A-4DB0-4FEB-B2AF-F8913B859A63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{774ECE27-3DD9-4BAB-AF6F-F92F44127896}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{78DE2DE6-3F36-41CC-9C0D-AFDB1AEF4D4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{86CB61B5-5B94-45F8-AA56-74C5C6FB3E2F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{8B4945C1-C29D-4BCA-907E-208D79A13FCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A384484B-639B-4D88-8F13-E62D620BD80E}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{ACAD5FEF-947F-40DE-89C9-CA257E7DEC4F}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{AE330EAD-2932-4AFD-8AE3-C1F5E08EB4F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B433209D-FD30-4A8B-AECA-F0F79FE5165B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{BB5EBCA5-FC8C-4496-A80B-87DC4F381EC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C556CC51-BFC5-4E38-A58B-54CAFE0C6487}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CDA636E2-ABC6-4115-8437-BDCD04B9C7C1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{F79436A1-CDCE-4FF8-A92F-C2EBAA9981CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{31FCB5A2-5FCD-4434-AB5D-6398A40AEF82}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{38828A8B-4D18-4612-8716-F3BEA64A0CAE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{617F5AC5-76D5-41E8-9239-2DB50281DE62}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{69778FA5-F5A7-4A45-836E-8DF55FCE810D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{83CA298C-70D3-4B31-AF58-6C0520A19F5F}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{474EE1DA-672F-48F5-A39F-C522E421C6AE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{5A1AB211-969F-4C84-982D-3CD0CADCD48A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "UDP Query User{D3B39BB8-370A-4C10-A554-D0C718F7AFE8}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{EC2BA740-12A9-495C-899F-773F35F0C073}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{FC479975-8D7B-4B09-8636-60967B3B9E05}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
    "{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
    "{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
    "{AE0F5DEF-1B8F-454B-A784-B19600FAB40E}_is1" = Console Classix 4.14
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F70701D1-C08C-4FFD-9324-870DD65BB829}_is1" = Sound-Record Waspy LE VSTi 1.3
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "Audacity_is1" = Audacity 2.0
    "CCleaner" = CCleaner
    "Coffee Break PacMan" = Coffee Break PacMan
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
    "Google Chrome" = Google Chrome
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
    "Notepad++" = Notepad++
    "Opera 12.14.1738" = Opera 12.14
    "RealPlayer 15.0" = RealPlayer
    "WebDesigner" = Microsoft Expression Web
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2672891020-1956198743-3270850450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/6/2011 12:28:03 PM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 8/14/2011 3:00:27 PM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 8/15/2011 1:17:19 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/3/2011 9:27:06 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/12/2011 2:27:40 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/14/2011 12:34:59 AM | Computer Name = Larry-M | Source = Application Error | ID = 1000
    Description = Faulting application name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4d8b60ed Faulting module name: SDL_net.dll, version: 1.2.7.0, time stamp:
    0x4b0a819f Exception code: 0xc0000005 Fault offset: 0x00001485 Faulting process id:
    0xdf4 Faulting application start time: 0x01cc72974190e6b3 Faulting application path:
    C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Faulting module path: C:\Program
    Files\ConsoleClassix.com\SDL_net.dll Report Id: e72f5506-de8a-11e0-9ebf-001eecde34ac

    Error - 9/14/2011 12:36:14 AM | Computer Name = Larry-M | Source = Application Error | ID = 1000
    Description = Faulting application name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4e493d94 Faulting module name: SDL_net.dll, version: 1.2.7.0, time stamp:
    0x4b0a819f Exception code: 0xc0000005 Fault offset: 0x00001485 Faulting process id:
    0x82c Faulting application start time: 0x01cc7297c7cd858b Faulting application path:
    C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Faulting module path: C:\Program
    Files\ConsoleClassix.com\SDL_net.dll Report Id: 138e364c-de8b-11e0-9ebf-001eecde34ac

    Error - 9/14/2011 12:43:57 AM | Computer Name = Larry-M | Source = Application Error | ID = 1000
    Description = Faulting application name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4e493d94 Faulting module name: ConsoleClassix.exe, version: 0.0.0.0, time
    stamp: 0x4e493d94 Exception code: 0xc0000005 Fault offset: 0x000432b0 Faulting process
    id: 0x9c4 Faulting application start time: 0x01cc7297dbe5c401 Faulting application
    path: C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Faulting module path:
    C:\Program Files\ConsoleClassix.com\ConsoleClassix.exe Report Id: 27a7cdf1-de8c-11e0-9ebf-001eecde34ac

    Error - 9/14/2011 9:04:44 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    Error - 9/17/2011 3:33:37 AM | Computer Name = Larry-M | Source = EventSystem | ID = 4621
    Description =

    [ OSession Events ]
    Error - 10/30/2011 7:17:37 PM | Computer Name = Larry-M | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1125
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 4/28/2012 4:39:48 AM | Computer Name = Larry-M | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
    12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 656
    seconds with 360 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/27/2013 1:11:57 AM | Computer Name = Larry-M | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort2.

    Error - 8/27/2013 1:11:57 AM | Computer Name = Larry-M | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort2.

    Error - 8/27/2013 1:11:57 AM | Computer Name = Larry-M | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort2.

    Error - 8/27/2013 1:12:31 AM | Computer Name = Larry-M | Source = volsnap | ID = 393230
    Description = The shadow copies of volume C: were aborted because of an IO failure
    on volume C:.

    Error - 8/27/2013 1:13:46 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 8/27/2013 1:14:46 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Media Player Network Sharing Service service to connect.

    Error - 8/27/2013 1:14:46 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7000
    Description = The Windows Media Player Network Sharing Service service failed to
    start due to the following error: %%1053

    Error - 8/27/2013 1:16:02 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7031
    Description = The Windows Search service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 30000 milliseconds:
    Restart the service.

    Error - 8/27/2013 1:17:02 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Search service to connect.

    Error - 8/27/2013 1:17:02 AM | Computer Name = Larry-M | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053


    < End of report >

  8. #8
    Member
    Join Date
    Jul 2008
    Posts
    22
    Points
    0

    Default

    and i did remove zone alarm Donna, :-)

    i thought zone alarm was a firewall ??

    i have windows firewall enabled now,

  9. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi changintimes55,

    Yes. ZoneAlarm is a firewall. Though a firewall alone will not protect your system if anything gets past it. That is where the Antivirus comes into play.

    You do know that your copy of windows is not valid, right? No matter what we do, we'll never be able to prevent you from becoming infected since you can receive any Windows Updates.

    Do you do any kind of financial transactions on this computer at all? Please allow me a bit more time review your logs. I did find an infection and will have to consult with my instructor. Your patience will be necessary.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation

    The RC is not a permanent operating system, it's a test system.

    You need to install a legit copy of windows, before any help is given.

    Joe

Page 1 of 2 12 LastLast