Trouble with Vista running programs, PIO problem ??? - Moved by Murf

dranger35 · #1 November 12th, 2012, 09:18 PM

I have an HP desktop with Windows Vista Home Premium 64-bit that has lately been acting weird. IE and Firefox work fine as well as the internet speed, but the various programs on the computer such as DVDFab, Cyberlink DVD Suite Deluxe, and Itunes either don't open at all or may open after a good 5-20 minutes depending on the program. And Malwarebytes has an error opening while a Norton system scan doesn't open to scan. But it did a scan while running in the background the other night when no one was on. However games installed on the computer, regular folders, or Microsoft Works programs open fine. I've kept the computer on the last few days since it took forever to boot up the other day.

I'm not great with computers and think it could obviously be malware or a virus, but I've also been reading up on the IDE controllers and whether they went into PIO mode. A day before all this started to happen, I tried to burn a DVD with DVDFab, but there was an error every time I tried (which might of benn 5 or 6 times). So I investigated on into programs running slowly on Vista and saw that maybe it has to with the PIO mode. You check each IDE channel, right click on properties, and right click on the advanced settings tab where under devices it'll list the mode for that particular IDE.

However my IDE channels do not list anything under the advanced settings tab except that 2 devices are supported. There are 3 things listed under the "IDE ATA/ATAAPI controllers"

-IDE Channel
-IDE Channel
-Standard Dual Channel PCI IDE Controller

The first IDE Channel says it's location is "Channel 0". The second IDE Channel says "Channel 1". The dual one says "PCI bus 0, device 20, function 1".

I was just wondering what some of you guys thought and whether I should try rebooting the system and enter bios and see if I could switch it there or not. Any advice would help....Thanks so much!!!

And I forgot to mention that when I put a CD into the drive it doesn't read it at all !!!

**Murf** · #2 November 14th, 2012, 04:49 AM

Welcome to CTH

Standard Dual Channel PCI IDE Controller - is a generic controller driver. It appears that maybe you do not have the motherboard controller drivers installed, as each motherboard has specific drivers.

Can you list the HP model? we can help find them.

Frotch11 · #3 November 14th, 2012, 06:56 PM

Not too sure on the problem but if you suspect malware it wouldn't hurt to run HiJackThis and post the log after scanning

dranger35 · #4 November 14th, 2012, 10:28 PM

So most of the time when I click on my computer (and also everytime I on click on the E drive, the DVD drive) it takes a good 30 seconds or more to read it or not at all. I ran the free MalwareBytes scan which resulted in 0 errors.

The computer is the HP Pavilion A6750F Desktop PC (2.3 GHz AMD Phenom X4 9650 Quad-Core Processor with 8 GB RAM and 750 GB Hard Drive

Here's the other specs
Motherboard - MS-7548 (Aspen)
Video - Nvidia GeForce GT 440 (upgraded from integrated ATI Radeon HD 3200
Sound/Audio - Integrated Realtek ALC888S Audio
Hard drive -750 GB
CD/DVD disc drive - DVD+/-R/RW 16X 12X +/-DL LS 12X RAM SuperMulti SATA drive

I know I may need to update drivers here and there, but sometimes I just don't do it since I'm not really a tech guy and the computer runs fine. I appreciate the help from everyone, thanks guys !! Running Hijackthis as we speak....Will post results soon...

dranger35 · #5 November 15th, 2012, 08:34 AM

Well here's the log file of Hijackthis. Not sure what the file missing means at the end of the last couple of itmes, but if anyone can help or point out potential problems I'd really appreciate it....Thanks !!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:32:12 AM, on 11/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Users\Baron\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sports.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: FoxmarksDLLBHO - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - C:\Program Files (x86)\Xmarks\IE Extension\foxmarksdll.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3627175128-288746599-264522394-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Baron\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Baron\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeyoutubetomp3converter.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog\BPGame.exe
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\foxmarksdll.dll (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\foxmarksdll.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC0204D3-8D84-4A40-8514-B1DB073973C3}: NameServer = 151.198.0.38,151.198.0.39
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11048 bytes

**Murf** · #6 November 16th, 2012, 04:08 PM

Firmware update for your DVD HERE

Chipset driver HERE

We do not read logs in this forum, we have a malware forum for that. Check the above drivers, and I am moving this over to the Malware forum for them to look at.

**Jintan** · #7 November 17th, 2012, 12:19 AM

Hello dranger35,

On 64 bit systems 32 bit scans like HijackThis display results incorrectly, like all those "(file missing)" entries. Adware showing in this log, so let's check further, then do some repairs.

The system is Vista, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
If avast! antivirus is already installed, just do the next step.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

dranger35 · #8 November 24th, 2012, 08:02 AM

Deleted

dranger35 · #9 November 24th, 2012, 08:05 AM

So sorry I haven't been on in awhile, I've been very busy. Here's the results of the OTX scan...

OTL log......

OTL logfile created on: 11/24/2012 1:20:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Baron\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 61.73% Memory free
16.04 Gb Paging File | 13.69 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 311.39 Gb Free Space | 45.45% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

Computer Name: BARON-PC | User Name: Baron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/24 01:18:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Baron\Downloads\OTL.exe
PRC - [2012/11/14 16:18:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Baron\Downloads\HijackThis.exe
PRC - [2012/10/26 18:43:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2010/09/13 08:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2008/02/28 10:57:54 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008/02/28 10:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/01/15 12:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/15 04:28:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\fb3f7dcfc0e32eb2db9d481ae090714c\System.Xm l.ni.dll
MOD - [2012/11/15 04:27:09 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/15 04:27:00 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni .dll
MOD - [2012/10/26 18:43:54 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/01 01:21:17 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/15 03:30:36 | 000,236,544 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 20:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2008/02/19 08:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/26 18:43:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/17 14:33:28 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/03 15:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/02/19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/15 03:29:00 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/15 03:28:20 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/15 03:28:20 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 10:45:23 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\cc HPx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 19:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SY MTDI.SYS -- (SYMTDI)
DRV:64bit: - [2011/09/21 19:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SY MFW.SYS -- (SYMFW)
DRV:64bit: - [2011/09/21 19:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SY MNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/14 19:39:34 | 000,059,480 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stdriver64.sys -- (stdriver)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/10 18:58:41 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/22 02:21:19 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SR TSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/22 02:21:19 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SY MEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/22 02:21:19 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\BH Drvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 02:21:19 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SR TSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/08/22 02:21:19 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/07/20 15:45:31 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/06/28 19:41:20 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/10/09 19:04:04 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/02/26 12:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/02/13 07:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 02:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/07/03 16:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2007/07/03 16:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 16:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 16:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2007/03/22 12:57:14 | 000,007,680 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\elauni64.sys -- (elaunidr)
DRV:64bit: - [2007/03/22 12:57:12 | 000,042,496 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\elagop64.sys -- (elagopro)
DRV - [2012/11/12 10:17:24 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2012112 3.020\ex64.sys -- (NAVEX15)
DRV - [2012/11/12 10:17:24 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/11/12 10:17:24 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2012112 3.020\eng64.sys -- (NAVENG)
DRV - [2012/11/10 18:33:20 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20121123. 001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/07/31 19:34:21 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {797D1CEA-975D-4D20-9E4A-3465A854B8BC}
IE:64bit: - HKLM\..\SearchScopes\{797D1CEA-975D-4D20-9E4A-3465A854B8BC}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9D367194-31E6-4453-96CD-E4E56088E817}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{797D1CEA-975D-4D20-9E4A-3465A854B8BC}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{9D367194-31E6-4453-96CD-E4E56088E817}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2269050

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sports.yahoo.com/
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\..\SearchScopes,DefaultScope = {EA7DD814-DD17-4EFC-9B46-307FF092E4FF}
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\..\SearchScopes\{797D1CEA-975D-4D20-9E4A-3465A854B8BC}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\..\SearchScopes\{82BB17CD-0EF6-4ACE-8AB0-38651DC8C81F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1587&src=kw&q={search Terms}&locale=en_US&apn_ptnrs=^AA9&apn_dtid=^YYYYY Y^SF^US&apn_uid=64f13538-8c16-4e45-8422-5b100f01e542&apn_sauid=92BDEC22-BA38-4E3A-9470-EB8DA7CAF7B6
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2269050
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\..\SearchScopes\{EA7DD814-DD17-4EFC-9B46-307FF092E4FF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3627175128-288746599-264522394-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKU\S-1-5-21-3627175128-288746599-264522394-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sports.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: nosquint@urandom.ca:2.1.6
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:17.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Baron\AppData\Roaming\Facebook\npfbplugin _1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Baron\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 10:09:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:43:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\moveplayer@movenetworks.com: C:\Users\Baron\AppData\Roaming\Move Networks [2010/02/10 13:22:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:43:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:43:48 | 000,000,000 | ---D | M]

[2009/06/10 22:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Baron\AppData\Roaming\Mozilla\Extensions
[2012/11/23 21:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions
[2012/11/12 21:04:40 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/08 10:20:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 18:00:40 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2012/10/03 07:06:05 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\foxmarks@kei.com
[2011/03/24 14:14:29 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\personas@christo pher.beard
[2012/09/01 09:22:46 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\nosquint@urandom .ca.xpi
[2012/11/22 21:40:51 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/08/30 09:26:28 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/23 21:40:57 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/07/30 22:09:36 | 000,002,571 | ---- | M] () -- C:\Users\Baron\AppData\Roaming\Mozilla\Firefox\Pro files\26bb3bzq.default\searchplugins\askcom.xml
[2012/11/23 12:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/26 18:43:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/26 18:43:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/15 04:34:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/26 18:43:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012/08/29 13:05:53 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/18 22:15:02 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3627175128-288746599-264522394-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3627175128-288746599-264522394-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3627175128-288746599-264522394-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-3627175128-288746599-264522394-1003..\Run: [HPADVISOR] File not found
O4 - HKU\S-1-5-21-3627175128-288746599-264522394-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3627175128-288746599-264522394-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Pl ugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Baron\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3627175128-288746599-264522394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3627175128-288746599-264522394-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Baron\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Baron\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Baron\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Baron\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3627175128-288746599-264522394-1003\..Trusted Ranges: Range1 ([http] in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.250.0.12 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{9657D2B6-87E2-425B-A76E-0E0B9ECA0564}: DhcpNameServer = 71.250.0.12 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A7D8DFE6-09EE-445F-92FC-747573DCC174}: DhcpNameServer = 71.250.0.12 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{DC0204D3-8D84-4A40-8514-B1DB073973C3}: DhcpNameServer = 71.250.0.12 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{DC0204D3-8D84-4A40-8514-B1DB073973C3}: NameServer = 151.198.0.38,151.198.0.39
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Baron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Baron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3b9f6f2d-561a-11de-a959-002421508017}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 00:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/11/19 12:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/11/19 11:36:06 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/11/19 11:36:06 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/11/19 03:38:33 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012/11/15 04:34:03 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/11/15 04:34:03 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/11/15 04:34:03 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/11/15 03:33:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/15 03:33:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/15 03:33:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/15 03:33:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/15 03:33:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/15 03:33:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/15 03:33:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/15 03:33:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/15 03:33:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/15 03:33:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/15 03:33:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/15 03:33:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/15 03:33:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/15 03:33:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/15 03:32:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/15 03:22:34 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 03:22:34 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/13 14:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2012/11/13 14:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2012/11/12 21:50:42 | 000,000,000 | ---D | C] -- C:\Users\Baron\AppData\Local\Microsoft Corporation
[2012/11/12 21:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2012/11/12 21:46:19 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/11/06 19:25:29 | 000,000,000 | ---D | C] -- C:\Users\Baron\Desktop\a
[2012/11/06 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\Baron\AppData\Roaming\HandBrake
[2012/11/06 14:28:45 | 000,000,000 | ---D | C] -- C:\Users\Baron\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Handbrake
[2012/11/06 14:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake
[2012/10/26 18:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2009/06/28 19:41:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Baron\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/11/24 01:17:59 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 00:49:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 00:49:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:18:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 12:49:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/19 11:00:12 | 000,002,032 | ---- | M] () -- C:\Users\Baron\AppData\Local\d3d9caps.dat
[2012/11/19 10:58:20 | 000,001,460 | ---- | M] () -- C:\Users\Baron\AppData\Local\d3d9caps64.dat
[2012/11/15 04:24:01 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/15 04:24:01 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/15 04:24:01 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/15 04:15:26 | 000,331,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/13 01:05:01 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBaron.job
[2012/11/12 21:49:32 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/11/06 18:33:27 | 000,002,001 | ---- | M] () -- C:\Users\Baron\Desktop\The Hunger Games1.iso
[2012/11/06 18:17:27 | 1718,464,870 | ---- | M] () -- C:\Users\Baron\Desktop\The Hunger Games.m4v
[2012/11/06 15:47:20 | 434,403,072 | ---- | M] () -- C:\Users\Baron\Desktop\The Hunger Games.mp4

========== Files Created - No Company Name ==========

[2012/11/12 21:49:32 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/11/12 21:48:23 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/11/06 18:33:26 | 000,002,001 | ---- | C] () -- C:\Users\Baron\Desktop\The Hunger Games1.iso
[2012/11/06 16:37:20 | 1718,464,870 | ---- | C] () -- C:\Users\Baron\Desktop\The Hunger Games.m4v
[2012/11/06 14:46:16 | 434,403,072 | ---- | C] () -- C:\Users\Baron\Desktop\The Hunger Games.mp4
[2012/07/15 03:49:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/12 23:59:47 | 000,000,896 | ---- | C] () -- C:\Users\Baron\.recently-used.xbel
[2009/06/28 19:41:20 | 000,099,384 | ---- | C] () -- C:\Users\Baron\AppData\Roaming\inst.exe
[2009/06/28 19:41:20 | 000,007,859 | ---- | C] () -- C:\Users\Baron\AppData\Roaming\pcouffin.cat
[2009/06/28 19:41:20 | 000,001,167 | ---- | C] () -- C:\Users\Baron\AppData\Roaming\pcouffin.inf
[2009/06/11 15:46:39 | 000,020,012 | ---- | C] () -- C:\Users\Baron\AppData\Roaming\wklnhst.dat
[2009/06/11 10:48:53 | 000,002,032 | ---- | C] () -- C:\Users\Baron\AppData\Local\d3d9caps.dat
[2009/06/10 23:35:46 | 000,222,208 | ---- | C] () -- C:\Users\Baron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/10 18:59:49 | 000,001,460 | ---- | C] () -- C:\Users\Baron\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:89C6F032

< End of report >

dranger35 · #10 November 24th, 2012, 08:06 AM

And here's the Extras.txt log....

OTL Extras logfile created on: 11/24/2012 1:28:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Baron\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 4.93 Gb Available Physical Memory | 61.73% Memory free
16.04 Gb Paging File | 13.69 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 311.39 Gb Free Space | 45.45% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

Computer Name: BARON-PC | User Name: Baron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3627175128-288746599-264522394-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E3 60 4E A9 3E 32 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{022005AD-474F-409D-AA35-05EF687E9166}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D05B09D-8837-48DB-BA31-8E807128A4F5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0D156A81-00BC-4F71-9471-E084E754E310}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EB1BD90-A153-4E7C-A2B1-29824B467227}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1998D037-728F-4E94-A157-12C5DA0CCC95}" = rport=445 | protocol=6 | dir=out | app=system |
"{1CA7C5C7-7916-4F82-A483-62DFAC6C367E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{206EEE99-FF8D-4D24-BC01-CF0DBCFD20E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B4BB448-4A4C-4F8D-A539-236C5A60F86C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2C867E9F-DFF7-4312-A3F6-74367C92C576}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D924804-86C3-41EC-A6B5-0A68FD76BB97}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3E5DD5E0-83E2-4B46-A0B6-25083C6203FC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3E8E6212-F89F-46F1-B6A2-0397A0F342E5}" = rport=10244 | protocol=6 | dir=out | app=system |
"{40B28370-D16D-41C2-902E-F2698ED2181C}" = lport=137 | protocol=17 | dir=in | app=system |
"{44072688-E3EF-46FA-AD01-BABE08A855D0}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{595ACC5B-4939-4B53-AB03-88F5A8ACC17F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6BB86A48-4124-466E-9B93-C3A1B75FAA55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77619D8E-0AD5-44A2-A233-63923D53D431}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{7C454F04-4CA2-46F6-8E04-39BB12029898}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C97C69E-8343-4DF8-847B-8DC15577AB57}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7E37F59F-C019-45CC-A913-78B1C4A76C1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FD31DE8-FBCC-4A0A-9EF8-F02C8F647DA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B6BB39E-BE30-48C7-B3FF-84CE8848C00C}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CD3E94C-16CD-46F4-BA36-B3B8D4692CBA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{978DEDE6-4CCA-4224-9EE9-4B097550A75D}" = rport=139 | protocol=6 | dir=out | app=system |
"{9A8D1E4D-1F51-4542-B02F-E78FBC5EE46B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9AF350B8-9557-4FA3-B57C-251A09E4A6A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FEF9CB4-D78C-479F-8E44-2A05400A88A9}" = lport=445 | protocol=6 | dir=in | app=system |
"{A39C6AFB-CA11-4CED-B0C2-22D50D544844}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF6DB099-89F8-4D52-AED8-7B0E44F0BAB1}" = lport=50001 | protocol=17 | dir=in | name=iha_messagecenter |
"{BAF82A7F-B21F-4801-A931-C80F13B7A30C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{BEC4FC22-F861-439E-BF75-47B298C12092}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BEECE22F-B002-46DA-A152-3AADF875FBC2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C811AEB9-5315-4B5D-909B-E0EA8C492E09}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C86545EC-A79F-492A-BCEB-06E9B1F03568}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8840D3D-1157-458E-A7DD-F76BAAC7AC08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC1DEE51-5D51-4E32-BA99-D4AB2015286F}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF50820D-1FD3-4ED2-8F8C-9796D6098E0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3B241DF-8158-4F18-9BC4-7951DD3C17CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{E38DFF00-B45D-48F1-A934-F75FC056FB6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4F96B50-F0B3-4E99-B417-E37A03C87233}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EDB9AB75-8113-49F1-B770-0682C14D1B7D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE093EE1-384C-4A92-8428-CB8F379079EF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F68061D0-5404-40DC-AB90-D5F1CB97CB4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA313474-5A9B-439D-9C98-0C6CA7A4FE28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{01801A11-A81D-4A55-8953-5F42CCA8899B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0B866CE1-5EB0-454D-BD88-9A6DA1AEEAFB}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{0EA010CE-0DBF-4DE3-95F9-6F7AABF61B3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{10E5CB2A-F8D2-4CCC-80E4-4774501D215E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{111F2F42-2D4F-4691-AB07-0262EECC4AD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{185D87BF-28DB-4A3A-B461-DEDDD85CBCC5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{1AB76711-BBEE-4D5B-BCBB-9F09F90076B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{1C11EF7C-8C20-4383-98C4-F4130050A26D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1EB4CC08-58E4-4283-85BE-3A1BFA194514}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{1F67CDEE-7B36-4B4C-8190-44365158A10F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{22BD848F-0924-4AD6-9EA3-FB5D871F228B}" = protocol=6 | dir=out | app=system |
"{22CAAAF7-8BA9-4C85-AFF0-BC7A81673615}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{29A6F45E-120B-4816-BF8E-4A40EDE4074B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{29ECB8D6-B968-4B6B-AB52-6C734DD6C24C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C0FB64D-66EA-4EEC-92EA-5512F6A3BD28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2DA9FA5E-F4E1-4359-9AA5-D7574DDCFBB5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{3AAEFD30-62DF-4128-BABF-C8C8A88C3771}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{41649415-E5AD-47E3-86B7-1222815EF17F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44BFD431-F5E6-434F-8A36-96B3BBB9603A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{452BCA46-714E-4D9B-9A1C-A3F27A428E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{4E1D5F53-8992-4EF9-AFE9-D96819918402}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52E1970E-36B9-4F11-8912-723A05C53E63}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{53B46BE4-6FBC-41BC-80AD-DEAC87DFC583}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{55EFD290-B2A3-440A-B40B-138A7B8B65EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59EC281B-7FEC-49EB-9B0D-F7E749E20671}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{5E7690E1-1001-4127-80FD-B40172C8FCC4}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{61BF5358-93A7-44D7-BC34-FBCE0A284E18}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62D5E3B3-B97D-4FEB-BF36-5AC7DCA50595}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{69CBAFEC-3EA5-4D24-81DA-B8D625AAB00D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{6E9EB1B2-DE2D-43A2-8E3A-308A34A30615}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{70CB0229-FE93-45BA-A527-08ED8D338EBE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{749923F1-12FC-4754-BD67-28B891D24470}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{760CC303-C97D-4074-B4AA-1B763A288440}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{770D5F45-B4B2-4059-A020-CFACC81EF03A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{78777702-96C7-4CE8-9D4A-3DA8D85E9CA9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{81082643-C5ED-48EC-9AFE-46835BE1DFEA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{8A8D9885-4E34-45A4-88ED-0BFE016E98DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{8AFEEAC1-9741-4481-9D6D-4A2D5304935B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{960C8543-3D2A-455E-8C5F-7A8662DCB1B5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkps wx.exe |
"{9A594100-C153-4807-898D-A7FE4B491449}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A080C18D-D34F-4906-8261-B98E1A1836F7}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A1F276CF-2FF8-4208-BD56-5B560C988F04}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A381F56A-6AA1-4B60-997C-1597ABE6FFD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5F8CCC1-FBF7-4385-A565-98367DD73DEA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A78A08F4-5743-4273-A425-991EF241F617}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{A91AA978-D386-4B89-BA3D-24891D73E6FB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkps wx.exe |
"{AA0414E9-9BCB-4C93-BEF1-7DAEEF42496D}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{AA329A6B-7F5F-46F3-97A3-C600D2E03BAC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B09EBA28-36D4-4B03-90F8-6D70894ADF02}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{B8081EC0-3DF0-4408-88E0-7AF3B1762588}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{B891E3D3-3F92-4D35-95F0-F7BA33D80E7E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C0D31951-B0CE-4A27-9CEA-40578B6C1141}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C39C011F-86D8-4357-A266-2FA71DD02A16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C51F2BBA-5BFD-44D8-BB4F-7C9240DCD2F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6FD44D1-A236-4470-B6DF-F4F78520640E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C9BB8356-4302-466D-A025-2CF109691271}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CB00E31B-D0E2-41B0-8DE5-556DC9FEEFAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{CE22DC87-1B81-4525-819E-E7D2B38833AE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1C4E791-960F-4443-9B8F-13237594163D}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{D26E3D00-714F-47F2-AED8-D7B4E9AB58D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{D448DE35-84FE-4BF7-8D63-5B785ECEF348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D55DB54D-6D06-4460-9D4B-372E8F689D19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D8EEE54C-7D16-4AC3-9C68-B6542921B13C}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{E00BE5A6-F372-429A-A282-4B368BA9F30B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E1483CBE-872E-4BE3-8EFA-0BE633C78899}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3FB06AB-5AD8-4DAB-AD9F-4193F83886F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4C36E2C-D508-4BC2-BF91-9E6D43ECF358}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E7CA2C1A-C50A-40E7-AD4A-28694483B5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{E7F0FD84-A78C-4747-AA55-EEAAB09BBEB0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E8EC44C9-6C85-41C4-811A-B32C95F25D8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{E9011899-1713-4C6F-AFC0-2877D5DA8393}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEFCE0E0-C252-4C0C-898E-3F98B670FBA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2793889-9CEF-41CA-A329-C0D3C2E50BEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4675CEB-D32A-44D3-A8DF-A59B181E0D76}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FEBDFD38-3F40-4F94-8158-1EB2E435E60A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{FEDC14E3-2623-4119-A89F-5E886D2DAA99}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"TCP Query User{059DBBC3-6BDB-46FB-8B6B-67D7A4F4821C}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe |
"TCP Query User{31164954-6DEF-4D02-98D2-432C264DC5E8}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{3F4E0A9C-F5C6-43D9-8ACE-E8D671217262}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{6896085B-23ED-437B-8D4C-C5BF32F8BA30}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"TCP Query User{7F760C6E-5FD1-403B-ACC7-E972D90F242A}C:\users\baron\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\baron\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{A50BFA29-D9C7-4EB6-851B-438B5C19533B}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{09BA36DB-92B3-4869-AFBD-31E4E9D46C26}C:\users\baron\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\baron\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{38444554-C39E-4EFF-A0F8-AE5AA08F6F83}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{52A9ABD4-E36F-42DC-BEC8-09D23FED017B}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{DC2AB020-F044-453F-BA05-77E5A267FBDD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E464A0A1-3850-4C35-9B29-6CB29577080D}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe |
"UDP Query User{EECEFB84-FFD2-40E4-8318-266265E26CF7}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F348D06-DA58-4A91-B9AB-45849643F80A}" = Play withSIX
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D161FB9-98B8-399B-1029-D6EFE4F7250F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5B48A19-F319-6BFB-82DE-A18ED1087221}" = Acrobat.com
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BF84A6C6-B9F8-4F5A-8DC2-82D5EBB750C5}" = Xmarks for IE
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E913F678-7BAC-4C3D-A8ED-C19E13D3BAD0}" = DayZ Commander
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EDA40AA1-070C-48D1-9D77-50602BCDA95E}" = Verizon Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BFGC" = Big Fish Games Client
"BFG-The Price is Right" = The Price is Right
"BitComet" = BitComet 1.12
"Bodog Casino" = Bodog Casino
"Bodog Poker_is1" = Bodog Poker
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
"DVDFab 6_is1" = DVDFab 6.0.2.0 (June 24, 2009)
"DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"intelliScore Ensemble WAV to MIDI Converter Demo" = intelliScore Ensemble WAV to MIDI Converter Demo
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mission Against Terror Online_is1" = MATonline2.1.6.325
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Okoker MP3 To AMR Converter_is1" = Okoker MP3 To AMR Converter 6.0
"Premier Jeweler Software - V" = Premier Jeweler Software - V
"QCP Converter" = QCP Converter
"Recordpad" = RecordPad Sound Recorder
"SoundTap" = SoundTap Streaming Audio Recorder
"sp41099" = sp41099
"sp44626" = sp44626
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Switch" = Switch Sound File Converter
"The Hidden Object Show1.0" = The Hidden Object Show
"Uninstall_is1" = Uninstall 1.0.0.1
"Verizon Online DSL_is1" = Verizon Online DSL
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3627175128-288746599-264522394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/28/2011 1:47:03 PM | Computer Name = Baron-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 6/12/2009 12:44:38 AM | Computer Name = Baron-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/7/2011 9:17:16 PM | Computer Name = Baron-PC | Source = McrMgr | ID = 107
Description =

Error - 12/7/2011 9:17:20 PM | Computer Name = Baron-PC | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 11/21/2012 10:02:17 AM | Computer Name = Baron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/21/2012 10:07:38 AM | Computer Name = Baron-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Lexmark X1100 Series with
shared resource name Lexmark X1100 Series. Error 2114. The printer cannot be used
by others on the network.

Error - 11/21/2012 10:09:02 AM | Computer Name = Baron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/21/2012 10:13:00 AM | Computer Name = Baron-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/22/2012 12:34:41 PM | Computer Name = Baron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/22/2012 12:41:28 PM | Computer Name = Baron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/22/2012 12:44:10 PM | Computer Name = Baron-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/22/2012 12:46:26 PM | Computer Name = Baron-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/23/2012 1:44:11 PM | Computer Name = Baron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/23/2012 1:50:46 PM | Computer Name = Baron-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

dranger35 · #11 November 24th, 2012, 10:11 AM

Gmer scan results...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-24 03:51:05
Windows 6.0.6002 Service Pack 2
Running: 6onk0lf7.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x1F 0x78 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0xCC 0x14 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x49 0x69 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x1F 0x78 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0xCC 0x14 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x49 0x69 0x78 ...

---- EOF - GMER 1.0.15 ----

**Jintan** · #12 November 24th, 2012, 11:22 PM

Hmm, well, all of what Gmer found was Daemon Tolls rootkit-like settings. No aswMBR scan log though, to verify against that.

Download DeFogger to your desktop.

Double click DeFogger to run the tool.

Click the Disable button to disable your CD Emulation drivers, then click Yes to continue.

When the 'Finished!' message appears just click OK.

DeFogger will now ask to reboot the machine - click OK.

DeFogger will create a defogger_disable log on your desktop - post this in your next reply please.

Note: Do not re-enable these drivers until otherwise instructed.

--------

Then go ahead and run Gmer again, and the aswMBR log I first asked for, and post those please.

Since it can be the source of problems too often, how much time do you have left on your Norton subscription there please?

dranger35 · #13 December 3rd, 2012, 08:25 AM

Here's the defogger scan result and the GMER update one. I'm going to scan with Avast overnight and post the results tomorrow. There's 253 days on the Norton subscription, which I renewed in Agusut I believe.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:09 on 02/12/2012 (Baron)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

GMER results
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-03 02:11:57
Windows 6.0.6002 Service Pack 2
Running: 6onk0lf7.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x1F 0x78 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0xCC 0x14 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x49 0x69 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x1F 0x78 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4B 0xCC 0x14 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x49 0x69 0x78 ...

---- EOF - GMER 1.0.15 ----

dranger35 · #14 December 3rd, 2012, 07:54 PM

Avast Scan

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-03 04:39:52
-----------------------------
04:39:52.881 OS Version: Windows x64 6.0.6002 Service Pack 2
04:39:52.881 Number of processors: 4 586 0x203
04:39:52.881 ComputerName: BARON-PC UserName: Baron
04:39:56.204 Initialize success
04:50:29.339 AVAST engine defs: 12120200
04:51:11.865 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
04:51:11.865 Disk 0 Vendor: AMD_____ 1.10 Size: 715255MB BusType: 8
04:51:11.927 Disk 0 MBR read successfully
04:51:11.927 Disk 0 MBR scan
04:51:11.943 Disk 0 unknown MBR code
04:51:11.974 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 701525 MB offset 63
04:51:12.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13727 MB offset 1436725080
04:51:12.099 Disk 0 scanning C:\Windows\system32\drivers
04:51:27.402 Service scanning
04:51:57.058 Modules scanning
04:51:57.058 Disk 0 trace - called modules:
04:51:57.073 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll ahcix64s.sys
04:51:57.089 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096d16f0]
04:51:57.604 3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> [0xfffffa800837d7c0]
04:51:57.604 5 acpi.sys[fffffa60008f4fde] -> nt!IofCallDriver -> \Device\00000064[0xfffffa800837d9e0]
04:52:02.253 AVAST engine scan C:\Windows
04:52:09.912 AVAST engine scan C:\Windows\system32
04:57:44.314 AVAST engine scan C:\Windows\system32\drivers
04:58:08.463 AVAST engine scan C:\Users\Baron
06:22:31.099 AVAST engine scan C:\ProgramData
06:46:19.079 Scan finished successfully
13:49:53.118 Disk 0 MBR has been saved successfully to "C:\Users\Baron\Downloads\MBR.dat"
13:49:53.149 The log file has been saved successfully to "C:\Users\Baron\Downloads\aswMBR.txt"

**Jintan** · #15 December 4th, 2012, 12:51 AM

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement

.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
running slowwwww-Moved by Murf	kickers	Malware Removal	10	September 14th, 2015 05:28 AM
Problem running game form shortcut.. (moved from Vista)	capt k	Gaming	12	May 3rd, 2009 04:12 AM
Please help - can't update Vista, or access certain websites (Moved by Murf - Vista)	Focusm	Malware Removal	1	September 11th, 2008 07:09 PM
computer running very slow! (Moved by Murf)	runningbear	Malware Removal	6	September 17th, 2006 02:12 AM
Startup Programs (Moved by Murf)	TrustNo1	Malware Removal	2	August 25th, 2006 01:41 AM