[lruizm]

Hello, I was wondering if you could help with this problem. It's been a while since the message "windows cannot access the specified device, path, or file. You May not have the appropriate perssions to access the item." and I knew there was something wrong but didn't think it could actually get worse... first it appeared when I wanted to open the disk clean-up, then when I wanted to install a the registrybooster, but everything else worked fine. Now, it's horrible and I cannot install or uninstall any kind of program. The message also appears at start-up and some other times RANDOMLY (I haven't quite discovered exactly when the message appears) so now it is kind of driving me crazy, if you could please please help me, i would really appreciate it!


thanks a lot!

Larissa

[Advertisements]

Hi
. My name is Michael and I am here to help you fix your computer.
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read.
• Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
• Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

For the programs that don't want to run (You get a permissions error) do the following:

Download this program

Drag each of the .exe files that you are unable to run and drop them onto Inherit.exe.

Then wait for it to say "OK". The programs should run fine after doing that.

Note: Dragging shortcuts to Inherit.exe will not work. To see what files shortcuts point to you will need to right-click the shortcut and select "Properties."
The .exe file that you will have to drag onto Inherit.exe is listed next to "Target"

If Inherit.exe does not fix your problem with a certain program you will have to uninstall and reinstall the malfunctioning program for it to work properly.

Next:

If any of the below programs give you a permissions error when run, use the file above as instructed


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Next:



OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Next:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
Please copy and paste the report into your Post.

[michaelg9]

Hi
. My name is Michael and I am here to help you fix your computer.
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read.
• Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
• Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

For the programs that don't want to run (You get a permissions error) do the following:

Download this program

Drag each of the .exe files that you are unable to run and drop them onto Inherit.exe.

Then wait for it to say "OK". The programs should run fine after doing that.

Note: Dragging shortcuts to Inherit.exe will not work. To see what files shortcuts point to you will need to right-click the shortcut and select "Properties."
The .exe file that you will have to drag onto Inherit.exe is listed next to "Target"

If Inherit.exe does not fix your problem with a certain program you will have to uninstall and reinstall the malfunctioning program for it to work properly.

Next:

If any of the below programs give you a permissions error when run, use the file above as instructed


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Next:



OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Next:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
Please copy and paste the report into your Post.

[lruizm]

Hi,

thanks for the quick response

So, I tried to do what you asked with the inherit.exe program but the message still appears and it doesn't run properly... you said that I should uninstall and reinstall the program if it doesn't work correctly, but as I told you before, I CANT uninstall or install anything. Should I continue with the rest of the steps???

Thanks!

[michaelg9]

Yes, try to run the rest and tell me if you get that error

[lruizm]

HI!

I ran the combofix, a bunch of little windows appeared to tell me exactly the same (that i dont have any permission to anything), but in the end there was no log file...

i ran all of the other things and here are the requested files.

OTL


OTL logfile created on: 29/11/2010 08:23:40 p.m. - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.32 Gb Total Space | 34.65 Gb Free Space | 12.02% Space Free | Partition Type: NTFS

Computer Name: POR-DESIGNAR | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 20:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/08 22:43:48 | 000,828,928 | ---- | M] (Security Stronghold) -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe
PRC - [2010/09/16 14:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/15 12:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/03 03:37:41 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/21 04:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/27 19:53:25 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
PRC - [2009/07/16 14:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2008/10/24 02:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/06/17 23:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/04/10 13:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/02/01 15:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/01/23 16:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007/12/11 17:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2007/12/04 11:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/28 18:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe
PRC - [2007/11/28 16:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe
PRC - [2007/11/04 20:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/15 12:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 11:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/04/19 20:25:18 | 018,847,920 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files (x86)\Adobe\Adobe Flash CS3\Flash.exe
PRC - [2007/02/07 02:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe


========== Modules (SafeList) ==========

MOD - [2010/11/29 20:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/12/08 19:19:44 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
MOD - [2009/11/22 18:04:59 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/29 15:30:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009/04/28 19:13:20 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\MSVCP71.dll
MOD - [2008/03/03 18:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\MSVCR71.dll
MOD - [2008/01/20 20:51:11 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
MOD - [2008/01/20 20:49:29 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll
MOD - [2008/01/20 20:48:31 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2008/01/20 20:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/12/04 10:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
MOD - [2006/11/02 02:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2006/07/12 17:55:00 | 000,056,832 | R--- | M] (Cognizance Corporation) -- C:\Windows\SysWOW64\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 11:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2010/11/29 19:46:26 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/08 22:43:48 | 000,828,928 | ---- | M] (Security Stronghold) [Auto | Running] -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe -- (TrueSwordSchedulerService)
SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/03 14:25:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/09 23:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/15 04:53:14 | 006,447,744 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/07 02:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 19:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/08 20:00:00 | 000,055,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 21:56:34 | 000,588,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:64bit: - [2009/01/09 08:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/08 17:23:00 | 000,055,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/06/03 15:41:50 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 11:21:00 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/05/20 11:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/13 00:35:28 | 001,836,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/09 19:58:09 | 000,140,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) RMCAST (Pgm)
DRV:64bit: - [2008/05/07 03:40:38 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/05 19:57:10 | 001,132,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/03/20 22:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/03/16 18:42:30 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/03/16 18:42:28 | 000,121,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/03/16 18:42:26 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/02/15 19:27:18 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 15:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/28 20:46:58 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/01/20 20:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 20:46:55 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/12/18 18:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/08/02 22:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/06/25 03:42:30 | 000,130,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV:64bit: - [2007/06/25 03:42:30 | 000,123,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117obex.sys -- (s117obex)
DRV:64bit: - [2007/06/25 03:42:30 | 000,031,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV:64bit: - [2007/06/25 03:42:24 | 000,144,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007/06/25 03:42:24 | 000,125,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/25 03:42:24 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007/06/25 03:42:22 | 000,108,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV:64bit: - [2007/06/16 22:28:16 | 000,217,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2006/10/27 07:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/29 06:04:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/29 06:04:39 | 000,000,000 | ---D | M]

[2009/04/12 14:24:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/04/12 14:24:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/11/27 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions
[2010/04/28 13:36:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/03 16:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/03/16 15:29:25 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/11/09 23:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/11/13 05:58:42 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/25 16:55:43 | 000,000,000 | ---D | M] (TenchisTV Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2010/08/16 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\[email protected]
[2009/12/09 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\[email protected]
[2010/03/16 15:29:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\[email protected]
[2010/11/27 16:35:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/26 18:20:45 | 000,002,604 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
O1 - Hosts: 39 more lines...
O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files (x86)\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TenchisTV Toolbar) - {ECE24DCF-8548-4655-B392-47A388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Active Web Reader] C:\Program Files (x86)\Deskshare\Active Web Reader\Active Web Reader.exe File not found
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Egypt!!!!!!\P5071065.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Egypt!!!!!!\P5071065.JPG
O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\iiffDVnn) - File not found
O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\iiffDVnn) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5b8883d3-fde8-11dd-974c-0015affd39ac}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{5b8883d3-fde8-11dd-974c-0015affd39ac}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{6b1d7dd2-8e9a-11de-8a53-fae2e76d49bc}\Shell\AutoRun\command - "" = RECYCLER\winusb.exe
O33 - MountPoints2\{6b1d7dd2-8e9a-11de-8a53-fae2e76d49bc}\Shell\OpEn\CoMmAnD - "" = RECYCLER\winusb.exe
O33 - MountPoints2\{76878fcd-453b-11de-9e37-9cebdfa79c19}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe -- File not found
O33 - MountPoints2\{76878fcd-453b-11de-9e37-9cebdfa79c19}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe -- File not found
O33 - MountPoints2\{77c99522-b735-11dd-8bcd-8be90bdd1752}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
O33 - MountPoints2\{77c99522-b735-11dd-8bcd-8be90bdd1752}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
O33 - MountPoints2\{8cdab913-5b04-11dd-bf8e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8cdab913-5b04-11dd-bf8e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{9c72fd94-6a45-11dd-9e86-0015affd39ac}\Shell - "" = AutoRun
O33 - MountPoints2\{9c72fd94-6a45-11dd-9e86-0015affd39ac}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{da7861d1-2f57-11de-8d57-82a3e7cff204}\Shell - "" = AutoRun
O33 - MountPoints2\{da7861d1-2f57-11de-8d57-82a3e7cff204}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e4611ea4-e7ce-11dd-8ac0-0015affd39ac}\Shell\AutoRun - "" = Autorun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.I420 - lvcod64.dll ()
Drivers32:64bit: wave2 - serwvdrv.dll ()
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\\Windows\\system32\\iac25_32.ax ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo - C:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mp42 - MPG4C32.dll File not found
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll File not found
Drivers32: vidc.VP61 - vp6vfw.dll File not found
Drivers32: vidc.VP62 - vp6vfw.dll File not found
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: wave2 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TrustedInstaller - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TrustedInstaller - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: TrustedInstaller - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: TrustedInstaller - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1EC2A9FD-6C51-FFFC-BED8-2598519C78B4} - LightScribe Control Panel
ActiveX: {1FA7A8B7-34CF-5C98-2829-2B13D0E66C03} - Adobe Shockwave Director 11.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3CB041A3-B01B-301B-F403-6422312C6B63} - LightScribe Control Panel
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {870DE155-687B-DF21-6244-EFD38038C028} - Microsoft VM
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/11/29 20:04:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/11/29 20:02:22 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/26 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\True Sword 5
[2010/11/26 18:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\True Sword 5
[2010/11/26 17:43:44 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010/11/26 17:43:44 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2010/11/26 17:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Cannot Find Fix Wizard
[2010/11/26 11:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/11/23 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Mich
[2010/11/15 21:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/15 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/14 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\VIDEOS RESTANTES
[2010/06/13 10:20:08 | 001,228,360 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\InDesign_7_LS1.exe
[2010/06/04 05:09:34 | 004,072,584 | ---- | C] (Uniblue Systems Ltd ) -- C:\Program Files (x86)\registrybooster.exe
[2010/01/09 10:47:17 | 007,324,037 | ---- | C] (AoAMedia.com ) -- C:\Program Files (x86)\aoaaudioextractor.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 20:25:09 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{284267D1-CC92-4C3D-AF46-6C21F23F5321}.job
[2010/11/29 20:04:28 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 20:04:28 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/29 20:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/11/29 20:02:10 | 000,235,837 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/29 20:02:10 | 000,235,837 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/29 19:59:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3862716988-2361750683-3962962596-1000UA.job
[2010/11/29 19:50:33 | 003,982,422 | ---- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/11/29 19:46:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/29 06:01:47 | 000,000,004 | ---- | M] () -- C:\Users\Owner\tray.pid
[2010/11/29 06:00:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/29 06:00:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/11/29 05:58:37 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/28 23:36:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/26 18:03:23 | 000,001,774 | ---- | M] () -- C:\Users\Owner\Desktop\True Sword.lnk
[2010/11/26 17:48:42 | 000,001,441 | ---- | M] () -- C:\Users\Owner\Documents\Receipt.rtf
[2010/11/26 17:43:45 | 000,001,999 | ---- | M] () -- C:\Users\Owner\Desktop\Windows Cannot Find Fix Wizard.lnk
[2010/11/26 16:53:03 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/26 16:53:03 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/26 16:53:03 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/26 10:25:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/11/26 10:24:48 | 007,304,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/25 03:59:00 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3862716988-2361750683-3962962596-1000Core.job
[2010/11/23 11:26:43 | 000,065,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 13:16:20 | 000,180,506 | ---- | M] () -- C:\Users\Owner\Desktop\PRESENTACION POLSA.pptx
[2010/11/16 17:44:55 | 000,000,543 | ---- | M] () -- C:\Windows\cedt.INI
[2010/11/15 21:51:41 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/15 14:32:45 | 000,161,792 | ---- | M] () -- C:\Users\Owner\Desktop\poliuretanos y base de datos.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/29 19:50:32 | 003,982,422 | ---- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/11/26 18:00:43 | 000,001,774 | ---- | C] () -- C:\Users\Owner\Desktop\True Sword.lnk
[2010/11/26 17:48:42 | 000,001,441 | ---- | C] () -- C:\Users\Owner\Documents\Receipt.rtf
[2010/11/26 17:43:45 | 000,001,999 | ---- | C] () -- C:\Users\Owner\Desktop\Windows Cannot Find Fix Wizard.lnk
[2010/11/18 13:17:42 | 000,180,506 | ---- | C] () -- C:\Users\Owner\Desktop\PRESENTACION POLSA.pptx
[2010/11/15 21:51:41 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/15 13:31:19 | 000,161,792 | ---- | C] () -- C:\Users\Owner\Desktop\poliuretanos y base de datos.doc
[2010/10/08 13:01:09 | 000,000,012 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ldcpfk.dat
[2010/09/28 21:48:54 | 000,000,077 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/28 21:06:10 | 000,000,807 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/28 21:04:35 | 000,561,004 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI5668.txt
[2010/09/28 21:04:34 | 000,012,198 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI5668.txt
[2010/09/17 15:01:49 | 000,002,430 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI654B.txt
[2010/09/17 15:01:48 | 000,011,466 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI654B.txt
[2010/06/13 10:38:54 | 000,130,108 | ---- | C] () -- C:\Program Files\InDesign CS5 Read Me.pdf
[2010/06/13 10:20:09 | 751,253,252 | ---- | C] () -- C:\Program Files\InDesign_7_LS1.7z
[2009/11/16 09:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2009/10/07 15:10:53 | 000,225,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_image.Cache
[2009/10/07 15:10:50 | 000,004,216 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_audio.Cache
[2009/05/23 15:34:10 | 000,000,543 | ---- | C] () -- C:\Windows\cedt.INI
[2009/05/05 20:29:15 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/01/20 22:58:53 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2008/10/08 14:49:17 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/15 11:11:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/08/09 13:11:16 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/08/09 11:25:51 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/08/07 20:18:28 | 000,065,024 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/26 05:55:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/07/26 05:26:49 | 000,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 20:49:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\authz.dll
[2007/04/03 10:59:54 | 006,148,096 | ---- | C] () -- C:\Windows\SysWow64\dzcore.dll
[2006/12/05 15:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\dzbryce6.dll
[2006/12/05 15:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dzwrapper.dll
[2006/11/20 16:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\SysWow64\daz-qsa.dll
[2006/11/20 16:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\SysWow64\daz-qt-mt.dll
[2005/04/03 08:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\scardsyn.dll
[1998/05/06 13:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\ODMA32.dll

========== LOP Check ==========

[2010/11/28 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2008/08/09 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blender Foundation
[2010/06/13 15:50:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/11/30 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/29 06:01:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2010/05/24 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GHISLER
[2008/10/19 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Graboid Inc
[2010/05/28 09:09:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImTOO Software Studio
[2010/10/04 16:24:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/11/07 21:36:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/05/31 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nokia
[2009/05/31 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Suite
[2010/04/17 13:08:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
[2010/09/28 21:49:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2010/10/25 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2010/05/28 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/08/11 15:41:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2009/12/09 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2010/11/24 23:04:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2009/09/23 11:29:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YouSendIt
[2010/11/29 06:00:09 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/11/29 05:58:37 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/29 20:29:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{284267D1-CC92-4C3D-AF46-6C21F23F5321}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

EXTRAS


OTL Extras logfile created on: 29/11/2010 08:23:40 p.m. - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.32 Gb Total Space | 34.65 Gb Free Space | 12.02% Space Free | Partition Type: NTFS

Computer Name: POR-DESIGNAR | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mega] -- "C:\Program Files (x86)\Megacubo\megacubo.exe" "%1" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mega] -- "C:\Program Files (x86)\Megacubo\megacubo.exe" "%1" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 29 78 46 D8 05 B3 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10595318-36D1-427C-963C-D7A3D9BDF8F0}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{1123CE29-B111-4EBE-A7B0-0F58B2CBFB17}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B3B62F5-DF12-4BF0-BF84-8177D5936099}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{209D7940-9D6E-408D-B0BC-B2A8D4F8ED0F}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{23BAA323-01E1-4E1E-AB3B-1C654B77D870}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2E499CA8-F6E4-4C70-A3A8-E22D4E73B089}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B7A0859-61DB-4ECC-BF1A-A611C7DDCCF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3C029B9E-7733-4368-BF61-9935E53F1C6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DC3307D-9579-498C-9C84-40F8622F4618}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{41C3F998-24C1-4FD4-8FFA-6D6059C2F60C}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{48CFA0E0-496E-400E-B49B-A2659B41357A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A693CEB-211C-489F-8729-351351C42589}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F35ECA3-C2F7-42A1-9804-5C006F9597F8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5380E2CA-D926-4F0C-84A0-346961A8FD14}" = lport=138 | protocol=17 | dir=in | app=system |
"{5B279E6B-B4A4-4F4F-AAD3-E48D2B52C75E}" = lport=137 | protocol=17 | dir=in | app=system |
"{637E4D79-A791-496A-9DFA-4E0377F4110E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{757CB9C1-968F-4E47-A4C5-EEA60C2B69CE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7733017C-E416-43E5-97E8-AD9E42B919C8}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{7DED2048-389D-4E80-BEB3-DB7949E38814}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{848B30F9-3666-43EC-9BC0-B57C8AC1D81A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{84F192E4-47B4-4E00-8792-3DD4BC8D5B68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{884ED2EE-A5A8-4802-9935-6DB7E710BFF3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{8A8F331B-784A-4FDB-8FEE-9ACA835D2784}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{8E93F892-1CD4-469A-9F8D-E3E3AFC507D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{94C9CB13-DC90-48BB-BC9C-F69B7A11AFE3}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{96588F43-5B6E-48F2-B6BB-FB689C702637}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B3490C2-F43C-485D-B1D0-E20BBEDFAFD7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9C70F58A-8565-4EAD-8E78-883812F12119}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{A7EE53DB-4DDF-4FC4-9B3C-647E776D1D1A}" = rport=445 | protocol=6 | dir=out | app=system |
"{BAD63F34-4C80-4A96-8B35-8DE294868A0F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C55737AB-563A-4481-9BAF-6024FBE8F959}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C5DCA3C0-E217-4657-9A0D-01927EB5C1E9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C737EA9B-5709-4A1E-9666-83AFEDEBA3AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8632AFE-A824-4AAE-9888-470AEF2F9A1F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D544E07D-883D-47D9-8F74-EF8202C60A34}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6685B34-88E6-4882-A6AC-55DA306BE461}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9C89716-A39A-4FF1-913C-31C32F8739E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBC99C15-9FF3-436B-B858-9C39282B053C}" = lport=51400 | protocol=6 | dir=in | name=akamai netsession interface |
"{E72B9943-4650-4397-9036-9F403DB7A222}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8024CA6-3F4A-45A0-A598-48A8B280C679}" = rport=137 | protocol=17 | dir=out | app=system |
"{F755A55F-B8C8-4E98-9195-79DB9A5E5990}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC894BD3-7509-49FF-BF30-220A77B0946C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007C2972-4BE6-4D01-8E47-7BACDF777D5E}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{00E62884-79D9-4E8D-B3A7-74D0D921A1DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{013A9998-AE7C-4DE7-8B9C-C7F04288185D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03ADFA13-EDCE-4BB4-824E-0E6C295F84C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0456E48A-F6F5-4EDC-AE98-BFB23530B141}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{06BB7E72-18F9-458C-9D48-1BFFF5BD8A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{0865D1B6-E93A-4AC4-83D3-B4CB367D6994}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{0A853E64-6572-4B9D-83C5-FDD27D978F93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B07BAF6-C63A-422D-A0DE-4F2276957397}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B583E8B-BEC2-4586-AB6C-102D85D364AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CB47B21-3015-4AA8-8C35-AE28446E1828}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F83A5BE-AD21-4ADE-BD14-2CD609025ACC}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{108BD5E5-D66D-4BD0-9FE1-BA19C4C3E5FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1237316A-286B-44E3-8CC3-90ED5D4DFB62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1262FEC2-952A-471B-AFEB-CD677C35F007}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13657DFF-F53B-4D9C-B70C-ABBD98A1DD93}" = protocol=6 | dir=out | app=system |
"{151D381B-001D-4E29-8929-4863DA3E5764}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{162D648A-41EE-465D-B3FB-81ADAE2FBF86}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{18335F9D-FB70-4596-A90E-EE4504582427}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18EB7FFC-E113-420B-84B6-7E968FF47BC4}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{1A5C8412-BB63-4FC5-B0B0-DF48ADB15AAE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B3A3012-93F8-4F0E-8C04-1ACA38F39BF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C92538D-BB4D-44AE-97EC-20C026F6E024}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C95CEC9-0821-4043-AD5A-8617394A9CF7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D3B5E9A-E0FA-432D-9F52-EBA986F06C8E}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{1F3830D2-3B77-4E6E-8185-00AAEE901B01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1FEE2F79-899C-46AC-9574-1C225A41DB2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2285951A-BFDC-4F0D-83D0-52D3DF53ED0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{246009BF-A517-4E88-99D3-B17D1C70FD31}" = protocol=58 | dir=in | app=system |
"{2503DD4D-7F09-444C-912D-58D000EB7946}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2617FE50-F192-4F99-9749-F5D39A49057F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2657363A-BF6F-4DF6-A538-904288F71F78}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{27F1192F-CDB4-4177-938D-32E84EFE2161}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29960B27-9E98-4C1E-97D8-47ABD1BF1EB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29C02C40-ECF5-4C05-AFCD-C975DB722F0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29D6923C-E3FB-41E3-B933-64D5D34EFAFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2ACCA56B-4072-46B2-8897-4756FFEC6CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{2BE551DF-2F40-4333-9786-50671FE1F0AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D17AD25-F4D9-4B44-8437-186EA0B54751}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D921EC3-DA4C-431C-BC48-845F9CC8F44A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E65C7AF-A13A-4E01-BCCC-A2DB96EB086F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F6AABE8-89FA-4D5A-82AB-43D9AB0E780D}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{2FF99C43-BE57-431B-8458-CE9740490939}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3119E181-88F3-40A8-8AE3-97A09FABA1AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{327C470A-E400-4236-B2C1-ED7CFE1A66C7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3357CD67-102D-4FBF-9B4D-1A6825F227FC}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{35EC128B-1E1B-495E-85C0-841572E283B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{381439D0-3E80-4966-AFF5-3FE1EAE9320D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39F620A3-AA75-4888-84BE-BF755BACB8E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B4152C7-4CEA-48D0-9599-9BF974F0B4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3BC23CF3-A1CB-4B2D-A9C6-A6A8039144B8}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4786F778-0BEE-4FF5-B51A-C94EF1310F37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{488CE8EE-2FED-4231-814B-21E917EF8F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4935EE5D-501D-4F02-A2A4-6619E8991BC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49E530DB-476D-466D-9CBF-2162C8F7E053}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B54D654-9D51-4F6D-AF6B-744EF2B6C9EB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4C40C8F9-EB9D-4DEC-BD80-7B2382A7D3FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E56BE39-8261-4011-85AD-AABD5480E7E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F8F60AD-7B7F-4331-9E37-3D3EF4F22C6A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{524CF3C0-572E-4865-B123-221BF5A007C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54DC11E7-47C8-4A74-9B26-3D88297B8029}" = protocol=1 | dir=out | [email protected],-28544 |
"{5C4A14E5-3043-4F1F-93D6-29CE54AA9921}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C79B1E2-1848-4F49-AEC7-97B269F7AE76}" = protocol=58 | dir=out | [email protected],-28546 |
"{5D1476C3-CD17-49F2-87CA-802E87E33316}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F01A9FB-7DF9-4C82-BA83-30F41112C032}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5F12654B-C439-4DA8-B1B0-AEB149B19B64}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{5F3B27AC-248C-487A-97CA-6E7898CBFF51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F697B29-3032-4A1E-B94C-15A722266C76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5FD65559-5124-4782-9605-63FB5E0A8C5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62D3F30B-04F1-4ACE-B736-5249AC3199DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63146D3D-CCBB-43BD-A550-5CE02E3CCB08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{649A65CF-1406-43FC-8356-FB65B438F2E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{674068A8-3064-4896-BBCA-966780563A50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68D5FF35-A842-4207-B1AA-86474AC06C18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{68E835DF-6256-4BC7-AAA6-A9D893673D7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B0020C0-7506-4A4E-8715-A0AE3E5336E2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7290ABE9-9478-4EEA-B06D-148E0FF7C447}" = protocol=58 | dir=in | [email protected],-28545 |
"{75D3ECA2-E026-4EDD-8FAE-0A540F6DE180}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{772BD612-6037-4372-9A8E-478DE44003EB}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7A91396A-144E-405B-A93D-A0CA9ABF19D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AAF41D2-D9DB-4BBE-BD98-01BFC368D0D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AE3D4F4-9A06-4438-98DF-5404FC4E7B18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7DC5642A-16A4-43D0-8EBB-EB095F83E5D4}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{7DFC343B-999F-4063-8D6D-CA475B8EE0EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81C219AC-E20E-46F3-B08F-F67E01102C79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8586019E-6BE5-4CDA-B8B1-9C97A8EF29E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{865CA05C-E107-4350-8E02-10DFE7634B98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88870F13-3D5C-4FDC-8998-2F331EF4F382}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88CEAC23-55DC-4491-AFA9-968C5FE997B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8BEC2C0D-C7A2-49ED-8419-817F736FB484}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CF8A6DE-3E2C-4F76-9C8C-EA19120ABE34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9005FADA-7834-479D-8695-46AE631A1CAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{908F2CA0-219C-4790-B7FE-16B9589D8A86}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{9246235D-EDD0-489B-8316-B1165FDC3DCB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95AB3D25-D0BD-4F72-9AEF-803A05D8F396}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97868A91-35AE-4011-A558-A553579C2DD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97C34243-7833-4B1F-A57C-D0F439E4E610}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{989EC567-B98F-434F-B2FB-849CF6D0D3EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9ADA26CC-004B-4922-AF4D-0915F892CDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9B38F28F-7EE1-4AAE-A0F6-3A525EC258A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9BF456C4-CB53-4F93-A1B4-04E5A5FB6D6C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9E1A8A56-2BA1-43FD-805A-CE017897CC94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E1D876D-1E47-4CC7-968A-637498828E82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E85BF53-B9F8-40CB-9C56-8555BFC42DE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FFBB0A6-957A-437B-ACA2-05F4C719E462}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A01BE1B9-FFDF-4D1E-8FB7-F114A9F58739}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A03EF733-5803-4DDB-9BC7-1E1D61ACE2C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0509054-9718-471E-B888-BA5C2C7E2118}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0BBB002-F944-4AF2-85A6-C4DE881D6E96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A584F812-794C-4863-8039-4F55C819B9BC}" = protocol=6 | dir=in | app=c:\program files (x86)\megacubo\megacubo.exe |
"{A7BA1BE1-C6C5-4329-B3F5-EFAC7D3CD36C}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{A900D209-44AF-48BE-AC5F-380D0642E8CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9CD0D9C-37BE-46A4-A93E-2CE561BA167A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AA517750-7EDC-4B94-AD13-98E247B32896}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AD53D2CD-8025-4859-AB91-9799C16A3639}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE832240-73F4-4EC5-893D-2E8D7996E2EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AFDA20BA-143D-4C1C-8824-A7B9114F6EDD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B05B615F-3EB2-4660-9D9B-3888A1A0C3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B13718A9-3BB0-41B8-9238-17C30634A150}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B169CCBB-17E1-4300-BE32-D4AA563DD8C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1B45655-2F58-4FD2-8DED-866BDB9B3023}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{B2A70B15-F15E-4EEC-8939-14A50F3FEFD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B3B54587-B712-469D-883C-2973A32C30F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5EE0165-CD93-4029-9743-DA78C18BEB40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6234E3A-006B-4B08-B535-3AD237FB6C1C}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{B75B8FB1-5D04-4FB9-A135-092A502064A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB5D51D3-736D-40FF-A09B-52DCCF21FC86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC66E58D-044E-4FA5-B094-F7A87526E243}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE556B42-A5D5-4FE8-A2AB-71D7E06D3CC9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C00B67EB-E577-4DF1-ACD9-1EC7F50AFC15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C144A36A-1803-4A54-A42A-C22CF0AED75F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2635040-0AEB-4273-BF1C-225BCCFB0189}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2740443-D5AA-471C-B220-8BBDB18DF59E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3E68BEA-4486-4AC0-A582-6229168A6402}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C5DA65E0-EF4E-4CC6-AF9B-E4CD30E9B185}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C624B098-4F4A-4918-8EC6-4EBB7D35E3DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C76494F4-480E-4BDD-AEC9-1B68F59815B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA8F3577-ACDF-4A0C-BB8B-0A82A2EBD2ED}" = protocol=17 | dir=in | app=c:\program files (x86)\megacubo\megacubo.exe |
"{CAFDB363-BA75-4E0D-B196-E9D279A9D79C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CC515017-365E-496E-ACCE-80C1CF541644}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD6F21AC-BA6B-457D-BD9E-D8E11DB724FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE38A9D3-1055-4596-B905-57C25E092954}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{CF1E1122-8A22-4AB0-9429-87DE082E15D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF6A4648-84BF-408A-B8DF-8DEB757B7A74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF9A981C-B0CF-491F-A76C-BC7821C67434}" = protocol=58 | dir=out | [email protected],-203 |
"{D3C02EDF-CF83-4B41-AD49-E38081B8D991}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D67AF7B5-E643-4F3F-8A7B-25B1D9645272}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA5F6A98-EC4B-4790-AE64-12501205467B}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DA656CC9-70FB-4072-BE91-1AF649BF6048}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC988E05-F8BB-4CA8-9D7E-B7EF60AFA4FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD262C77-6E55-47E6-9694-A62136FDF4C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDF0C608-0D5B-42C0-850B-5CF2E2EFD187}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DFBA0766-3FBD-4D7B-AD0D-FDD383E61834}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0912195-E174-47B3-943B-6538FA166847}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E264B43D-049F-45A1-9114-7E4C747F769A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4DE55CD-E674-4BC2-87F8-867D5B395D54}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E57A6427-06C2-4CE0-A01C-2F0E02F5EB25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E593B49E-30C5-428F-9E8D-F079F37E3059}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E60EF7C6-481E-4B3F-BE5D-E414ABCB20A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E61F946E-734E-4012-8ADC-B062DB7A4929}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E715AA79-F67B-42D5-A523-66FED2DB498A}" = protocol=1 | dir=in | [email protected],-28543 |
"{E9859721-E967-4F11-99E8-A6A84B452027}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E990FAC5-EEA7-44A9-B59B-9601190A19FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA0E073D-CD57-4DC7-9F77-7D4CAAAD6894}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA5D9F13-8DF4-4C82-93FD-F0EFA717081D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAD35D94-588B-4224-879A-E2A727C01D03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBE77A9C-22F9-4914-85B6-5D43DE581997}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFDC11AD-36B2-4698-85A3-D633C1D96FDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0287238-BBED-4AB8-802D-B675C39D766B}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{F11C89A6-712D-4BD3-909B-43870FEF1564}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F29ACCAC-4B72-4C9F-8D54-8A35F31F3E45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F2F36A34-6175-4030-9F8A-5CB1140DD7D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4044039-9A59-4008-9535-1DE75562EF66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB9CBECC-CDC2-470B-A995-C4F57635CCCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC361B3B-C102-4196-BD4B-104B8FCF9DC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FCFB3AA9-9034-4D30-8BA6-DCE424AF4CC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD9A75E1-FE09-4DF0-9E13-FDC8CB2AE589}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{FDB6A7AB-8309-4B95-9AF8-7967528C9AB8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEC70679-78EC-473C-ADCD-2F3C17918DA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{12A19A1A-552E-4D60-BDCE-249A7CDDB694}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{1FA6DE1B-D25B-4938-94E3-FE8F244D32D4}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{45A2EA4F-F85F-4B8C-8832-5C3B32FA8785}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{64E9300C-A149-4464-91B0-C292C5F34289}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{65A1F528-D170-4E33-8C70-2225C7206DAA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{68CD47D1-4D97-4C9A-A8DC-65B3FBC6898F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{74E10D96-165A-400C-A42B-022C40C2AB81}C:\program files (x86)\tenchistv\u98.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tenchistv\u98.exe |
"TCP Query User{7A0998CD-0317-4D77-BBD7-955DF65D0730}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe |
"TCP Query User{7D4E3357-4F06-4792-9BD0-D5A409A6A63F}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{80223202-2078-4CA8-851A-4DABBFF537D3}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{8F18D2CE-4D0D-4C9A-8C86-FF1FA8424DFE}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B4213F29-3366-4DCE-8924-D7F1CAE349CD}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe |
"TCP Query User{D2270C36-1E4E-44CE-AF8F-CDC105D644A8}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{13D74DDE-12AC-437B-8E8F-3D28C3E417DB}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe |
"UDP Query User{2F1CA3FF-409D-41EA-9A6B-0900288F8555}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe |
"UDP Query User{34271E24-4FDC-4C1C-9E22-36B51ADDC2CF}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{4754C8C3-19DA-4707-8006-D18316F802ED}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{505D3BD7-3EBB-47C1-8D71-6727BB048379}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{5738CC2A-7166-4C26-B561-B406906125C5}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{631BB92B-E289-42B7-8C20-A0A285E37ACF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{7DC91CBF-A20D-47E4-80D4-2D4060309FAD}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{919177BB-0860-4A9E-88A9-A864DB659A9A}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C19D269F-BE88-4FB1-BA7F-CFC5492E8DEE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{C563BD67-625C-4F0A-8FB5-F2520B2C6809}C:\program files (x86)\tenchistv\u98.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tenchistv\u98.exe |
"UDP Query User{DFBB4B71-BB29-4FA8-B588-6B4E4BAE93B8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E5252482-BAF0-4531-9717-D5C3B6BB05B8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}" = MobileMe Control Panel
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Registry Easy_is1" = Registry Easy v5.6
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{212B1B4C-DDB3-45DC-8130-8768C41FCFD5}" = Oracle IRM Desktop 5.5.18 10gR3 PR5
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3730A43E-A00A-4FFC-A001-0C4E642053AD}" = TouchCopy 09
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = Utilidad Configuración iPhone
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"4U WMA MP3 Converter_is1" = 4U WMA MP3 Converter 6.2.6
"7-Zip" = 7-Zip 4.65
"Able RAWer_is1" = Able RAWer 1.4.8.30
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Akamai" = Akamai NetSession Interface
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"avast5" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Bryce" = Bryce 5.5c
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"Crimson Editor 3.72" = Crimson Editor 3.72
"DAZ|Studio" = DAZ|Studio 1.5.1.0
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ImTOO MPEG Encoder Ultimate" = ImTOO MPEG Encoder Ultimate
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"LimeWire" = LimeWire 5.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"RealPlayer 12.0" = RealPlayer
"TenchisTV Toolbar" = TenchisTV Toolbar
"Trapcode 3DStroke" = Trapcode 3DStroke
"True Sword 5_is1" = True Sword 5
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 0.9.8a
"WampServer 2_is1" = WampServer 2.0
"Windows Cannot Find Fix Wizard_is1" = Windows Cannot Find Fix Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yet Another Free RayTracer for Windows_is1" = Yet Another Free RayTracer for Windows 0.0.9 Optimized for Pent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 04/10/2010 06:21:32 p.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 05/10/2010 11:37:36 p.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 07/10/2010 12:45:02 a.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 07/10/2010 01:04:41 p.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 12/10/2010 01:09:05 a.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 13/10/2010 12:55:55 a.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 13/10/2010 12:55:58 a.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 13/10/2010 10:18:58 a.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 13/10/2010 11:12:52 p.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

Error - 13/10/2010 11:12:56 p.m. | Computer Name = por-designar | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 10/05/2010 01:44:42 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/05/2010 01:44:42 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 451248

Error - 10/05/2010 01:44:42 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 451248

Error - 10/05/2010 01:44:43 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/05/2010 01:44:43 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 452262

Error - 10/05/2010 01:44:43 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 452262

Error - 10/05/2010 01:44:44 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/05/2010 01:44:44 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 453261

Error - 10/05/2010 01:44:44 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 453261

Error - 10/05/2010 01:44:45 p.m. | Computer Name = por-designar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ ASUS Security Protect Manager Events ]
Error - 05/08/2009 11:15:12 a.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 09/09/2009 08:17:33 p.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 08/10/2009 02:15:09 p.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 14/10/2009 10:04:54 p.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 17/10/2009 07:24:33 p.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 18/03/2010 11:51:08 p.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 23/03/2010 10:18:17 a.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 24/03/2010 08:59:29 a.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 21/04/2010 06:49:09 a.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 24/05/2010 12:11:02 p.m. | Computer Name = por-designar | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Owner@OWNER-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ Media Center Events ]
Error - 18/05/2009 11:35:42 p.m. | Computer Name = por-designar | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 14/04/2009 11:06:48 p.m. | Computer Name = por-designar | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1556
seconds with 780 seconds of active time. This session ended with a crash.

Error - 26/06/2009 09:51:17 p.m. | Computer Name = por-designar | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/07/2009 07:30:56 p.m. | Computer Name = por-designar | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6351
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/08/2009 12:57:49 p.m. | Computer Name = por-designar | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/08/2009 12:59:50 p.m. | Computer Name = por-designar | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/11/2009 05:46:33 p.m. | Computer Name = por-designar | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:18:32 PM on 11/4/2009 was unexpected.

Error - 04/11/2009 05:46:35 p.m. | Computer Name = por-designar | Source = HTTP | ID = 15016
Description =

Error - 05/11/2009 05:10:41 a.m. | Computer Name = por-designar | Source = HTTP | ID = 15016
Description =

Error - 05/11/2009 05:12:18 a.m. | Computer Name = por-designar | Source = Service Control Manager | ID = 7022
Description =

Error - 05/11/2009 05:28:29 a.m. | Computer Name = por-designar | Source = PlugPlayManager | ID = 12
Description = The device 'Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet
NIC (NDIS 6.0)' (PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\684CE00000) disappeared
from the system without first being prepared for removal.

Error - 05/11/2009 05:41:35 a.m. | Computer Name = por-designar | Source = PlugPlayManager | ID = 12
Description = The device 'Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet
NIC (NDIS 6.0)' (PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\684CE00000) disappeared
from the system without first being prepared for removal.

Error - 05/11/2009 06:35:33 a.m. | Computer Name = por-designar | Source = PlugPlayManager | ID = 12
Description = The device 'Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet
NIC (NDIS 6.0)' (PCI\VEN_10EC&DEV_8168&SUBSYS_16D51043&REV_02\684CE00000) disappeared
from the system without first being prepared for removal.

Error - 05/11/2009 08:40:01 a.m. | Computer Name = por-designar | Source = HTTP | ID = 15016
Description =

Error - 05/11/2009 08:41:35 a.m. | Computer Name = por-designar | Source = Service Control Manager | ID = 7022
Description =

Error - 05/11/2009 02:48:25 p.m. | Computer Name = por-designar | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:15:50 PM on 11/5/2009 was unexpected.


< End of report >

ARK

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-29 22:12:42
Windows 6.0.6001 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd39ac
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd39ac@0017e67c3b98 0x18 0x70 0x87 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd39ac@0023b495fc1a 0xEF 0xDE 0x53 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd39ac@0016414a4e4c 0xE8 0x1B 0x11 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd39ac@002241cf0de8 0xF7 0x78 0xDD 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd39ac@001ff3b88015 0x10 0xFD 0x4C 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd39ac@002106c7b9d4 0xA2 0xCF 0xD2 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd39ac (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd39ac@0017e67c3b98 0x18 0x70 0x87 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd39ac@0023b495fc1a 0xEF 0xDE 0x53 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd39ac@0016414a4e4c 0xE8 0x1B 0x11 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd39ac@002241cf0de8 0xF7 0x78 0xDD 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd39ac@001ff3b88015 0x10 0xFD 0x4C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd39ac@002106c7b9d4 0xA2 0xCF 0xD2 0x0E ...

---- EOF - GMER 1.0.15 ----

[michaelg9]

Hey,


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKLM\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
  IE - HKCU\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
  FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:2.7.2.0
  FF - prefs.js..network.proxy.http: "localhost"
  FF - prefs.js..network.proxy.http_port: 9666
  FF - prefs.js..network.proxy.socks: "localhost"
  FF - prefs.js..network.proxy.socks_port: 9050
  FF - prefs.js..network.proxy.socks_remote_dns: true
  FF - prefs.js..network.proxy.ssl: "localhost"
  FF - prefs.js..network.proxy.ssl_port: 9666
  [2010/08/25 16:55:43 | 000,000,000 | ---D | M] (TenchisTV Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
  O2 - BHO: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
  O3 - HKCU\..\Toolbar\WebBrowser: (TenchisTV Toolbar) - {ECE24DCF-8548-4655-B392-47A388721482} - C:\Program Files (x86)\TenchisTV\tbTen0.dll (Conduit Ltd.)
  O30:64bit: - LSA: Authentication Packages - (C:\\Windows\\system32\\iiffDVnn) - File not found
  O30 - LSA: Authentication Packages - (C:\\Windows\\system32\\iiffDVnn) - File not found
  O32 - HKLM CDRom: AutoRun - 1
  O33 - MountPoints2\{5b8883d3-fde8-11dd-974c-0015affd39ac}\Shell\AutoRun\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
  O33 - MountPoints2\{5b8883d3-fde8-11dd-974c-0015affd39ac}\Shell\open\command - "" = E:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
  O33 - MountPoints2\{6b1d7dd2-8e9a-11de-8a53-fae2e76d49bc}\Shell\AutoRun\command - "" = RECYCLER\winusb.exe
  O33 - MountPoints2\{6b1d7dd2-8e9a-11de-8a53-fae2e76d49bc}\Shell\OpEn\CoMmAnD - "" = RECYCLER\winusb.exe
  O33 - MountPoints2\{76878fcd-453b-11de-9e37-9cebdfa79c19}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe -- File not found
  O33 - MountPoints2\{76878fcd-453b-11de-9e37-9cebdfa79c19}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe -- File not found
  O33 - MountPoints2\{77c99522-b735-11dd-8bcd-8be90bdd1752}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
  O33 - MountPoints2\{77c99522-b735-11dd-8bcd-8be90bdd1752}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
  O33 - MountPoints2\{8cdab913-5b04-11dd-bf8e-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{8cdab913-5b04-11dd-bf8e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
  O33 - MountPoints2\{9c72fd94-6a45-11dd-9e86-0015affd39ac}\Shell - "" = AutoRun
  O33 - MountPoints2\{9c72fd94-6a45-11dd-9e86-0015affd39ac}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{da7861d1-2f57-11de-8d57-82a3e7cff204}\Shell - "" = AutoRun
  O33 - MountPoints2\{da7861d1-2f57-11de-8d57-82a3e7cff204}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{e4611ea4-e7ce-11dd-8ac0-0015affd39ac}\Shell\AutoRun - "" = Autorun
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  [2010/11/29 05:58:37 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again.
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\*.* /s

• lick the Quick Scan button. Post the log it produces in your next reply.

Next:

File Scanner
There are some files I need you to upload for checking

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  • C:\Windows\SysNative\acovcnt.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Next:

Please uninstall the following programs:

Uniblue RegistryBooster
Registry Easy v5.6

Because these programs claiming to be registry optimizers don't benefit your system in any way, and you run the risk of deleting something needed, and then you'll have problems

Also uninstall TenchisTV Toolbar as it comes with many third party software and we are not sure of its safety.

[lruizm]

VirSCAN.org Scanned Report :
Scanned time : 2010/12/01 20:04:47 (MST)
Scanner results: Ningún Escaner ha encontrado infecciones
File Name : acovcnt.exe
File Size : 45056 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6bcaf46e2b7fa9ace92b4d39f3037c5c
SHA1 : 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
Online report : http://virscan.org/r...d41ab389ba.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101201190618 2010-12-01 0.08 -
AhnLab V3 2010.11.23.01 2010.11.23 2010-11-23 0.08 -
AntiVir 8.2.4.114 7.10.14.164 2010-12-01 0.28 -
Antiy 2.0.18 20101126.5945124 2010-11-26 0.02 -
Arcavir 2010 201012021030 2010-12-02 0.06 -
Authentium 5.1.1 201012012212 2010-12-01 1.46 -
AVAST! 4.7.4 101201-1 2010-12-01 0.01 -
AVG 8.5.850 271.1.1/3292 2010-12-02 0.29 -
BitDefender 7.90123.6339026 7.34860 2010-12-01 6.75 -
ClamAV 0.96.3 12346 2010-12-02 0.04 -
Comodo 4.0 6920 2010-12-02 0.09 -
CP Secure 1.3.0.5 2010.12.02 2010-12-02 0.07 -
Dr.Web 5.0.2.3300 2010.12.02 2010-12-02 11.26 -
F-Prot 4.4.4.56 20101201 2010-12-01 1.37 -
F-Secure 7.02.73807 2010.12.02.01 2010-12-02 3.30 -
Fortinet 4.2.254 12.625 2010-12-01 0.09 -
GData 21.1211/21.514 20101202 2010-12-02 0.08 -
ViRobot 20101201 2010.12.01 2010-12-01 0.09 -
Ikarus T3.1.32.15.0 2010.12.02.77273 2010-12-02 5.47 -
JiangMin 13.0.900 2010.11.20 2010-11-20 0.11 -
Kaspersky 5.5.10 2010.12.01 2010-12-01 0.18 -
KingSoft 2009.2.5.15 2010.12.1.18 2010-12-01 0.13 -
McAfee 5400.1158 6184 2010-12-01 19.75 -
Microsoft 1.6402 2010.12.01 2010-12-01 0.08 -
Norman 6.06.11 6.06.00 2010-11-23 4.07 -
Panda 9.05.01 2010.11.30 2010-11-30 0.08 -
Trend Micro 9.120-1004 7.668.02 2010-12-01 0.06 -
Quick Heal 11.00 2010.12.01 2010-12-01 0.08 -
Rising 20.0 22.76.01.07 2010-11-30 0.08 -
Sophos 3.14.1 4.60 2010-12-02 2.97 -
Sunbelt 3.9.2459.2 7471 2010-12-01 0.08 -
Symantec 1.3.0.24 20101130.003 2010-11-30 0.00 -
nProtect 20101201.01 9227922 2010-12-01 0.08 -
The Hacker 6.7.0.1 v00094 2010-12-01 0.08 -
VBA32 3.12.14.2 20101201.0811 2010-12-01 3.28 -
VirusBuster 4.5.11.10 10.130.36/1999634 2010-12-02 2.57 -











OTL logfile created on: 01/12/2010 08:52:45 p.m. - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.32 Gb Total Space | 29.93 Gb Free Space | 10.38% Space Free | Partition Type: NTFS

Computer Name: POR-DESIGNAR | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 20:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/08 22:43:48 | 000,828,928 | ---- | M] (Security Stronghold) -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe
PRC - [2010/09/16 14:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/15 12:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/01 23:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/03 03:37:41 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/21 04:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/27 19:53:25 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
PRC - [2009/07/16 14:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2008/10/24 02:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/06/17 23:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/04/10 13:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/02/01 15:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/01/23 16:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007/12/11 17:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe
PRC - [2007/12/04 11:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/28 18:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe
PRC - [2007/11/28 16:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe
PRC - [2007/11/04 20:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/15 12:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 11:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007/02/07 02:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/11/29 20:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2008/01/20 20:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/12/04 10:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
MOD - [2006/07/12 17:55:00 | 000,056,832 | R--- | M] (Cognizance Corporation) -- C:\Windows\SysWOW64\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 11:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2010/11/29 19:46:26 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/08 22:43:48 | 000,828,928 | ---- | M] (Security Stronghold) [Auto | Running] -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe -- (TrueSwordSchedulerService)
SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/03 14:25:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/09 23:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/15 04:53:14 | 006,447,744 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/07 02:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 19:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/08 20:00:00 | 000,055,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 21:56:34 | 000,588,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:64bit: - [2009/01/09 08:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/08 17:23:00 | 000,055,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/06/03 15:41:50 | 000,017,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 11:21:00 | 000,016,440 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/05/20 11:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/13 00:35:28 | 001,836,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/05/09 19:58:09 | 000,140,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) RMCAST (Pgm)
DRV:64bit: - [2008/05/07 03:40:38 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/05 19:57:10 | 001,132,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/03/20 22:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/03/16 18:42:30 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/03/16 18:42:28 | 000,121,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/03/16 18:42:26 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/02/15 19:27:18 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 15:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/28 20:46:58 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/01/20 20:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 20:46:55 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/12/18 18:57:12 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2007/08/02 22:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/06/25 03:42:30 | 000,130,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV:64bit: - [2007/06/25 03:42:30 | 000,123,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117obex.sys -- (s117obex)
DRV:64bit: - [2007/06/25 03:42:30 | 000,031,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV:64bit: - [2007/06/25 03:42:24 | 000,144,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007/06/25 03:42:24 | 000,125,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/25 03:42:24 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007/06/25 03:42:22 | 000,108,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV:64bit: - [2007/06/16 22:28:16 | 000,217,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2006/10/27 07:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/29 06:04:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/29 06:04:39 | 000,000,000 | ---D | M]

[2009/04/12 14:24:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/04/12 14:24:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/12/01 20:47:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions
[2010/04/28 13:36:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/03 16:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/03/16 15:29:25 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/11/09 23:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/11/13 05:58:42 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/16 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\[email protected]
[2009/12/09 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\[email protected]
[2010/03/16 15:29:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\[email protected]
[2010/11/27 16:35:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/26 18:20:45 | 000,002,604 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
O1 - Hosts: 39 more lines...
O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files (x86)\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Active Web Reader] C:\Program Files (x86)\Deskshare\Active Web Reader\Active Web Reader.exe File not found
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files (x86)\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Egypt!!!!!!\P5071065.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Egypt!!!!!!\P5071065.JPG
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 20:39:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/29 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
[2010/11/29 20:04:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/11/29 20:02:22 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/26 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\True Sword 5
[2010/11/26 18:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\True Sword 5
[2010/11/26 17:43:44 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010/11/26 17:43:44 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2010/11/26 17:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Cannot Find Fix Wizard
[2010/11/26 11:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/11/23 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Mich
[2010/11/15 21:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/15 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/14 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\VIDEOS RESTANTES
[2010/06/13 10:20:08 | 001,228,360 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\InDesign_7_LS1.exe
[2010/06/04 05:09:34 | 004,072,584 | ---- | C] (Uniblue Systems Ltd ) -- C:\Program Files (x86)\registrybooster.exe
[2010/01/09 10:47:17 | 007,324,037 | ---- | C] (AoAMedia.com ) -- C:\Program Files (x86)\aoaaudioextractor.exe

========== Files - Modified Within 30 Days ==========

[2010/12/01 20:59:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3862716988-2361750683-3962962596-1000UA.job
[2010/12/01 20:55:22 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{284267D1-CC92-4C3D-AF46-6C21F23F5321}.job
[2010/12/01 20:52:26 | 000,235,837 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/01 20:52:26 | 000,235,837 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/01 20:50:53 | 000,000,004 | ---- | M] () -- C:\Users\Owner\tray.pid
[2010/12/01 20:49:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/01 20:49:22 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/12/01 20:49:14 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 20:49:14 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 20:48:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/01 20:36:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/29 20:50:11 | 000,288,107 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip
[2010/11/29 20:04:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/11/29 19:50:33 | 003,982,422 | ---- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/11/26 18:03:23 | 000,001,774 | ---- | M] () -- C:\Users\Owner\Desktop\True Sword.lnk
[2010/11/26 17:48:42 | 000,001,441 | ---- | M] () -- C:\Users\Owner\Documents\Receipt.rtf
[2010/11/26 17:43:45 | 000,001,999 | ---- | M] () -- C:\Users\Owner\Desktop\Windows Cannot Find Fix Wizard.lnk
[2010/11/26 16:53:03 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/26 16:53:03 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/26 16:53:03 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/26 10:25:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/11/26 10:24:48 | 007,304,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/25 03:59:00 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3862716988-2361750683-3962962596-1000Core.job
[2010/11/23 11:26:43 | 000,065,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 13:16:20 | 000,180,506 | ---- | M] () -- C:\Users\Owner\Desktop\PRESENTACION POLSA.pptx
[2010/11/16 17:44:55 | 000,000,543 | ---- | M] () -- C:\Windows\cedt.INI
[2010/11/15 21:51:41 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/15 14:32:45 | 000,161,792 | ---- | M] () -- C:\Users\Owner\Desktop\poliuretanos y base de datos.doc

========== Files Created - No Company Name ==========

[2010/11/29 20:50:10 | 000,288,107 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip
[2010/11/29 19:50:32 | 003,982,422 | ---- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/11/26 18:00:43 | 000,001,774 | ---- | C] () -- C:\Users\Owner\Desktop\True Sword.lnk
[2010/11/26 17:48:42 | 000,001,441 | ---- | C] () -- C:\Users\Owner\Documents\Receipt.rtf
[2010/11/26 17:43:45 | 000,001,999 | ---- | C] () -- C:\Users\Owner\Desktop\Windows Cannot Find Fix Wizard.lnk
[2010/11/18 13:17:42 | 000,180,506 | ---- | C] () -- C:\Users\Owner\Desktop\PRESENTACION POLSA.pptx
[2010/11/15 21:51:41 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/15 13:31:19 | 000,161,792 | ---- | C] () -- C:\Users\Owner\Desktop\poliuretanos y base de datos.doc
[2010/10/08 13:01:09 | 000,000,012 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ldcpfk.dat
[2010/09/28 21:48:54 | 000,000,077 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/28 21:06:10 | 000,000,807 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/28 21:04:35 | 000,561,004 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI5668.txt
[2010/09/28 21:04:34 | 000,012,198 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI5668.txt
[2010/09/17 15:01:49 | 000,002,430 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI654B.txt
[2010/09/17 15:01:48 | 000,011,466 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI654B.txt
[2010/06/13 10:38:54 | 000,130,108 | ---- | C] () -- C:\Program Files\InDesign CS5 Read Me.pdf
[2010/06/13 10:20:09 | 751,253,252 | ---- | C] () -- C:\Program Files\InDesign_7_LS1.7z
[2009/11/16 09:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2009/10/07 15:10:53 | 000,225,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_image.Cache
[2009/10/07 15:10:50 | 000,004,216 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_audio.Cache
[2009/05/23 15:34:10 | 000,000,543 | ---- | C] () -- C:\Windows\cedt.INI
[2009/05/05 20:29:15 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/01/20 22:58:53 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2008/10/08 14:49:17 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/15 11:11:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/08/09 13:11:16 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/08/09 11:25:51 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/08/07 20:18:28 | 000,065,024 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/26 05:55:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/07/26 05:26:49 | 000,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 20:49:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\authz.dll
[2007/04/03 10:59:54 | 006,148,096 | ---- | C] () -- C:\Windows\SysWow64\dzcore.dll
[2006/12/05 15:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\dzbryce6.dll
[2006/12/05 15:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dzwrapper.dll
[2006/11/20 16:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\SysWow64\daz-qsa.dll
[2006/11/20 16:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\SysWow64\daz-qt-mt.dll
[2005/04/03 08:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\scardsyn.dll
[1998/05/06 13:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\ODMA32.dll

========== LOP Check ==========

[2010/11/28 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2008/08/09 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blender Foundation
[2010/06/13 15:50:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/11/30 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/01 20:50:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2010/05/24 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GHISLER
[2008/10/19 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Graboid Inc
[2010/05/28 09:09:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImTOO Software Studio
[2010/10/04 16:24:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/11/07 21:36:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/05/31 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nokia
[2009/05/31 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Suite
[2010/04/17 13:08:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
[2010/09/28 21:49:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2010/10/25 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2010/05/28 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/08/11 15:41:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2009/12/09 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2010/11/24 23:04:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2009/09/23 11:29:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YouSendIt
[2010/12/01 20:49:22 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/12/01 20:47:54 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/01 20:55:22 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{284267D1-CC92-4C3D-AF46-6C21F23F5321}.job

========== Purity Check ==========



========== Custom Scans ==========


< C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\*.* /s >
[2007/10/13 16:51:52 | 000,000,523 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\chrome.manifest
[2008/07/02 18:45:54 | 000,000,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\CREDITS
[2008/07/06 09:08:24 | 000,001,637 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\install.rdf
[2008/07/06 09:08:06 | 000,000,514 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\LICENSE
[2008/07/02 19:17:18 | 000,029,151 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\chrome\wj.jar
[2007/10/19 18:54:34 | 000,000,693 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ugauak7p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}\defaults\preferences\preferences.js

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

[michaelg9]

Hey,


Did you uninstall the programs I've told you? I can see that RegistryBooster is there, so if there is a problem at this part, please tell me.

Next:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O1 - Hosts: 127.0.0.1 3dns.adobe.com
  O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
  O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
  O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
  O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
  O1 - Hosts: 127.0.0.1 activate.adobe.com
  O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
  O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
  O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
  O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
  O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
  O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
  O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
  O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
  O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
  O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
  O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
  O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
  O1 - Hosts: 127.0.0.1 crl.verisign.net
  O1 - Hosts: 127.0.0.1 ood.opsource.net
  O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
  O1 - Hosts: 127.0.0.1 practivate.adobe
  O1 - Hosts: 127.0.0.1 practivate.adobe.com
  O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
  O1 - Hosts: 39 more lines...
  [2010/10/08 13:01:09 | 000,000,012 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ldcpfk.dat
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next:

At this time, your logs look clean. I want you to tell me what problems you have at the moment, so we know what we're looking for.

Also, give inherit another try now that you're clean and tell me the results:

For the programs that don't want to run (You get a permissions error) do the following:

Download this program

Drag each of the .exe files that you are unable to run and drop them onto Inherit.exe.

Then wait for it to say "OK". The programs should run fine after doing that.

Note: Dragging shortcuts to Inherit.exe will not work. To see what files shortcuts point to you will need to right-click the shortcut and select "Properties."
The .exe file that you will have to drag onto Inherit.exe is listed next to "Target"

If Inherit.exe does not fix your problem with a certain program you will have to uninstall and reinstall the malfunctioning program for it to work properly.

[michaelg9]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.