firefox browser redirect to http://63.209.69.107

[vegasjohn]

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by john at 11:16:40 on 2012-04-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.845 [GMT -7:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\dKEYUSBCradle\SyncService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\dKEYUSBCradle\ProxyDaemon.exe

C:\Windows\system32\conhost.exe

C:\dKEYUSBCradle\stunnel-4.10.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Easy Dock] C:\Users\john\Documents\RCA easyRip\EZDock.exe

mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun: [Easy Dock]

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://las.mlxchange.com/5.5.04.23503/Control/IRCSharc.cab

DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file:///C:/Program%20Files%20(x86)/FastVideoIndexer/data/dialogs/msxml4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1899D568-EF9E-4A23-A588-CDECFB590CC5} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{1899D568-EF9E-4A23-A588-CDECFB590CC5}\2456C6B696E6F5E4F575962756C6563737F5541453230373 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{1899D568-EF9E-4A23-A588-CDECFB590CC5}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{1899D568-EF9E-4A23-A588-CDECFB590CC5}\358616D6D69656026416D6D6965602E4564777F627B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{1899D568-EF9E-4A23-A588-CDECFB590CC5}\36C61627B67657563747 : DhcpNameServer = 66.209.64.20 138.210.81.3 66.209.64.21

TCP: Interfaces\{1899D568-EF9E-4A23-A588-CDECFB590CC5}\45F60736F6D6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}\275646 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}\452554E444E65647635323 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}\45279616E676C6560234C65726 : DhcpNameServer = 68.105.28.16 68.105.29.16

TCP: Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}\A444D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}\C4F6775637D27457563747D275966496 : DhcpNameServer = 208.67.220.220 208.67.222.222 4.2.2.5 4.2.2.6

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29} : DhcpNameServer = 68.105.28.16 68.105.29.16

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}\16474777966696 : DhcpNameServer = 192.168.5.1

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}\2456C6B696E6F5E4F575962756C6563737F5541453230373 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}\2656C6B696E6534376 : DhcpNameServer = 192.168.3.1

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}\3777565647D20757373797D236F636B6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}\452554E444E65647635323 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}\4586F62737028616D6D65627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A277686B-E7E7-4F1B-A104-8FAC7656461B} : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun-x64: [Easy Dock]

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\j251ljq3.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fnocheckbrowser%26ui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-22 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\Windows\system32\DRIVERS\ekaprot6.sys --> C:\Windows\system32\DRIVERS\ekaprot6.sys [?]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-4 1153368]

R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408]

S3 CXPLRCAP;Capture Device;C:\Windows\system32\drivers\CxPlrCap.sys --> C:\Windows\system32\drivers\CxPlrCap.sys [?]

S3 EUDSKACS;EUDSKACS;C:\Windows\SysWOW64\drivers\eudskacs.sys [2010-10-16 17800]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]

S3 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2010-11-10 185632]

S3 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2010-11-10 212256]

S3 Realtek87B;Realtek87B;C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2010-12-3 40960]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]

S3 SaiH0461;SaiH0461;C:\Windows\system32\DRIVERS\SaiH0461.sys --> C:\Windows\system32\DRIVERS\SaiH0461.sys [?]

S3 silabenm;GE Supra DisplayKey USB Cradle Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]

S3 silabser;GE Supra DisplayKey USB Cradle Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;C:\Windows\system32\DRIVERS\ts_athwx.sys --> C:\Windows\system32\DRIVERS\ts_athwx.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

.

=============== Created Last 30 ================

.

2012-04-15 21:05:13 -------- d-----w- C:\Users\john\AppData\Local\WinZip

2012-04-15 21:02:11 -------- d-----w- C:\Windows\SysWow64\{userdocs}

2012-04-04 21:09:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-04 21:09:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-04 21:04:54 -------- d-----w- C:\Users\john\AppData\Roaming\GetRightToGo

2012-04-04 19:43:44 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 18:56:44 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6987805A-94DC-4DB8-A71A-B475A2101BAF}\mpengine.dll

2012-03-29 07:36:30 -------- d-----w- C:\ProgramData\AVG2012

2012-03-29 07:35:37 -------- d-----w- C:\Program Files (x86)\AVG

2012-03-29 05:42:56 -------- d--h--w- C:\ProgramData\Common Files

2012-03-29 05:42:19 -------- d-----w- C:\ProgramData\MFAData

2012-03-26 23:22:18 -------- d-----w- C:\Users\john\AppData\Local\{8D105388-763F-4D6F-A116-F317BF454A68}

2012-03-26 23:22:07 -------- d-----w- C:\Users\john\AppData\Local\{C79D2A00-54BF-427A-871E-D49E1FFF1673}

2012-03-23 23:20:32 -------- d-----w- C:\Program Files (x86)\UltraReader

2012-03-20 06:58:11 -------- d-----w- C:\Users\john\AppData\Roaming\TuneUp Software

2012-03-20 06:58:05 -------- d-----w- C:\ProgramData\TuneUp Software

2012-03-20 06:58:02 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-03-19 06:28:02 -------- d-----w- C:\Program Files (x86)\Xirrus

.

==================== Find3M ====================

.

2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-25 03:26:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-30 18:50:18 871936 ----a-w- C:\Windows\SysWow64\GeacView.dll

2012-01-30 18:48:44 254464 ----a-w- C:\Windows\SysWow64\missouri.dll

.

============= FINISH: 11:18:16.25 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/15/2010 1:26:47 AM

System Uptime: 4/15/2012 9:19:47 PM (14 hours ago)

.

Motherboard: Hewlett-Packard | | 363F

Processor: AMD Sempron™ M120 | Socket S1G3 | 798/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 219 GiB total, 53.449 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 2.242 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&28BABA33&2&05

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter #4

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&28BABA33&2&05

Service: vwifimp

.

==== System Restore Points ===================

.

RP196: 4/4/2012 11:34:24 AM - Restore Operation

RP197: 4/13/2012 1:14:34 AM - Scheduled Checkpoint

RP198: 4/15/2012 2:04:31 PM - Installed WinZip 15.0

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Able2Extract 7.0

Abyssal Recovery 1.1.1

Acrobat.com

Adobe AIR

Adobe Reader X (10.1.2)

Adobe Shockwave Player

AMD USB Filter Driver

Atheros Driver Installation Program

Brother BRAdmin Light 1.11

Brother HL-2170W

Brother MFL-Pro Suite MFC-490CW

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CD Recovery Toolbox Free 1.1

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CodeStuff Starter

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 8

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

DiskRedactor

DisplayKEY USB Cradle

Driver Install 64-Bit

DVD Decrypter (Remove Only)

DVDSmith Movie Backup 1.0.5

EASEUS Todo Backup 1.1

Free Files Unzip

Free Video to MP3 Converter version 4.1

FreeRIP v3.65

Game Copier 1.6

Gmail Backup

honestech VHS to DVD 3.0 SE

Hoyle Puzzle and Board Games

HP Advisor

HP Customer Experience Enhancements

HP Games

HP Quick Launch Buttons

HP Setup

HP Update

HP User Guides 0148

HP Wireless Assistant

IDT Audio

inSSIDer

IsoBuster 2.8.5

Java Auto Updater

Java™ 6 Update 22

Junk Mail filter update

Likeoffice Addin V7.2

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Flight Simulator 2004 A Century of Flight

Microsoft Flight Simulator X

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

Mozilla Firefox 10.0.2 (x86 en-US)

Mozilla Thunderbird 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

muvee Reveal

Nuance PDF Reader

office Convert Pdf to Excel for xls Free 6.5

One Touch Grabber

Power2Go

PPL Exam Pro 2.01 Demo

QLBCASL

Ralink RT2870 Wireless LAN Card

RCA Detective™ 3.0.1.1

RCA Digital Voice Manager 5.3.3.0

RCA easyRip 2.5.7.0

RCA Updater 2.1.7.0

Realtek 8136 8168 8169 Ethernet Driver

REALTEK Wireless LAN Driver and Utility

Recovery Manager

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Excel 2010 (KB2523021)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

Simple Sudoku 4.2

Spybot - Search & Destroy

Technitium MAC Address Changer v6.0

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

TrueCrypt

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2441641)

Update for Outlook 2007 Junk Email Filter (KB2536413)

VisiPics V1.30

VLC media player 1.1.4

WebRipper 1.33

Window On Top version 1.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.0

WPDF

Xvid 1.2.2 final uninstall

Zamzom Wireless

zipForm6

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 10:26:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SILVER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}. The master browser is stopping or an election is being forced.

4/15/2012 9:21:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/15/2012 9:19:58 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

4/15/2012 11:12:39 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/15/2012 11:12:39 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

4/11/2012 10:18:27 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

4/10/2012 5:50:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

.

==== End Of File ===========================

[Maniac]

Hello vegasjohn and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please uninstall µTorrent, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• OTL log with Extras.txt

[vegasjohn]

says nothing found:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.16.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

john :: PC [administrator]

4/16/2012 3:13:28 PM

mbam-log-2012-04-16 (15-13-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199163

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

OTL Extras logfile created on: 4/16/2012 3:21:03 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\john\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.36% Memory free

3.49 Gb Paging File | 2.12 Gb Available in Paging File | 60.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 219.08 Gb Total Space | 53.23 Gb Free Space | 24.30% Space Free | Partition Type: NTFS

Drive D: | 13.51 Gb Total Space | 2.24 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Drive E: | 99.18 Mb Total Space | 92.53 Mb Free Space | 93.30% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: john | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-619769098-511854799-2528128674-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 1

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 1

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"${PRODUCT_ID}-1.1.1.37697" = Ekahau HeatMapper

"{09C251E9-775D-42E2-94FD-1F89EAAFC82E}" = dKeyUSBCradleDriver_x64

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java 6 Update 15 (64-bit)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit)

"{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}" = Smart Technology Programming Software 7.0.2.7

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"5D54FF2DFE6B80D5BB80225AD2F6C53861A51CDB" = Windows Driver Package - GE Security (silabenm) Ports (12/10/2008 5.4.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"LSI Soft Modem" = LSI HDA Modem

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00529FF0-FBC1-4133-AABA-43C09ED7BF25}" = Free Files Unzip

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility

"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista

"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 22

"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 SE

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light

"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch

"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common

"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian

"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW

"{49272E0B-CF97-4BD6-85A0-9B1C59495850}_is1" = Able2Extract 7.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish

"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.65

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver

"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant

"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AFD94F5-CB9F-4CEF-B271-2A636C895451}_is1" = Window On Top version 1.2

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{659BB4E3-F25F-4952-B037-8F33290CA35E}" = Brother HL-2170W

"{669EB6B4-5F32-4DFC-8F6D-0EC1A48F70A6}_is1" = Abyssal Recovery 1.1.1

"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish

"{67797C4C-FC4C-4396-B327-52443BF1ECD3}" = honestech VHS to DVD 3.0 SE

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian

"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8543A572-5993-4101-BACC-C83884E183A4}" = One Touch Grabber

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DF060AC-904B-4E4B-9F38-9648515C4A29}" = WPDF

"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish

"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech

"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer

"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian

"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D20855E8-8F14-44E8-AEDC-BE75434C6EB7}" = DisplayKEY USB Cradle

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All

"{D912575C-5CA2-4E74-D65C-F19E0E67D47E}" = PPL Exam Pro 2.01 Demo

"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.11

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard

"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional

"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1

"CodeStuff Starter" = CodeStuff Starter

"DiskRedactor_is1" = DiskRedactor

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5

"EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1

"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.1

"Game Copier_is1" = Game Copier 1.6

"gmailbackup" = Gmail Backup

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit

"IsoBuster_is1" = IsoBuster 2.8.5

"Likeoffice Addin_is1" = Likeoffice Addin V7.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"Mozilla Thunderbird 9.0.1 (x86 en-US)" = Mozilla Thunderbird 9.0.1 (x86 en-US)

"office Convert Pdf to Excel for xls Free_is1" = office Convert Pdf to Excel for xls Free 6.5

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PPLExamPro2.01Demo.B8C7BD035599D3F87DAA307ADC18217CA63C70BE.1" = PPL Exam Pro 2.01 Demo

"PROR" = Microsoft Office Professional 2007

"RCA Detective™_is1" = RCA Detective™ 3.0.1.1

"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.3.3.0

"RCA easyRip_is1" = RCA easyRip 2.5.7.0

"RCA Updater_is1" = RCA Updater 2.1.7.0

"Simple Sudoku_is1" = Simple Sudoku 4.2

"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

"TMACv6.0" = Technitium MAC Address Changer v6.0

"TomTom HOME" = TomTom HOME 2.8.2.2264

"TrueCrypt" = TrueCrypt

"Uninstall_is1" = Uninstall 1.0.0.1

"VisiPics_is1" = VisiPics V1.30

"VLC media player" = VLC media player 1.1.4

"WebRipper" = WebRipper 1.33

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"Xvid_is1" = Xvid 1.2.2 final uninstall

"zipForm6" = zipForm6

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/15/2012 2:12:38 PM | Computer Name = pc | Source = Windows Search Service | ID = 9002

Description =

Error - 4/15/2012 2:12:38 PM | Computer Name = pc | Source = Windows Search Service | ID = 3029

Description =

Error - 4/15/2012 2:12:39 PM | Computer Name = pc | Source = Windows Search Service | ID = 3029

Description =

Error - 4/15/2012 2:12:39 PM | Computer Name = pc | Source = Windows Search Service | ID = 3028

Description =

Error - 4/15/2012 2:12:39 PM | Computer Name = pc | Source = Windows Search Service | ID = 3058

Description =

Error - 4/15/2012 2:12:39 PM | Computer Name = pc | Source = Windows Search Service | ID = 7010

Description =

Error - 4/15/2012 10:00:01 PM | Computer Name = pc | Source = Windows Backup | ID = 4103

Description =

Error - 4/15/2012 10:41:16 PM | Computer Name = pc | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/16/2012 4:38:02 AM | Computer Name = pc | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/16/2012 4:00:25 PM | Computer Name = pc | Source = System Restore | ID = 8193

Description =

[ Media Center Events ]

Error - 3/20/2012 7:57:18 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 4:57:18 PM - Error connecting to the internet. 4:57:18 PM - Unable

to contact server..

Error - 3/20/2012 7:57:26 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 4:57:23 PM - Error connecting to the internet. 4:57:23 PM - Unable

to contact server..

Error - 3/21/2012 12:05:20 AM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 9:05:20 PM - Error connecting to the internet. 9:05:20 PM - Unable

to contact server..

Error - 3/21/2012 12:05:42 AM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 9:05:26 PM - Error connecting to the internet. 9:05:26 PM - Unable

to contact server..

Error - 3/22/2012 6:58:15 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 3:58:15 PM - Error connecting to the internet. 3:58:15 PM - Unable

to contact server..

Error - 3/22/2012 6:58:27 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 3:58:20 PM - Error connecting to the internet. 3:58:20 PM - Unable

to contact server..

Error - 3/25/2012 6:42:04 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 3:42:04 PM - Error connecting to the internet. 3:42:04 PM - Unable

to contact server..

Error - 3/25/2012 6:42:22 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 3:42:12 PM - Error connecting to the internet. 3:42:12 PM - Unable

to contact server..

Error - 3/26/2012 6:24:29 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 3:24:29 PM - Error connecting to the internet. 3:24:29 PM - Unable

to contact server..

Error - 3/26/2012 6:24:39 PM | Computer Name = pc | Source = MCUpdate | ID = 0

Description = 3:24:34 PM - Error connecting to the internet. 3:24:34 PM - Unable

to contact server..

[ System Events ]

Error - 4/16/2012 3:56:05 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/16/2012 3:56:05 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/16/2012 3:56:05 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/16/2012 3:56:05 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/16/2012 3:56:08 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/16/2012 3:56:08 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/16/2012 3:56:08 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 4/16/2012 3:57:50 PM | Computer Name = pc | Source = Service Control Manager | ID = 7001

Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery

Provider Host service which failed to start because of the following error: %%1068

Error - 4/16/2012 5:37:51 PM | Computer Name = pc | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 4/16/2012 5:38:59 PM | Computer Name = pc | Source = DCOM | ID = 10016

Description =

< End of report >

OTL logfile created on: 4/16/2012 3:21:03 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\john\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.36% Memory free

3.49 Gb Paging File | 2.12 Gb Available in Paging File | 60.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 219.08 Gb Total Space | 53.23 Gb Free Space | 24.30% Space Free | Partition Type: NTFS

Drive D: | 13.51 Gb Total Space | 2.24 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Drive E: | 99.18 Mb Total Space | 92.53 Mb Free Space | 93.30% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: john | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 15:20:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\john\Downloads\OTL.exe

PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012/02/22 23:17:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/04/02 15:33:10 | 000,073,216 | ---- | M] () -- C:\dKEYUSBCradle\stunnel-4.10.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/24 20:26:42 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2012/02/22 23:17:25 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/04 21:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/21 18:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/04/02 15:34:10 | 000,040,448 | ---- | M] (GE Security Supra) [Auto | Running] -- C:\dKEYUSBCradle\SyncService.exe -- (dKeySync)

SRV - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) [On_Demand | Stopped] -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)

SRV - [2009/11/26 18:02:46 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)

SRV - [2009/11/26 18:02:46 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2009/07/21 18:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/10/23 21:59:21 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)

DRV:64bit: - [2010/10/18 02:25:30 | 000,027,288 | ---- | M] (Ekahau Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ekaprot6.sys -- (EkaProt6)

DRV:64bit: - [2010/10/15 16:39:40 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2010/09/26 19:10:30 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)

DRV:64bit: - [2010/08/10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2010/08/10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2010/07/31 11:32:28 | 002,155,720 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)

DRV:64bit: - [2010/05/27 23:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/02/25 00:42:38 | 000,077,832 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2010/02/25 00:42:38 | 000,029,704 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2010/01/07 12:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)

DRV:64bit: - [2010/01/06 19:41:42 | 000,235,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CxPlrCap.sys -- (CXPLRCAP)

DRV:64bit: - [2009/12/02 12:20:56 | 000,137,608 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EuDisk.sys -- (EuDisk)

DRV:64bit: - [2009/11/26 18:02:36 | 001,085,952 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/08/04 22:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/21 18:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/24 12:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009/04/06 18:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/03/09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2007/05/01 15:33:00 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0461.sys -- (SaiH0461)

DRV - [2009/12/02 12:20:58 | 000,017,800 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\eudskacs.sys -- (EUDSKACS)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9DEA2AAF-5474-4088-94B1-2609605E07A7}

IE:64bit: - HKLM\..\SearchScopes\{3176F4FE-D31E-4995-BF1B-292A9E06E28F}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

IE:64bit: - HKLM\..\SearchScopes\{9DEA2AAF-5474-4088-94B1-2609605E07A7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKLM\..\SearchScopes,DefaultScope = {9DEA2AAF-5474-4088-94B1-2609605E07A7}

IE - HKLM\..\SearchScopes\{3176F4FE-D31E-4995-BF1B-292A9E06E28F}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

IE - HKLM\..\SearchScopes\{9DEA2AAF-5474-4088-94B1-2609605E07A7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-619769098-511854799-2528128674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKU\S-1-5-21-619769098-511854799-2528128674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-619769098-511854799-2528128674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank

IE - HKU\S-1-5-21-619769098-511854799-2528128674-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKU\S-1-5-21-619769098-511854799-2528128674-1001\..\SearchScopes,DefaultScope = {C11E0800-CD83-4293-B56C-6FB98B1A893D}

IE - HKU\S-1-5-21-619769098-511854799-2528128674-1001\..\SearchScopes\{C11E0800-CD83-4293-B56C-6FB98B1A893D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-619769098-511854799-2528128674-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fnocheckbrowser%26ui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3

FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2

FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4

FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2

FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z013&form=ZGAADF&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 11:49:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 22:20:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/17 12:03:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/10/30 16:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions

[2010/10/30 16:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/04/15 00:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\j251ljq3.default\extensions

[2011/02/06 12:31:45 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\j251ljq3.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}

[2012/04/04 11:49:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\j251ljq3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/02/09 22:05:59 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\j251ljq3.default\extensions\bettergmail2@ginatrapani.org

[2012/04/04 11:41:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\j251ljq3.default\extensions\firefox@ghostery.com

[2012/04/01 22:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\extensions

[2010/10/14 22:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010/10/14 22:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010/10/14 22:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/10/14 22:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/10/14 22:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\firefoxbookmarks\4yxisf5c.default\extensions

[2010/10/14 22:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\firefoxbookmarks\4yxisf5c.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010/10/14 22:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\qc4b4tvn.default\firefoxbookmarks\4yxisf5c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/01/23 19:17:26 | 000,001,919 | ---- | M] () -- C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\j251ljq3.default\searchplugins\bing-zugo.xml

[2011/03/23 20:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J251LJQ3.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J251LJQ3.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI

() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J251LJQ3.DEFAULT\EXTENSIONS\APVFMKTMNB@APVFMKTMNB.ORG.XPI

() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J251LJQ3.DEFAULT\EXTENSIONS\YOUTUBE_DOWNLOADER@ANISHSANE.GOOGLEPAGES.COM.XPI

[2012/02/22 23:17:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/21 10:43:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/21 10:43:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\john\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\john\AppData\Local\Google\Chrome\Application\16.0.912.63\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\john\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

CHR - plugin: Google Update (Enabled) = C:\Users\john\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\S-1-5-21-619769098-511854799-2528128674-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-619769098-511854799-2528128674-1001\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)

O4:64bit: - HKLM..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://las.mlxchange.com/5.5.04.23503/Control/IRCSharc.cab (GeacRevw Control)

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file:///C:/Program%20Files%20(x86)/FastVideoIndexer/data/dialogs/msxml4.cab (XML DOM Document 4.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1899D568-EF9E-4A23-A588-CDECFB590CC5}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA31CCB-C6BE-4F69-B368-3E4E86382B3D}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47924DF0-0EFC-4D11-8D74-195F6D1F9C29}: DhcpNameServer = 68.105.28.16 68.105.29.16

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A277686B-E7E7-4F1B-A104-8FAC7656461B}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 14:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

[2012/04/15 14:05:13 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\WinZip

[2012/04/15 14:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2012/04/15 14:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip

[2012/04/15 14:02:30 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\RCA Updater

[2012/04/15 14:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RCA easyRip

[2012/04/15 14:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{userdocs}

[2012/04/15 14:02:08 | 000,000,000 | ---D | C] -- C:\Users\john\Documents\RCA easyRip

[2012/04/04 14:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/04/04 14:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/04/04 14:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/04/04 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\john\Desktop\Downloads

[2012/04/04 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\GetRightToGo

[2012/04/04 12:43:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/04/03 23:21:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/03/29 00:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[2012/03/29 00:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2012/03/28 22:42:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/03/28 22:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/03/26 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{8D105388-763F-4D6F-A116-F317BF454A68}

[2012/03/26 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\{C79D2A00-54BF-427A-871E-D49E1FFF1673}

[2012/03/23 16:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraReader

[2012/03/19 23:58:11 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\TuneUp Software

[2012/03/19 23:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012/03/19 23:58:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012/03/18 23:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus

[1 C:\Users\john\Documents\*.tmp files -> C:\Users\john\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/16 15:16:33 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/16 15:16:33 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/16 15:16:33 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/16 14:47:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/16 14:47:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/16 14:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/16 14:37:46 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/16 00:56:49 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/15 14:05:20 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk

[2012/04/15 14:02:28 | 000,000,874 | ---- | M] () -- C:\Users\john\Desktop\RCA easyRip.lnk

[2012/04/11 00:30:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/04/10 21:42:18 | 000,019,326 | ---- | M] () -- C:\Users\john\Desktop\kitty.jpg

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/04 14:35:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjohn.job

[2012/04/04 14:09:41 | 000,001,218 | ---- | M] () -- C:\Users\john\Desktop\Spybot - Search & Destroy.lnk

[2012/04/04 13:20:35 | 001,541,820 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[1 C:\Users\john\Documents\*.tmp files -> C:\Users\john\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/15 14:05:20 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk

[2012/04/15 14:02:28 | 000,000,874 | ---- | C] () -- C:\Users\john\Desktop\RCA easyRip.lnk

[2012/04/15 14:02:21 | 000,463,279 | ---- | C] () -- C:\Users\john\Desktop\User Manual English_TH18XX.pdf

[2012/04/10 21:42:05 | 000,019,326 | ---- | C] () -- C:\Users\john\Desktop\kitty.jpg

[2012/04/04 14:09:41 | 000,001,218 | ---- | C] () -- C:\Users\john\Desktop\Spybot - Search & Destroy.lnk

[2012/04/04 13:20:06 | 001,541,820 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/01/30 11:48:44 | 000,254,464 | ---- | C] () -- C:\Windows\SysWow64\missouri.dll

[2012/01/28 14:16:46 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini

[2012/01/04 12:08:19 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe

[2012/01/04 12:08:19 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll

[2012/01/04 12:08:18 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe

[2012/01/04 12:08:18 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe

[2011/07/25 16:20:08 | 000,003,584 | ---- | C] () -- C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/17 17:43:04 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI

[2011/07/17 17:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini

[2011/07/17 17:42:52 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI

[2011/07/17 17:42:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini

[2011/07/17 17:42:51 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT

[2011/07/17 17:41:27 | 000,000,246 | ---- | C] () -- C:\Windows\Brownie.ini

[2011/07/06 16:56:35 | 000,000,000 | ---- | C] () -- C:\Windows\DVM.INI

[2011/06/12 17:00:04 | 000,000,017 | ---- | C] () -- C:\Users\john\AppData\Local\resmon.resmoncfg

[2010/12/25 01:19:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll

[2010/12/25 01:19:33 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll

[2010/12/25 01:19:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010/12/22 20:55:45 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/12/06 21:50:16 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/12/06 21:50:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/12/03 10:44:41 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2010/11/10 12:10:36 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll

[2010/11/10 12:10:36 | 000,000,516 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini

[2010/11/10 12:10:36 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini

[2010/11/06 18:36:57 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

[2010/10/16 15:14:03 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2010/10/16 15:14:03 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini

[2010/10/16 15:13:46 | 000,000,435 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/10/16 15:13:46 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2010/10/16 15:12:05 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2010/10/16 15:12:05 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2010/10/16 15:12:05 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2010/10/14 22:11:48 | 000,001,057 | ---- | C] () -- C:\Users\john\AppData\Roaming\vso_ts_preview.xml

========== LOP Check ==========

[2010/10/14 22:10:19 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\95529C0BAC01A276E8511766E2C88188

[2010/10/14 22:10:19 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Aura4You

[2010/10/14 22:10:19 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Avery

[2012/04/01 22:09:23 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\CBS Interactive

[2012/04/04 11:40:50 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\CEZEO software

[2011/01/07 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\DVDVideoSoft

[2010/10/14 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/04/04 14:05:41 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\GetRightToGo

[2011/07/30 13:26:28 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Gmail Backup

[2011/08/03 12:22:00 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Hoyle FaceCreator

[2012/04/16 13:01:30 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Hoyle Puzzle and Board Games

[2012/04/04 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\muvee Technologies

[2010/10/20 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Nuance

[2012/04/04 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Opera

[2010/10/22 16:57:48 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\PeaZip

[2012/03/31 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Simple Sudoku

[2012/04/04 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Thunderbird

[2012/04/04 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\TomTom

[2010/10/14 22:11:48 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\TrueCrypt

[2012/03/19 23:58:11 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\TuneUp Software

[2012/03/26 16:22:09 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Windows Live Writer

[2010/10/23 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Wireshark

[2012/01/04 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\YCanPDF

[2012/04/04 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Zeon

[2012/03/15 17:56:13 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:9A870F8B

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6724CB45

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A4A25FD3

< End of report >

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{3176F4FE-D31E-4995-BF1B-292A9E06E28F}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
  IE - HKLM\..\SearchScopes\{3176F4FE-D31E-4995-BF1B-292A9E06E28F}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
  FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
  [2012/04/04 11:41:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\j251ljq3.default\extensions\firefox@ghostery.com
  O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  O3 - HKU\S-1-5-21-619769098-511854799-2528128674-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKU\S-1-5-21-619769098-511854799-2528128674-1001\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[Maurice Naggar]

This topic is closed due to non-response from member.