Results 1 to 10 of 27

Thread: about .blank

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default about .blank

    Help please
    have run full scans Malwarebytes, spybot and avg



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Harrison at 21:58:35 on 2011-12-03
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1698 [GMT 13:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\afasrv32.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\tcnz\McciTrayApp.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://nz.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [tcnz_McciTrayApp] c:\program files\tcnz\McciTrayApp.exe
    mRun: [LTMSG] LTMSG.exe 7
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\harrison\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: motive.com\ptcnztbc.tcnz
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC} : DhcpNameServer = 192.168.1.254
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: TPSvc - TPSvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
    S3 cpuz132;cpuz132;\??\c:\docume~1\harrison\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\harrison\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2008-12-12 23552]
    S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [2009-4-14 31104]
    .
    =============== Created Last 30 ================
    .
    2011-12-03 00:32:54 32824 ----a-w- c:\windows\system32\rrMon.sys
    2011-12-03 00:32:48 -------- d-----w- c:\program files\Registrar Registry Manager
    2011-11-20 19:15:26 -------- d-----w- c:\program files\Ghost Mouse Auto Clicker
    2011-11-14 17:53:51 -------- d-----w- c:\documents and settings\all users\application data\DVD-Cloner
    2011-11-14 17:53:46 -------- d-----w- c:\documents and settings\harrison\application data\DVD-Cloner
    2011-11-14 17:53:43 -------- d-----w- c:\program files\DVD-Cloner
    2011-11-13 08:15:19 -------- d-----w- c:\documents and settings\harrison\local settings\application data\WMTools Downloaded Files
    2011-11-10 01:37:54 -------- d-----w- c:\windows\system32\cache
    .
    ==================== Find3M ====================
    .
    2011-11-15 18:37:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-06 17:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-03 17:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-25 22:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-25 22:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-25 22:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-12 17:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 22:01:49.00 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    Welcome to Safer-Networking's Malware Removal forum.

    My nickname is mambass and I'll be helping you with any malware problems.

    Before we begin...please read and follow these important guidelines so things will proceed smoothly.

    1. If you haven't done so already, please read the topic BEFORE You POST where the conditions for receiving help here are explained.
    2. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    3. Please read all instructions carefully before executing them and perform the steps in the order given.
      lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
    4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
    5. You must have Administrator rights permissions for this computer.
    6. DO NOT run any other fix or removal tools unless instructed to do so!
    7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
    9. Only reply to this thread. Do not start another thread.
    10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
    11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
    12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
    13. The logs I request can take a while to research so please be patient.
    14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.
    Because of this I advise you to backup any personal files and folders before you start.

    How to back up or transfer your data on a Windows-based computer

    -----------------------------------------------------------

    I am currently reviewing your log and will return as soon as possible with additional instructions.

    Thanks,

    mambass
    Graduate of Malware Removal University - You too could train to help others

  3. #3
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    Thanks for your help

  4. #4
    Emeritus- Malware Team
    Join Date
    Apr 2010
    Posts
    29

    Default

    Hi Neil,

    Thanks for your help
    You're welcome.

    1. Punkbuster warning
      I see you have Punkbuster installed.( read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
      • Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
      • Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
      • Another option is to not clean this computer at all. This ensures Punkbuster will continue to function. If you choose this option then please mention that in your reply and you can ignore the remaining steps below.

      Please let me know what you would like to do.

    2. Description of problems
      Please provide a description of the problems you are experiencing that have brought you here. The description does not need to be technically detailed but, if your computer has given you any Error Codes or flashed up any messages, then the exact wording of them can be very useful and you should include them.

    3. Run a Scan with OTL
      • Please download OTL by OldTimer and save it to your desktop.
      • Double click on the OTL icon on your Desktop to run it.
      • Check the boxes labeled :
        • Scan All Users
        • LOP check
        • Purity check
        • Extra Registry > Use SafeList
      • Make sure all other windows are closed to let it run uninterrupted.
      • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.

      When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
      The Extras.txt file will only appear the very first time you run OTL.
      Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    4. Run a scan with GMER
      • Please download the GMER Rootkit Scanner from here.
      • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
      • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
      • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
        • IAT/EAT
        • Drives/Partition other than the System drive (which is typically C:\)
        • Show All (don't miss this one)
          See image below

      • Then click the Scan button & wait for it to finish
        **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
      • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
      • Save it where you can easily find it, such as your desktop, and post it in your next reply

      Note: Do not run any other programs while Gmer is running.



    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. Your decision concerning cleaning your system given PunkBuster is installed.
    3. A description of the problems you are experiencing with this computer.
    4. The contents of the OTL.txt and Extras.txt logs.
    5. The contents of the Gmer.txt log.
    6. After posting your reply message, please verify that the last line of the last report is present in the post. If any log is cut off then please post the logs in sections.



    mambass
    Graduate of Malware Removal University - You too could train to help others

  5. #5
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    mambass


    would like to remove punkbuster. Dont know when or how it was installed on system

    Problem is that When i close and sometimes open a window with explorer about.blank starts loading pages






    OTL logfile created on: 10/12/2011 10:08:13 a.m. - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.34% Memory free
    2.85 Gb Paging File | 2.32 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 25.95 Gb Free Space | 34.82% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 175.16 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
    Drive F: | 149.05 Gb Total Space | 26.76 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

    Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
    PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    PRC - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
    PRC - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe
    PRC - [2008/06/21 08:23:45 | 001,464,832 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\tcnz\McciTrayApp.exe
    PRC - [2008/04/14 13:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2004/11/15 23:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2003/07/14 11:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    MOD - [2011/10/16 08:44:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/10/16 08:44:26 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/25 16:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
    SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009/07/13 19:12:17 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)
    SRV - [2007/08/09 20:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/05/18 10:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/04/12 03:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2010/04/12 03:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2010/01/09 12:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009/04/14 04:05:22 | 000,031,104 | ---- | M] (USB Mass Storage.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UStorage.sys -- (USTORAGE)
    DRV - [2008/12/12 12:26:10 | 000,023,552 | ---- | M] (defrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dfg.sys -- (dfg)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/05/07 04:50:26 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2008/05/07 04:50:26 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2007/04/11 10:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
    DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2006/05/03 14:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
    DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/11/18 00:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/04 11:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2003/12/12 20:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://nz.yahoo.com/
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 08:25:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/11/04 15:10:14 | 000,000,000 | ---D | M]

    [2010/07/20 13:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions
    [2010/01/12 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Harrison\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! Search ()
    CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    CHR - default_search_provider: suggest_url =

    O1 HOSTS File: ([2011/11/20 20:08:56 | 000,437,905 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 15063 more lines...
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [tcnz_McciTrayApp] C:\Program Files\tcnz\McciTrayApp.exe (Motive Communications, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - Startup: C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: motive.com ([ptcnztbc.tcnz] http in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Value error.)
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6770.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (GMNRev Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF3C198-92CE-4706-9203-8EC6881273EC}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Harrison/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harrison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/14 15:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/03/30 14:45:31 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/17 01:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1547161642-2111687655-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/10 10:03:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
    [2011/12/03 22:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/12/03 22:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2011/12/03 13:32:54 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
    [2011/12/03 13:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registrar Registry Manager
    [2011/12/03 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
    [2011/11/21 19:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Mouse Auto Clicker
    [2011/11/21 08:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ghost Mouse Auto Clicker
    [2011/11/16 08:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Desktop\I'm with You [Limited Edition]
    [2011/11/15 06:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
    [2011/11/15 06:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Application Data\DVD-Cloner
    [2011/11/15 06:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD-Cloner
    [2011/11/15 06:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVD-Cloner
    [2011/11/13 21:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harrison\Local Settings\Application Data\WMTools Downloaded Files
    [2011/11/10 14:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
    [2010/01/03 07:52:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Harrison\Application Data\pcouffin.sys
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/10 10:19:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job
    [2011/12/10 10:04:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harrison\Desktop\OTL.exe
    [2011/12/10 10:04:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe
    [2011/12/10 09:38:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/10 09:25:49 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/10 09:25:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/10 09:22:04 | 111,718,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/12/09 19:55:01 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/04 18:52:08 | 000,250,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011/12/03 22:26:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/12/03 18:42:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\dvdtest10024.dat
    [2011/11/22 08:25:25 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2011/11/21 19:40:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2011/11/21 08:15:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
    [2011/11/20 20:17:33 | 000,000,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/11/20 20:08:56 | 000,437,905 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/11/16 07:37:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/11/13 22:42:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/11/13 22:08:01 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/13 20:39:15 | 000,013,747 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\imagesCAI50S1J.jpg
    [2011/11/13 19:38:54 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Harrison\Desktop\New Microsoft Office Publisher Document.pub
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/10 10:04:01 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\bq5tr07d.exe
    [2011/12/03 22:26:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Harrison\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/12/03 13:32:49 | 000,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
    [2011/12/03 13:32:49 | 000,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
    [2011/11/21 19:40:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2011/11/21 08:15:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ghost Mouse Auto Clicker.lnk
    [2011/11/20 20:17:23 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/11/14 12:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
    [2011/11/13 20:41:31 | 000,013,747 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\imagesCAI50S1J.jpg
    [2011/11/13 19:38:54 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Harrison\Desktop\New Microsoft Office Publisher Document.pub
    [2011/10/16 11:59:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/10/09 14:54:27 | 000,176,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/06/14 15:21:50 | 000,012,800 | ---- | C] () -- C:\WINDOWS\sysutils.dll
    [2011/04/18 14:28:38 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2011/02/26 13:38:49 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/09/27 08:28:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/09/21 19:59:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
    [2010/09/17 19:54:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/20 13:54:12 | 000,012,264 | ---- | C] () -- C:\WINDOWS\scunin.dat
    [2010/07/20 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/20 12:53:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
    [2010/02/12 21:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
    [2010/01/03 07:52:49 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\inst.exe
    [2010/01/03 07:52:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.cat
    [2010/01/03 07:52:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\pcouffin.inf
    [2009/07/19 14:59:22 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\FixVTS.ini
    [2009/07/13 19:09:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe
    [2009/06/27 20:09:03 | 000,066,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/04/13 10:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2009/02/26 09:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2009/02/26 09:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2009/01/27 19:59:01 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat.temp
    [2009/01/27 19:40:32 | 000,094,065 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
    [2009/01/19 07:12:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\fusioncache.dat
    [2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
    [2008/12/29 12:29:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2008/12/25 10:40:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/12/25 10:40:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/12/24 09:49:07 | 000,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/12/24 09:48:59 | 000,189,672 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2008/12/24 09:48:51 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2008/12/20 10:02:50 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2008/12/05 22:54:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/12/05 16:02:36 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
    [2008/11/24 18:54:52 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat.temp
    [2008/11/24 18:31:37 | 000,117,048 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2008/11/24 18:24:05 | 000,117,579 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
    [2008/11/24 18:24:05 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
    [2008/11/24 18:21:31 | 000,093,684 | ---- | C] () -- C:\WINDOWS\hpqins07.dat
    [2008/10/26 12:07:54 | 000,009,379 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (DOS).EML
    [2008/10/26 12:05:54 | 000,009,387 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).EML
    [2008/10/26 12:00:57 | 000,038,502 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Tab Separated Values (Windows).ADR
    [2008/07/25 13:53:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/07/19 12:15:33 | 000,094,083 | ---- | C] () -- C:\WINDOWS\hpqins11.dat
    [2008/07/19 11:49:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/07/18 15:50:20 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\Harrison\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/15 03:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/15 03:45:51 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/07/14 22:54:47 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).ADR
    [2008/07/14 22:51:01 | 000,021,750 | ---- | C] () -- C:\Documents and Settings\Harrison\Application Data\Comma Separated Values (Windows).EML
    [2008/07/14 16:15:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/07/14 16:09:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2008/07/14 16:09:03 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2008/07/14 16:09:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/07/14 16:08:53 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2008/07/14 16:05:27 | 000,003,335 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/07/14 16:05:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/07/14 16:00:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/07/14 15:56:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/09/12 23:09:25 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/05/05 23:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2006/01/19 03:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
    [2005/10/07 08:13:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
    [2004/08/05 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/05 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/05 01:00:00 | 000,505,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/05 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/05 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/05 01:00:00 | 000,087,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/05 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/05 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/05 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/05 01:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/05 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/05 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1997/06/14 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2011/10/16 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/11/05 10:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/20 15:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009/07/14 08:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/11/05 10:27:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/11/15 06:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
    [2011/02/26 13:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2009/12/03 08:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/02/07 10:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2011/12/10 09:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/01/12 12:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
    [2008/07/27 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/10/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/08/07 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
    [2009/01/06 08:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/10/28 20:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2011/10/15 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    [2010/08/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/26 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/07 04:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/07/23 21:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\asoftech
    [2011/10/16 08:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG Secure Search
    [2011/10/16 08:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG2012
    [2010/03/23 08:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\AVG9
    [2010/02/18 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Azureus
    [2008/07/19 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/11/15 06:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVD-Cloner
    [2011/10/20 13:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVDVideoSoft
    [2011/03/07 15:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\DVDVideoSoftIEHelpers
    [2010/02/12 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FrostWire
    [2010/07/20 12:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\FUJIFILM
    [2011/05/26 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\HandBrake
    [2011/11/07 14:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Image Zone Express
    [2011/02/07 18:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\IObit
    [2009/10/21 19:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\MSNInstaller
    [2011/08/07 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Netscape
    [2010/01/18 17:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Nokia
    [2010/01/14 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PC Suite
    [2011/11/08 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\PriceGong
    [2011/11/13 22:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\RipIt4Me
    [2011/02/26 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Sony Online Entertainment
    [2009/01/06 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Ulead Systems
    [2011/10/15 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Uniblue
    [2011/08/20 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Vso
    [2010/06/18 10:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Desktop Search
    [2010/06/18 17:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harrison\Application Data\Windows Search
    [2011/07/23 21:17:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AsoftechAutoClicker_4.job
    [2011/12/10 10:19:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A4810CF-FB95-456B-B035-835C578DDBD1}.job

    ========== Purity Check ==========



    < End of report >

  6. #6
    Junior Member
    Join Date
    Dec 2011
    Posts
    17

    Default

    OTL Extras logfile created on: 10/12/2011 10:08:13 a.m. - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Harrison\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.34% Memory free
    2.85 Gb Paging File | 2.32 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 25.95 Gb Free Space | 34.82% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 175.16 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
    Drive F: | 149.05 Gb Total Space | 26.76 Gb Free Space | 17.95% Space Free | Partition Type: NTFS

    Computer Name: PC-ED35CABDA717 | User Name: Harrison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Steam\steamapps\raven__69\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\raven__69\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II -- (Microsoft Corporation)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
    "{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
    "{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
    "{1935BDD9-9F57-4BF6-AE59-ED07860D33EE}_is1" = Ghost Mouse Auto Clicker 3.3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
    "{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
    "{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
    "{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
    "{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
    "{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
    "{336091F7-459B-48D1-A6EB-04E4A9D727EB}" = TR150-Call Center
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
    "{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
    "{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
    "{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
    "{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
    "{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
    "{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
    "{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
    "{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
    "{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
    "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
    "{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE Basic
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
    "{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
    "{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
    "{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
    "{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
    "{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
    "{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
    "{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    "Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Age of Empires" = Microsoft Age of Empires
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2012
    "AVG Secure Search" = AVG Security Toolbar
    "Card Icon Program_is1" = Card Icon Program 1.2
    "conduitEngine" = Conduit Engine
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVD-Cloner 8_is1" = DVD-Cloner V8.70 Build 1016
    "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
    "ERUNT_is1" = ERUNT 1.1j
    "Federal 2010 Ammunition" = Federal 2010 Ammunition
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
    "HijackThis" = HijackThis 1.99.1
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
    "IObit Security 360_is1" = IObit Security 360
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "Nokia PC Suite" = Nokia PC Suite
    "Photodex Presenter" = Photodex Presenter
    "Picasa 3" = Picasa 3
    "Planescape - Torment" = Planescape - Torment
    "PROR" = Microsoft Office Professional 2007
    "Registrar_is1" = Registrar Registry Manager 6.52
    "RegZooka" = RegZooka
    "Starcraft" = Starcraft
    "Steam App 240" = Counter-Strike: Source
    "Tag&Rename_is1" = Tag&Rename 3.1.7
    "Telecom Help Assistant" = Telecom Help Assistant
    "Total Annihilation: Kingdoms" = Total Annihilation: Kingdoms
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VLC media player" = VideoLAN VLC media player 0.8.1
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1547161642-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SOE-Clone Wars" = Clone Wars

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 14/10/2011 7:06:41 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 14/10/2011 7:06:41 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\HARRISON\DESKTOP\REGISTRYBOOSTER.EXE>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 6/11/2011 3:29:27 a.m. | Computer Name = PC-ED35CABDA717 | Source = IS360service | ID = 0
    Description =

    Error - 9/11/2011 4:46:28 a.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    Error - 9/11/2011 4:19:03 p.m. | Computer Name = PC-ED35CABDA717 | Source = .NET Runtime | ID = 1023
    Description = .NET Runtime version 2.0.50727.3625 - Fatal Execution Engine Error
    (7A0BC59E) (80131506)

    Error - 11/11/2011 12:20:30 a.m. | Computer Name = PC-ED35CABDA717 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module SPhoneParser.dll, version 1.0.1.184, fault address 0x00077316.

    Error - 17/11/2011 4:10:23 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    Error - 20/11/2011 6:45:22 p.m. | Computer Name = PC-ED35CABDA717 | Source = EventSystem | ID = 4618
    Description = The COM+ Event System raised an unexpected access violation at address
    0x7C91072F, attempting to access address 0x00165195. Please contact Microsoft
    Product Support Services to report this error. ntdll!wcsncpy+0x1b0 ntdll!wcsncpy+0x2cd
    ole32!ComPs_NdrDllCanUnloadNow+0xdb
    ole32!CoTaskMemFree+0x13
    es!DllGetClassObject+0x4e5d
    es!DllGetClassObject+0x687b
    sens!+0x3352
    sens!+0x31a7
    ole32!FreePropVariantArray+0x7be
    es!+0x109f3
    es!+0x10d95
    es!+0x294a1
    es!+0x29519
    ole32!FreePropVariantArray+0x7be
    es!+0xe884
    es!+0x12a86
    es!+0x12b10
    ole32!FreePropVariantArray+0x6fb
    ole32!FreePropVariantArray+0x5de
    es!+0x2b0b1
    es!+0x2b394
    es!+0x2b4d8
    kernel32!GetModuleFileNameA+0x1ba

    Error - 20/11/2011 6:45:39 p.m. | Computer Name = PC-ED35CABDA717 | Source = WinMgmt | ID = 24
    Description = Event provider attempted to register query "select * from __InstanceOperationEvent"
    whose target class "__InstanceOperationEvent" does not exist. The query will be ignored.

    Error - 21/11/2011 4:39:11 p.m. | Computer Name = PC-ED35CABDA717 | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    [ OSession Events ]
    Error - 17/12/2009 1:59:34 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 720
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 22/02/2010 3:53:53 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/03/2010 4:30:06 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10871
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 9/10/2010 6:08:32 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2/11/2010 3:45:16 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 15/01/2011 9:14:16 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 70
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 23/03/2011 2:51:04 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5465
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 9/07/2011 8:30:48 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3802
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 20/07/2011 11:59:19 p.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 10201
    seconds with 420 seconds of active time. This session ended with a crash.

    Error - 11/09/2011 3:02:35 a.m. | Computer Name = PC-ED35CABDA717 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 8835
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/11/2011 4:22:38 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 9/11/2011 5:36:45 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 9/11/2011 5:36:48 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 3:40:48 a.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 3:40:52 a.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 3:42:24 a.m. | Computer Name = PC-ED35CABDA717 | Source = DCOM | ID = 10010
    Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
    with DCOM within the required timeout.

    Error - 10/11/2011 2:49:19 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 2:49:21 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 5:39:35 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.

    Error - 10/11/2011 5:39:38 p.m. | Computer Name = PC-ED35CABDA717 | Source = WMPNetworkSvc | ID = 866312
    Description = A new media server was not initialized because WMCreateDeviceRegistration()
    encountered error '0xc00d2781'. The Windows Media DRM components on your computer
    might be corrupted. Verify that protected files play correctly in Windows Media
    Player, and then restart the WMPNetworkSvc service.


    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •