1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

MyStart Incredibar Problem

Discussion in 'Virus & Other Malware Removal' started by wubwubwub, Mar 7, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    Hi, I'm new here but need your help. I installed sumotori dreams and with it, it installed mystart incredibar. Much to my annoyance, it messed up my browsers. I have uninstalled sumotori dreams and the program itself but I can't find anything left in programs which might be it. But I still have it. For example if I type in something in the url on google chrome i.e. "frjfhr", it will use the mystart incredibar search engine rather than google. So in my time of need, I request help on how to fix this. I have tried running eset nod32 full scan, malware bytes, SUPER anti spyware and ccleaner but they've found nothing.

    So here is the log file from hijack this

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:14:46, on 08/03/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Maxthon3\Bin\MxUp.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SBCONVERT - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\grabber.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
    O4 - HKLM\..\Run: [Waiting1690] C:\Windows\stid1690.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\EAGLE\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [CrossLoop] "C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
    O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (file missing)
    O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
    O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\tvnserver.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16746 bytes


    Here is the DDS text file

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by EAGLE at 1:15:18 on 2012-03-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3063.979 [GMT 0:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Maxthon3\Bin\MxUp.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26
    uSearch Page =
    uSearch Bar =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1
    mSearchAssistant =
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\program files\searchpredict\SearchPredict.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\speedbit video downloader\toolbar\grabber.dll
    TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\documents and settings\eagle\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpeedBitVideoAccelerator] c:\program files\speedbit video accelerator\VideoAccelerator.exe
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
    uRun: [Facebook Update] "c:\documents and settings\eagle\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [CrossLoop] "c:\documents and settings\eagle\local settings\application data\crossloop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize
    uRun: [AdobeBridge]
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Trust Gaming mouse] "c:\program files\trust\gm-4200 gamer mouse optical\Panel.exe"
    mRun: [Waiting1690] c:\windows\stid1690.exe
    mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [NPSStartup]
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\eagle\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\eagle\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: c:\progra~1\speedb~1\sblsp.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{7F8CFD57-128C-4B72-BE1D-1A3E4A49FD3C} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\eagle\application data\mozilla\firefox\profiles\lsgtf3bx.default\
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb115/?loc=IB_DS&a=6R8m0tuTr0&&i=26&search=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\eagle\application data\mozilla\firefox\profiles\lsgtf3bx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
    FF - plugin: c:\documents and settings\eagle\application data\electronic arts\game face\npGameFacePlugin.dll
    FF - plugin: c:\documents and settings\eagle\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\eagle\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\eagle\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\documents and settings\eagle\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\eagle\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Incredibar Toolbar: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: SearchPredict: [email protected] - c:\program files\searchpredict\PRFireFox
    FF - Ext: SPEEDbit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8m0tuTr0&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - a05d606100000000000000ff45504d77
    FF - user.js: extensions.incredibar_i.hardId - a05d606100000000000000ff45504d77
    FF - user.js: extensions.incredibar_i.instlDay - 15405
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2714:07:57
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6R8m0tuTr0
    FF - user.js: extensions.incredibar_i.upn2n - 92823967831489990
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10589
    FF - user.js: extensions.incredibar_i.ppd -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-23 238952]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-12-3 14976]
    R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-23 36608]
    R3 GMFilter Filter;GMFilter Filter;c:\windows\system32\drivers\GMFilter.sys [2009-11-2 25088]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-10-30 88192]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]
    S2 CrossLoopService;CrossLoop Service;c:\documents and settings\eagle\local settings\application data\crossloop\CrossLoopService.exe [2012-1-28 569072]
    S2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-17 366872]
    S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2008-4-10 177280]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-9-23 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-9-23 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-9-23 123648]
    S3 tvnserver;TightVNC Server;c:\documents and settings\eagle\local settings\application data\crossloop\tvnserver.exe [2012-1-28 814080]
    .
    =============== File Associations ===============
    .
    scrfile="%1" %*
    .
    =============== Created Last 30 ================
    .
    2050-12-06 17:39:22 -------- d-----w- c:\program files\common files\OFX
    2050-12-06 17:39:10 -------- d-----w- c:\program files\common files\eSellerate
    2050-12-06 17:38:15 -------- d-----w- c:\program files\NewBlue
    2012-03-07 03:07:24 -------- d-----w- c:\documents and settings\eagle\application data\SUPERAntiSpyware.com
    2012-03-07 03:06:18 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-07 03:06:18 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-03-07 02:58:15 -------- d-----w- c:\program files\CCleaner
    2012-03-06 18:27:29 388096 ----a-r- c:\documents and settings\eagle\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-03-06 18:27:25 -------- d-----w- c:\program files\Trend Micro
    2012-02-27 02:46:14 -------- d-----w- c:\documents and settings\eagle\application data\Opanda
    2012-02-15 00:24:10 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-15 00:24:10 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-11 01:20:00 -------- d-----w- c:\documents and settings\eagle\local settings\application data\LooksBuilder
    .
    ==================== Find3M ====================
    .
    2012-03-04 14:35:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-18 23:56:10 73 ----a-w- c:\windows\system32\ssprs.dll
    2012-02-18 23:56:09 205 ----a-w- c:\windows\system32\lsprst7.dll
    2012-02-08 20:49:20 16 ----a-w- c:\windows\system32\msvcsv60.dll
    2012-02-02 19:03:05 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2012-02-02 19:03:05 1025 ----a-w- c:\windows\system32\clauth2.dll
    2012-02-02 19:03:05 1025 ----a-w- c:\windows\system32\clauth1.dll
    2012-01-31 17:44:37 118784 ----a-w- c:\windows\dsdxirmv.exe
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
    2009-11-08 11:56:31 157484384 -c--a-w- c:\program files\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
    2009-11-02 20:07:22 5862994 -c--a-w- c:\program files\ts2_client_rc2_2032.exe
    2009-08-20 08:13:26 9815040 -c--a-w- c:\program files\openofficeorg31.msi
    2009-03-26 10:36:32 451928 -c--a-w- c:\program files\setup.exe
    2002-03-11 09:06:30 1822520 -c--a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45:04 1708856 -c--a-w- c:\program files\instmsia.exe
    .
    ============= FINISH: 1:17:39.32 ===============



    I would copy and paste the ark.txt file but my system keeps getting a blue screen (BAD_POOL_HEADER) when I try running GMER. That's all I can think of to put here for the moment. Thank you in advance for any responses.
     

    Attached Files:

  2. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
  3. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    bump cause no ones helping
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Download OTL to your desktop
    .
    Alternative Link 1
    Alternative Link 2
    Alternative Link3

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
    • Please check the box next to "LOP check" and “Purtiy check”
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized
    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Kevin
     
  5. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    OTL.txt


    OTL logfile created on: 11/03/2012 19:51:38 - Run 1
    OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\EAGLE\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.63% Memory free
    4.32 Gb Paging File | 2.12 Gb Available in Paging File | 48.95% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 21.88 Gb Free Space | 29.36% Space Free | Partition Type: NTFS
    Drive D: | 107.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MSHOME123 | User Name: EAGLE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/11 19:44:00 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EAGLE\Desktop\OTL.com
    PRC - [2012/03/11 06:09:18 | 001,183,080 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    PRC - [2012/03/11 06:09:00 | 001,552,368 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    PRC - [2012/03/11 06:08:54 | 001,097,072 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
    PRC - [2012/03/06 11:49:49 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2012/01/23 19:23:06 | 000,050,128 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    PRC - [2012/01/20 18:16:56 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/02/22 14:04:46 | 001,590,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    PRC - [2011/02/22 14:04:46 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
    PRC - [2011/02/22 14:04:46 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/11/25 21:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    PRC - [2010/10/10 20:08:06 | 000,116,736 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
    PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2010/07/11 09:42:46 | 002,199,040 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
    PRC - [2010/07/04 18:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2010/07/04 18:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2009/08/05 12:51:16 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    PRC - [2009/08/05 11:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
    PRC - [2007/12/14 16:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2005/06/13 18:17:16 | 000,249,856 | ---- | M] () -- C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/11 18:11:18 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012/03/11 18:11:17 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/03/11 06:09:44 | 000,107,520 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui
    MOD - [2012/03/11 06:09:34 | 000,115,712 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\bdidntconp.ui
    MOD - [2012/03/11 06:09:07 | 000,324,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdidntconp.dll
    MOD - [2012/03/07 03:08:02 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012/03/07 03:08:01 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2012/03/06 11:49:48 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll
    MOD - [2012/03/06 11:49:46 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll
    MOD - [2012/03/06 11:48:22 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avutil-51.dll
    MOD - [2012/03/06 11:48:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avformat-53.dll
    MOD - [2012/03/06 11:48:19 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avcodec-53.dll
    MOD - [2012/03/06 08:25:19 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll
    MOD - [2012/02/15 03:17:25 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
    MOD - [2012/02/15 03:17:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
    MOD - [2012/02/15 03:15:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
    MOD - [2012/02/15 03:15:12 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
    MOD - [2012/02/15 03:14:57 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
    MOD - [2012/02/15 03:13:09 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
    MOD - [2012/02/01 17:20:16 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
    MOD - [2012/01/23 19:20:54 | 000,139,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll
    MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
    MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
    MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
    MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
    MOD - [2012/01/19 14:36:40 | 000,157,200 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnimbus.dll
    MOD - [2012/01/17 11:05:02 | 000,577,000 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdsmartdb.dll
    MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
    MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
    MOD - [2011/12/14 12:05:40 | 000,091,304 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
    MOD - [2011/12/11 15:54:27 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/11/14 19:17:08 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
    MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
    MOD - [2011/10/21 13:04:28 | 001,910,272 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpfr.mdl
    MOD - [2011/10/21 13:04:28 | 001,909,760 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
    MOD - [2011/10/21 13:04:28 | 001,858,560 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
    MOD - [2011/10/21 13:04:28 | 000,952,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
    MOD - [2011/10/21 13:04:28 | 000,632,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
    MOD - [2011/10/21 13:04:28 | 000,444,416 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
    MOD - [2011/10/21 13:04:26 | 002,054,144 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
    MOD - [2011/10/21 13:04:26 | 000,509,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
    MOD - [2011/10/21 13:04:26 | 000,389,632 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
    MOD - [2011/10/14 02:11:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2011/05/19 18:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_08161_015\avxdisk.dll
    MOD - [2010/10/10 20:08:48 | 000,175,104 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
    MOD - [2010/10/10 20:08:06 | 000,116,736 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
    MOD - [2010/10/10 20:08:02 | 000,559,104 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
    MOD - [2010/08/10 09:55:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Diagnostics\4.2.7.7__5cc7ad8abd921325\Inkjet.Diagnostics.dll
    MOD - [2010/08/10 09:55:41 | 000,012,288 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Automation\4.2.7.7__5cc7ad8abd921325\Inkjet.Automation.dll
    MOD - [2010/07/11 09:42:52 | 000,193,024 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
    MOD - [2010/07/11 09:42:46 | 002,199,040 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
    MOD - [2010/05/23 18:25:48 | 000,501,760 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
    MOD - [2010/05/23 18:25:36 | 000,131,072 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll
    MOD - [2010/05/23 18:25:32 | 000,485,376 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll
    MOD - [2010/05/23 18:25:20 | 000,707,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll
    MOD - [2010/05/23 18:25:12 | 002,629,120 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll
    MOD - [2010/05/23 18:24:20 | 001,202,688 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll
    MOD - [2010/05/23 18:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
    MOD - [2010/05/23 18:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll
    MOD - [2010/05/23 17:17:46 | 000,060,416 | ---- | M] () -- C:\Program Files\Rainlendar2\zlib1.dll
    MOD - [2010/05/19 20:55:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
    MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2009/06/29 14:14:36 | 000,012,288 | ---- | M] () -- C:\Program Files\Kodak\AiO\Center\Logger.dll
    MOD - [2009/01/10 22:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
    MOD - [2005/06/14 09:23:38 | 000,221,184 | ---- | M] () -- C:\WINDOWS\system32\Hook.dll
    MOD - [2005/06/13 18:17:16 | 000,249,856 | ---- | M] () -- C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
    MOD - [2005/06/10 18:11:52 | 002,543,616 | ---- | M] () -- C:\WINDOWS\system32\XWheel.dll
    MOD - [2005/06/10 18:11:30 | 000,593,920 | ---- | M] () -- C:\WINDOWS\system32\XIndicator.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
    SRV - [2012/03/11 06:09:24 | 000,067,120 | ---- | M] (Bitdefender) [On_Demand | Stopped] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
    SRV - [2012/03/11 06:09:00 | 001,552,368 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
    SRV - [2012/02/02 17:27:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/01/23 19:23:06 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
    SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Stopped] -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
    SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/05/17 07:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [Auto | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
    SRV - [2011/02/22 14:04:46 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
    SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
    SRV - [2010/07/04 18:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2009/09/19 18:46:00 | 003,474,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/08/05 11:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/03/11 06:09:21 | 000,609,984 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avc3.sys -- (avc3)
    DRV - [2012/03/11 06:09:15 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
    DRV - [2012/03/11 06:08:52 | 000,130,384 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
    DRV - [2011/11/25 13:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
    DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
    DRV - [2011/11/14 19:16:30 | 000,113,616 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
    DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2011/10/27 14:07:06 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\trufos.sys -- (trufos)
    DRV - [2011/09/29 07:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2011/08/16 13:59:34 | 000,360,976 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/05/24 23:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
    DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/06/14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/04/27 02:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2010/04/27 02:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2010/04/27 02:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
    DRV - [2010/01/15 18:11:39 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2008/04/10 11:31:10 | 000,177,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
    DRV - [2008/03/21 16:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/23 21:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
    DRV - [2007/08/28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/09/14 16:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
    DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/02/15 15:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
    DRV - [2005/10/21 11:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2005/06/10 18:06:44 | 000,025,088 | ---- | M] (Game) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GMFilter.sys -- (GMFilter Filter)
    DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)
    DRV - [2001/05/07 10:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) TrashTalk Drivers (usbio.sys)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
    FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
    FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.0
    FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:3.0.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
    FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb115/?loc=IB_DS&a=6R8m0tuTr0&&i=26&search="
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\EAGLE\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\EAGLE\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\EAGLE\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\EAGLE\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Documents and Settings\EAGLE\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox [2012/01/21 16:56:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/07 15:07:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 17:05:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/11/07 15:14:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/03/11 05:13:49 | 000,000,000 | ---D | M]

    [2011/12/02 04:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Extensions
    [2011/12/02 04:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Extensions\[email protected]
    [2012/03/07 15:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions
    [2012/01/21 17:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
    [2010/07/26 09:50:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/01 21:45:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/04/05 17:48:18 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
    [2011/11/06 03:41:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/06 03:41:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/12 18:39:29 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2011/11/06 03:41:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/11/06 03:41:27 | 000,000,000 | ---D | M] (CensureBlock) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\[email protected]
    [2012/03/06 14:07:56 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\[email protected]
    [2012/03/06 14:07:43 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\searchplugins\MyStart Search.xml
    [2012/03/07 15:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/27 22:29:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/07/12 00:16:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/25 12:26:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/12/11 15:47:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/25 22:55:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/05/12 17:04:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2011/06/30 16:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/11/19 11:55:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX
    [2012/01/21 16:56:14 | 000,000,000 | ---D | M] (SPEEDbit Video Downloader) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/09/10 11:29:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2010/09/10 11:29:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2010/09/10 11:29:22 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/09/10 11:29:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb115/?loc=IB_DS&search={searchTerms}&a=6R8m0tuTr0&i=26
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Game Face Plugin (Enabled) = C:\Documents and Settings\EAGLE\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\EAGLE\Application Data\Facebook\npfbplugin_1_0_1.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\EAGLE\Application Data\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Magic Actions for YouTube = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\4.8.1_0\
    CHR - Extension: YouTube = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube quality selector = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceabifbfdgibpkmbmlmnckcdlphlbfba\1.2.4_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
    CHR - Extension: Gmail = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/02 18:27:21 | 000,001,278 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 adobe.activate.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\Grabber.dll (SpeedBit)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
    O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
    O4 - HKLM..\Run: [Trust Gaming mouse] C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe ()
    O4 - HKLM..\Run: [Waiting1690] C:\Windows\stid1690.exe File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
    O4 - HKCU..\Run: [CrossLoop] C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop)
    O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\EAGLE\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
    O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O4 - Startup: C:\Documents and Settings\EAGLE\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\EAGLE\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F8CFD57-128C-4B72-BE1D-1A3E4A49FD3C}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll File not found
    O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
    O24 - Desktop WallPaper: C:\Documents and Settings\EAGLE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\EAGLE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/10/08 15:36:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/10/07 15:24:57 | 000,000,046 | ---- | M] () - C:\AUTOEXEC.SOL -- [ NTFS ]
    O33 - MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2050/12/06 17:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\OFX
    [2050/12/06 17:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
    [2050/12/06 17:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NewBlue
    [2050/12/06 17:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue
    [2012/03/11 19:44:06 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\EAGLE\Desktop\OTL.com
    [2012/03/11 05:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
    [2012/03/11 05:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
    [2012/03/11 05:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EAGLE\Application Data\Bitdefender
    [2012/03/11 05:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
    [2012/03/11 05:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EAGLE\Application Data\QuickScan
    [2012/03/11 05:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2012/03/11 05:01:52 | 000,360,976 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
    [2012/03/11 05:01:38 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
    [2012/03/11 05:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [2012/03/09 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EAGLE\Start Menu\Programs\TubEmAll Pro
    [2012/03/07 03:55:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\EAGLE\Recent
    [2012/03/07 03:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EAGLE\Application Data\SUPERAntiSpyware.com
    [2012/03/07 03:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/03/07 03:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/03/07 03:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/03/07 02:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/03/06 18:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/03/06 18:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EAGLE\Start Menu\Programs\HiJackThis
    [2012/02/27 02:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EAGLE\Application Data\Opanda
    [2012/02/11 01:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\LooksBuilder
    [2009/11/14 04:12:15 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\EAGLE\Application Data\vso_ts_preview.xml
    [2009/11/14 04:11:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\EAGLE\Application Data\inst.exe
    [2009/11/14 04:11:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\EAGLE\Application Data\pcouffin.sys
    [2009/11/14 04:11:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\EAGLE\Application Data\pcouffin.cat
    [2009/11/14 04:11:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\EAGLE\Application Data\pcouffin.inf
    [2009/11/08 11:56:07 | 157,484,384 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
    [2009/11/02 20:07:17 | 005,862,994 | ---- | C] () -- C:\Program Files\ts2_client_rc2_2032.exe
    [2009/10/30 23:38:39 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/30 13:27:00 | 000,055,936 | ---- | C] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/10/30 00:03:04 | 003,169,788 | -H-- | C] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\IconCache.db
    [2009/08/20 08:15:08 | 135,630,545 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
    [2009/08/20 08:13:26 | 009,815,040 | ---- | C] () -- C:\Program Files\openofficeorg31.msi
    [2009/08/19 08:31:00 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
    [2009/03/26 10:36:32 | 000,451,928 | ---- | C] () -- C:\Program Files\setup.exe
    [2002/03/11 09:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
    [2002/03/11 08:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2094/06/24 02:00:10 | 000,179,811 | ---- | M] () -- C:\Documents and Settings\EAGLE\Desktop\MPEG Streamclip Guide.pdf
    [2012/03/11 19:53:26 | 000,000,322 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
    [2012/03/11 19:44:00 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EAGLE\Desktop\OTL.com
    [2012/03/11 19:42:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-515967899-725345543-1003UA.job
    [2012/03/11 19:25:50 | 000,304,761 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\census.cache
    [2012/03/11 19:25:11 | 000,282,134 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\ars.cache
    [2012/03/11 19:07:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e2457ef1-3d84-482a-a8cb-a26f4a3dd27f.job
    [2012/03/11 18:07:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/11 18:03:22 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-839522115-515967899-725345543-1003UA.job
    [2012/03/11 17:54:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\housecall.guid.cache
    [2012/03/11 15:03:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-839522115-515967899-725345543-1003Core.job
    [2012/03/11 06:09:21 | 000,609,984 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
    [2012/03/11 06:09:15 | 000,447,208 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
    [2012/03/11 05:19:43 | 000,161,869 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4568.bin
    [2012/03/11 05:19:43 | 000,074,867 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4988.bin
    [2012/03/11 05:19:43 | 000,052,085 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.5368.bin
    [2012/03/11 05:19:43 | 000,023,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.3724.bin
    [2012/03/11 05:17:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/03/11 05:17:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2012/03/11 05:14:11 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
    [2012/03/11 05:12:48 | 000,001,260 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.2220.bin
    [2012/03/11 05:10:57 | 000,006,210 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4728.bin
    [2012/03/11 05:07:30 | 000,004,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.1112.bin
    [2012/03/11 05:07:15 | 000,004,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.3612.bin
    [2012/03/11 05:01:54 | 000,010,490 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.3340.bin
    [2012/03/11 05:01:39 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4776.bin
    [2012/03/11 05:01:38 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1331442089.2084.bin
    [2012/03/11 02:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 5a4c9685-b0ba-42e3-aeee-7c946b84199c.job
    [2012/03/10 22:42:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-515967899-725345543-1003Core.job
    [2012/03/09 01:15:30 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\EAGLE\Desktop\TubEmAll Pro.lnk
    [2012/03/08 01:21:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\EAGLE\Desktop\gpmfhhxx.exe
    [2012/03/07 03:06:35 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2012/03/07 02:58:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/03/07 02:43:35 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\EAGLE\Desktop\Google Chrome.lnk
    [2012/03/07 02:43:35 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\EAGLE\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/03/06 18:27:25 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\EAGLE\Desktop\HiJackThis.lnk
    [2012/03/06 14:08:05 | 000,000,447 | ---- | M] () -- C:\user.js
    [2012/03/05 20:43:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/04 14:35:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/02/18 23:56:10 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
    [2012/02/18 23:56:10 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
    [2012/02/18 23:56:09 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
    [2012/02/18 23:56:09 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
    [2012/02/18 23:56:09 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
    [2012/02/18 19:38:57 | 003,759,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/02/15 03:12:32 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/02/15 03:12:32 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/11 19:25:50 | 000,304,761 | ---- | C] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\census.cache
    [2012/03/11 19:25:11 | 000,282,134 | ---- | C] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\ars.cache
    [2012/03/11 17:54:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\EAGLE\Local Settings\Application Data\housecall.guid.cache
    [2012/03/11 06:02:40 | 000,000,322 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
    [2012/03/11 05:17:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/03/11 05:17:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2012/03/11 05:14:11 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
    [2012/03/11 05:12:45 | 000,001,260 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.2220.bin
    [2012/03/11 05:07:38 | 000,074,867 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4988.bin
    [2012/03/11 05:07:20 | 000,004,512 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.1112.bin
    [2012/03/11 05:07:08 | 000,004,512 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.3612.bin
    [2012/03/11 05:01:38 | 000,010,490 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.3340.bin
    [2012/03/11 05:01:38 | 000,006,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4728.bin
    [2012/03/11 05:01:38 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4776.bin
    [2012/03/11 05:01:38 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.2084.bin
    [2012/03/11 05:01:31 | 000,161,869 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.4568.bin
    [2012/03/11 05:01:30 | 000,023,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.3724.bin
    [2012/03/11 05:01:29 | 000,052,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1331442089.5368.bin
    [2012/03/09 01:15:30 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\EAGLE\Desktop\TubEmAll Pro.lnk
    [2012/03/08 01:21:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\EAGLE\Desktop\gpmfhhxx.exe
    [2012/03/07 03:07:31 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e2457ef1-3d84-482a-a8cb-a26f4a3dd27f.job
    [2012/03/07 03:07:29 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 5a4c9685-b0ba-42e3-aeee-7c946b84199c.job
    [2012/03/07 03:06:35 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
    [2012/03/07 02:58:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/03/06 18:27:25 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\EAGLE\Desktop\HiJackThis.lnk
    [2012/03/06 14:08:01 | 000,000,447 | ---- | C] () -- C:\user.js
    [2012/02/15 16:18:58 | 000,270,142 | ---- | C] () -- C:\Documents and Settings\EAGLE\Desktop\Minecraft.exe
    [2012/02/15 00:24:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/15 00:24:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
    [2012/02/03 20:28:24 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
    [2012/02/03 20:28:24 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
    [2012/02/02 19:03:05 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2012/02/02 19:03:05 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2012/02/02 19:03:05 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2012/02/02 19:03:05 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
    [2012/02/02 19:03:05 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
    [2012/02/02 19:03:04 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
    [2012/01/31 17:44:37 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
    [2011/11/11 02:40:25 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
    [2011/09/12 03:17:14 | 000,645,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/07/13 03:00:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
    [2011/07/11 07:10:18 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2011/07/11 07:10:18 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2011/06/29 08:46:50 | 004,070,912 | ---- | C] () -- C:\WINDOWS\System32\PhotoLooksRenderer.dll
    [2011/06/29 07:56:38 | 004,073,472 | ---- | C] () -- C:\WINDOWS\System32\ColoristaRenderer.dll
    [2011/06/29 07:42:02 | 004,130,816 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
    [2011/06/29 07:07:48 | 003,617,280 | ---- | C] () -- C:\WINDOWS\System32\CosmoRenderer.dll
    [2010/12/06 20:44:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/03 07:30:19 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
    [2010/12/03 07:30:19 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
    [2010/12/03 07:30:18 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
    [2010/12/03 07:30:17 | 000,000,275 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
    [2010/12/03 02:28:11 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
    [2010/11/08 12:30:57 | 006,814,952 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
    [2010/09/23 19:33:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2010/09/23 19:33:44 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2010/09/23 19:33:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\EAGLE\Application Data\$_hpcst$.hpc
    [2010/05/24 19:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2010/05/24 19:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2010/05/24 19:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
    [2010/05/24 19:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2010/05/24 19:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2010/05/24 19:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2010/05/24 19:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2010/05/24 19:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2010/05/24 19:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2010/05/24 19:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2010/05/24 19:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2010/05/24 19:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2010/05/24 19:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2010/05/24 19:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/05/24 19:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2010/05/24 19:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2010/05/19 20:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2010/05/19 20:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2010/05/19 20:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2010/05/19 20:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2010/05/19 20:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
    [2010/05/19 20:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2010/05/19 20:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2010/05/19 20:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2010/05/19 20:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
    [2010/05/19 20:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2010/05/19 20:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
    [2010/05/19 20:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2010/05/19 20:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2010/05/12 22:38:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/04/06 02:23:09 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
    [2010/04/05 23:57:51 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2010/04/05 23:57:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2010/04/05 23:57:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2010/04/05 23:57:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
    [2010/03/23 21:39:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

    ========== LOP Check ==========

    [2010/07/07 21:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
    [2012/03/11 05:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
    [2012/03/11 05:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
    [2012/02/03 17:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
    [2011/06/29 18:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
    [2011/07/02 13:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
    [2010/11/07 15:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/09/09 22:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
    [2011/11/11 03:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK
    [2012/02/02 19:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
    [2012/02/03 00:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
    [2011/03/10 15:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
    [2011/10/12 12:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RedGiant
    [2011/09/06 13:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/09/23 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2010/04/01 13:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solid MP4 Video Converter
    [2011/09/01 14:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2012/01/21 16:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
    [2012/01/21 17:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/11/12 21:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/11/14 10:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2011/12/14 19:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeGame
    [2011/11/24 23:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/12/15 19:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/11/24 22:08:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
    [2012/02/15 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\.minecraft
    [2010/07/07 21:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Ableton
    [2010/07/01 15:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Amazon
    [2012/03/11 05:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Bitdefender
    [2012/02/03 20:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Cakewalk
    [2011/11/18 21:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Canon
    [2010/01/15 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\DAEMON Tools Pro
    [2010/04/05 23:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\DataCast
    [2010/11/08 15:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\dBpoweramp
    [2011/11/11 02:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Dev-Cpp
    [2011/12/02 18:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Dropbox
    [2010/10/06 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Electronic Arts
    [2010/10/22 10:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\ElevatedDiagnostics
    [2010/03/31 20:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Facebook
    [2011/10/10 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\fltk.org
    [2011/12/14 18:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Free Audio Editor
    [2010/05/12 22:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\FreeAudioPack
    [2010/10/02 15:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\GetRightToGo
    [2011/07/02 13:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\go
    [2011/11/20 14:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\HandBrake
    [2009/11/30 17:37:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\EAGLE\Application Data\ijjigame
    [2009/11/12 23:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    [2011/12/25 23:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\ManyCam
    [2011/11/02 14:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Maxthon3
    [2010/09/23 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\ML
    [2011/12/17 01:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\MP3AudioRecorder
    [2011/11/18 22:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\MPEG Streamclip
    [2011/12/14 20:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Mumble
    [2012/02/08 01:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\NetMedia Providers
    [2012/02/27 02:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Opanda
    [2009/11/03 17:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\OpenOffice.org
    [2011/08/21 02:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Passware
    [2011/03/10 15:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\PDF Writer
    [2011/09/14 15:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Publish Providers
    [2012/03/11 05:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\QuickScan
    [2010/11/24 22:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Rainmeter
    [2010/09/23 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Samsung
    [2011/12/02 18:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\SharePod
    [2011/12/18 02:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\SMRecorder
    [2010/12/11 18:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\SoftGrid Client
    [2011/12/02 04:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Songbird2
    [2012/02/04 01:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Sony
    [2011/12/06 21:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Sony Creative Software Inc
    [2010/11/24 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Stardock
    [2011/04/09 21:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\StreamTorrent
    [2010/12/10 15:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Subversion
    [2010/08/10 09:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Temp
    [2012/03/07 02:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Toolbar4
    [2010/12/11 17:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\TP
    [2012/03/11 04:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\uTorrent
    [2012/03/07 04:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Vso
    [2011/04/03 20:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\WebcamMax
    [2012/01/21 17:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EAGLE\Application Data\Youtube Downloader HD
    [2012/03/11 15:03:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-839522115-515967899-725345543-1003Core.job
    [2012/03/11 18:03:22 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-839522115-515967899-725345543-1003UA.job
    [2012/03/11 02:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5a4c9685-b0ba-42e3-aeee-7c946b84199c.job
    [2012/03/11 19:07:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e2457ef1-3d84-482a-a8cb-a26f4a3dd27f.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:862BDB1A

    < End of report >
     
  6. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    Extras.txt


    OTL Extras logfile created on: 11/03/2012 19:51:38 - Run 1
    OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\EAGLE\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.63% Memory free
    4.32 Gb Paging File | 2.12 Gb Available in Paging File | 48.95% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 21.88 Gb Free Space | 29.36% Space Free | Partition Type: NTFS
    Drive D: | 107.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MSHOME123 | User Name: EAGLE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" %*
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" %*
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [SPEEDbitVideoConverter] -- "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
    "8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
    "8372:TCP" = 8372:TCP:*:Enabled:League of Legends Launcher
    "8372:UDP" = 8372:UDP:*:Enabled:League of Legends Launcher
    "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
    "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
    "9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
    "10777:UDP" = 10777:UDP:LocalSubNet:Enabled:passware Kit Enterprise 10.3
    "5910:TCP" = 5910:TCP:*:Enabled:vnc5910

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    "C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
    "C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\League of Legends\Air\LolClient.exe" = C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
    "C:\Program Files\League of Legends\Game\League of Legends.exe" = C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
    "C:\ijji\ENGLISH\Gunz\Gunz.exe" = C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz
    "C:\Program Files\Steam\steamapps\benakaginge\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\benakaginge\team fortress 2\hl2.exe:*:Enabled:hl2
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
    "C:\Program Files\RelevantKnowledge\rlvknlg.exe" = C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe
    "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "C:\SRN Micro\SOLOCFG.EXE" = C:\SRN Micro\SOLOCFG.EXE:*:Enabled:Solo Scheduler
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
    "C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Sony\Vegas Pro 10.0\vegas100.exe" = C:\Program Files\Sony\Vegas Pro 10.0\vegas100.exe:*:Enabled:Vegas Pro -- (Sony Creative Software Inc.)
    "C:\WINDOWS\system32\regsvr32.exe" = C:\WINDOWS\system32\regsvr32.exe:*:Enabled:Microsoft(C) Register Server -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Documents and Settings\EAGLE\My Documents\Downloads\winamp5621_full_emusic-7plus_en-us.exe" = C:\Documents and Settings\EAGLE\My Documents\Downloads\winamp5621_full_emusic-7plus_en-us.exe:*:Enabled:winamp5621_full_emusic-7plus_en-us -- (Nullsoft, Inc.)
    "C:\Documents and Settings\EAGLE\My Documents\Downloads\winamp5622_full_emusic-7plus_en-us.exe" = C:\Documents and Settings\EAGLE\My Documents\Downloads\winamp5622_full_emusic-7plus_en-us.exe:*:Enabled:winamp5622_full_emusic-7plus_en-us -- (Nullsoft, Inc.)
    "C:\Documents and Settings\EAGLE\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\EAGLE\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
    "C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire
    "C:\Documents and Settings\EAGLE\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\EAGLE\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
    "C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
    "C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)
    "C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe" = C:\Documents and Settings\EAGLE\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing -- (CrossLoop)
    "C:\Program Files\Adobe\Adobe Premiere Pro CS4\Adobe Premiere Pro.exe" = C:\Program Files\Adobe\Adobe Premiere Pro CS4\Adobe Premiere Pro.exe:*:Enabled:Adobe Premiere Pro CS4 -- (Adobe Systems, Incorporated)
    "C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:*:Enabled:Adobe Photoshop CS3 -- (Adobe Systems, Incorporated)
    "C:\Documents and Settings\EAGLE\Local Settings\Temp\incredibar_install.exe" = C:\Documents and Settings\EAGLE\Local Settings\Temp\incredibar_install.exe:*:Enabled:IncrediBar Installer -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
    "{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1AC3BE1A-A59E-48F4-82CB-DF4FBB16990C}" = Passware Kit Enterprise 10.3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{21E77392-C30A-4AA2-8CA7-5728316939D6}" = AmpliTube X-GEAR
    "{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}" = GM-4200 Gamer Mouse Optical
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
    "{271DF654-5D34-4533-880E-3EE6F947B79A}" = Remote Desktop Control 2.8.0.31 Trial
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
    "{56BA241F-580C-43D2-8403-947241AAE633}" = center
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE
    "{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
    "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
    "{70365740-1568-4BA4-AE38-25909415D352}" = AAV ColorLab 32-bit 1.0.10.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193d
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{8527C3D5-BA1D-46E9-88D2-AF25544311A3}" = JPEG Camera v1.1.3.4
    "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype&#8482; 5.5
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
    "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}" = ACID Pro 7.0
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
    "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
    "{C263F7CB-0B12-4348-8177-251C891B82A8}" = Magic Bullet Suite 32-bit
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
    "{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Centre
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E82FBDF4-8C89-4513-B8D8-23378MP4VIDEO}_is1" = Solid MP4 Video Converter 1.3.1
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F83B33CD-1422-448A-82DC-26D174F49189}" = AES Crypt
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "AllToAVI" = AllToAVI v4 r5394
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "ASIO4ALL" = ASIO4ALL
    "Audacity_is1" = Audacity 1.2.6
    "AudioCreator_is1" = Audio Creator LE 1.5
    "AviSynth" = AviSynth 2.5
    "Bitdefender" = Bitdefender Total Security 2012
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1136
    "Cakewalk Sound Center_is1" = Cakewalk Sound Center 1.0.0
    "Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
    "Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
    "CAL" = Canon Camera Access Library
    "CameraUserGuide-PSA480" = Canon PowerShot A480 Camera User Guide
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "CDisplay_is1" = CDisplay 1.8
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "CompuApps SwissKnife V3" = CompuApps SwissKnife V3
    "Convert WAV To MP3_is1" = Convert WAV To MP3 1.0
    "CrossLoop_is1" = CrossLoop 2.82
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "DivXLand Bitrate Calculator" = DivXLand Bitrate Calculator
    "DivXLand Media Subtitler" = DivXLand Media Subtitler
    "DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
    "DPP" = Canon Utilities Digital Photo Professional 3.10
    "EOS Sample Music" = Canon Utilities EOS Sample Music
    "EOS Utility" = Canon Utilities EOS Utility
    "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    "Fences" = Fences
    "ffdshow_is1" = ffdshow v1.1.3631 [2010-11-15]
    "Focus MP3 Recorder Pro_is1" = Focus MP3 Recorder Pro 4.0
    "Fraps" = Fraps (remove only)
    "Free CD Ripper_is1" = Free CD Ripper 3.1
    "Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{C263F7CB-0B12-4348-8177-251C891B82A8}" = Magic Bullet Suite 32-bit
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Basic)
    "Levelator_is1" = Levelator
    "LHTTSENG" = L&H TTS3000 British English
    "Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
    "Magic Bullet Mojo Vegas" = Magic Bullet Mojo Vegas
    "ManyCam" = ManyCam 2.6.65 (remove only)
    "Maxthon3" = Maxthon 3
    "Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Movie Looks Vegas HD" = Movie Looks Vegas HD
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
    "Music Creator_is1" = Music Creator 5
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
    "NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
    "NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
    "NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
    "NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
    "NewBlue Light Effects for Windows" = NewBlue Light Effects for Windows
    "NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
    "NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
    "NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows
    "NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
    "NewBlue Sampler Pack for Windows" = NewBlue Sampler Pack for Windows
    "NewBlue Stabilizer for Windows" = NewBlue Stabilizer for Windows
    "NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
    "NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows
    "NewBlue Video Essentials III for Windows" = NewBlue Video Essentials III for Windows
    "NewBlue Video Essentials IV for Windows" = NewBlue Video Essentials IV for Windows
    "ObjectDock Plus" = ObjectDock Plus
    "PeerGuardian_is1" = PeerGuardian 2.0
    "Personal Printing Guide" = Canon Personal Printing Guide
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "PS3 Media Server" = PS3 Media Server
    "Rainlendar2" = Rainlendar2 (remove only)
    "Rainmeter" = Rainmeter (remove only)
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
    "SONAR LE" = SONAR LE
    "SopCast" = SopCast 3.3.2
    "SpeedBit Video Accelerator" = SpeedBit Video Accelerator
    "SPEEDbit Video Downloader" = SpeedBit Video Downloader
    "StreamTorrent 1.0" = StreamTorrent 1.0
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "TrashTalk_is1" = TrashTalk
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.0.5
    "VobSub" = VobSub v2.23 (Remove Only)
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid Video Codec 1.3.2" = Xvid Video Codec
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.8
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18
    "EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
    "Facebook Plug-In" = Facebook Plug-In
    "Game Organizer" = EasyBits GO
    "Google Chrome" = Google Chrome
    "I-Doser v4" = I-Doser v4
    "UnityWebPlayer" = Unity Web Player
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/12/2011 07:40:10 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._smb._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 13/12/2011 13:26:38 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._pdl-datastream._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 13/12/2011 13:26:38 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._scanner._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 13/12/2011 13:26:38 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._smb._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 14/12/2011 06:15:47 | Computer Name = MSHOME123 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 15/12/2011 09:16:02 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._pdl-datastream._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 15/12/2011 09:16:02 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._scanner._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 15/12/2011 09:16:02 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._smb._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 16/12/2011 12:18:32 | Computer Name = MSHOME123 | Source = Application Hang | ID = 1002
    Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 16/12/2011 12:18:35 | Computer Name = MSHOME123 | Source = Application Hang | ID = 1001
    Description = Fault bucket 337816799.

    [ Application Events ]
    Error - 12/12/2011 07:40:10 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._smb._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 13/12/2011 13:26:38 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._pdl-datastream._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 13/12/2011 13:26:38 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._scanner._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 13/12/2011 13:26:38 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._smb._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 14/12/2011 06:15:47 | Computer Name = MSHOME123 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 15/12/2011 09:16:02 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._pdl-datastream._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 15/12/2011 09:16:02 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._scanner._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 15/12/2011 09:16:02 | Computer Name = MSHOME123 | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(KodakESP5200+3669._smb._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 16/12/2011 12:18:32 | Computer Name = MSHOME123 | Source = Application Hang | ID = 1002
    Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 16/12/2011 12:18:35 | Computer Name = MSHOME123 | Source = Application Hang | ID = 1001
    Description = Fault bucket 337816799.

    [ System Events ]
    Error - 09/01/2012 22:18:23 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1066

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7022
    Description = The ESET Service service hung on starting.

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7034
    Description = The Yahoo! Updater service terminated unexpectedly. It has done this
    1 time(s).

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    MRxSmb

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 10/01/2012 20:31:00 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/01/2012 07:30:48 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/01/2012 14:14:50 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 4 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/01/2012 14:14:56 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 11/01/2012 16:01:09 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 5 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    [ System Events ]
    Error - 09/01/2012 22:18:23 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Workstation service which
    failed to start because of the following error: %%1066

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7022
    Description = The ESET Service service hung on starting.

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7034
    Description = The Yahoo! Updater service terminated unexpectedly. It has done this
    1 time(s).

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    MRxSmb

    Error - 09/01/2012 22:20:38 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 10/01/2012 20:31:00 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/01/2012 07:30:48 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/01/2012 14:14:50 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 4 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/01/2012 14:14:56 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 11/01/2012 16:01:09 | Computer Name = MSHOME123 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 5 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.


    < End of report >
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Continue as folows :-

    Step 1

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26
      FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
      FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
      FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26"
      FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
      FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb115/?loc=IB_DS&a=6R8m0tuTr0&&i=26&search="
      [2012/03/06 14:07:56 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\ffxtlbr@incrediba r.com
      [2012/03/06 14:07:43 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\searchplugins\MyStart Search.xml
      CHR - default_search_provider: MyStart Search (Enabled)
      CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb115/?loc=IB_DS&search={searchTerms}&a=6R8m0tuTr0&i=26
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
      O33 - MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\Shell - "" = AutoRun
      O33 - MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
      :Files
      ipconfig /flushdns /c
      [Commands]
      [emptytemp]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Let me see the following :-

    • Log from OTL fix
    • Log from Malwarebytes
    • Log from Security Checks

    Kevin
     
  8. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    Log from OTL

    All processes killed
    ========== OTL ==========
    Service NMIndexingService stopped successfully!
    Service NMIndexingService deleted successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
    Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
    Prefs.js: "http://mystart.incredibar.com/mb115?a=6R8m0tuTr0&i=26" removed from browser.startup.homepage
    Prefs.js: [email protected]:1.5.0 removed from extensions.enabledItems
    Prefs.js: "http://mystart.incredibar.com/mb115/?loc=IB_DS&a=6R8m0tuTr0&&i=26&search=" removed from keyword.URL
    Folder C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\extensions\ffxtlbr@incrediba r.com\ not found.
    C:\Documents and Settings\EAGLE\Application Data\Mozilla\Firefox\Profiles\lsgtf3bx.default\searchplugins\MyStart Search.xml moved successfully.
    Unable to fix default_search_provider items.
    Unable to fix default_search_provider items.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f0375c-23f6-11df-857a-001641da9161}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f0375c-23f6-11df-857a-001641da9161}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f0375c-23f6-11df-857a-001641da9161}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f0375c-23f6-11df-857a-001641da9161}\ not found.
    File F:\LaunchU3.exe -a not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\EAGLE\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\EAGLE\Desktop\cmd.txt deleted successfully.
    File\Folder [Commands] not found.
    File\Folder [emptytemp] not found.
    File\Folder [CREATERESTOREPOINT] not found.
    File\Folder [Reboot] not found.

    OTL by OldTimer - Version 3.2.33.1 log created on 03122012_003935

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Log from Malwarebytes


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.11.12

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    EAGLE :: MSHOME123 [administrator]

    12/03/2012 01:16:13
    mbam-log-2012-03-12 (01-16-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212355
    Time elapsed: 13 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\EAGLE\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

    (end)

    Log from Security Checks


    Results of screen317's Security Check version 0.99.31
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Bitdefender Total Security 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SUPERAntiSpyware
    CCleaner
    Java(TM) 6 Update 22
    Java(TM) 6 Update 29
    Java version out of date!
    Adobe Flash Player 11.1.102.62
    Adobe Reader X (10.1.1)
    Mozilla Firefox (3.6.25) Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Bitdefender Bitdefender 2012 vsserv.exe
    Bitdefender Bitdefender 2012 updatesrv.exe
    Bitdefender Bitdefender 2012 bdagent.exe
    ``````````End of Log````````````
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    OK do the following :-

    Step 1

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      :Files
      :Commands
      [resethosts]
      [emptytemp]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Step 2

    Select Start > Control Panel > Add/Remove Programs, Remove the following:

    Java(TM) 6 Update 22

    Step 3

    Your Adobe Flash Player is out of date. Older versions are vulnerable to attack and exploitation
    Please go to the link below to update.
    Adobe Flash Player Untick the Free McAfee® Security Scan Plus (optional) Not required

    Step 4

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Let me know if those steps complete, post the new log from OTL fix and give update on current issues/concerns...

    Kevin
     
  10. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    Here's the log


    All processes killed
    ========== OTL ==========
    ========== FILES ==========
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: EAGLE
    ->Temp folder emptied: 4321780666 bytes
    ->Temporary Internet Files folder emptied: 260005143 bytes
    ->Java cache emptied: 74196146 bytes
    ->FireFox cache emptied: 59249118 bytes
    ->Google Chrome cache emptied: 254688009 bytes
    ->Apple Safari cache emptied: 16384 bytes
    ->Flash cache emptied: 101203 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 35326 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 41920522 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2260587 bytes
    %systemroot%\System32 .tmp files removed: 2049553 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2962023564 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 157758110 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 21078146 bytes

    Total Files Cleaned = 7,780.00 mb


    OTL by OldTimer - Version 3.2.33.1 log created on 03122012_113251

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...




    I changed the search engine option back to google which I should have done first (silly me). I have no idea if mystart incredibar is still on my system in any way, shape or form. It seems to have only blue screened on me once today compared to yesterdays 3/4/5. Chrome I find may be messing up a bit, it seems to lose connection and won't load up webpages past a point, I sometimes had this problem normally with up sometimes crashing but it'd be once an hour, not once every 15-30 minutes where I close down the browser and load it back up again and it won't load up any web pages. So I have to right click on the wireless network connection and click repair for it to load webpages. It's like it's losing it's connection to the internet but the internet is still fine on my laptop. I have an incline I had this problem before and I fixed it by re-installing chrome, but this is not something I want to do yet.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    All references to My Start have been removed with OTL so should not be an issue for you anymore. Regarding Chrome, the best option is to re-install it...

    Do this to clean up tools:

    • Re-open [​IMG] to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    If you are having BSOD issues run the following;

    Please download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.
    Next, Right click on "My Computer" and select "Properties" select "Advanced Tab." From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".

    Under “System Failure” make sure “write an event to system log” IS ticked and “Automatically restart” is NOT ticked
    Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

    Kevin...
     
  12. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    What do you mean by clean up tools? I got a bit confused by what you're trying to do.

    And these are the issues from blue screen viewer


    ==================================================
    Dump File : Mini031212-02.dmp
    Crash Time : 12/03/2012 20:57:51
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0xbf905f65
    Parameter 3 : 0xa2ff59f8
    Parameter 4 : 0x00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+105f65
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.6188 (xpsp_sp3_gdr.120112-1716)
    Processor : 32-bit
    Crash Address : win32k.sys+105f65
    Stack Address 1 : win32k.sys+f703c
    Stack Address 2 : win32k.sys+f6d39
    Stack Address 3 : ntoskrnl.exe+6a67c
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini031212-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini031212-01.dmp
    Crash Time : 12/03/2012 15:01:26
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x10000050
    Parameter 1 : 0xe379f01c
    Parameter 2 : 0x00000000
    Parameter 3 : 0xbf82ebb3
    Parameter 4 : 0x00000001
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+2ebb3
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.6188 (xpsp_sp3_gdr.120112-1716)
    Processor : 32-bit
    Crash Address : win32k.sys+2ebb3
    Stack Address 1 : win32k.sys+3a808
    Stack Address 2 : win32k.sys+154b73
    Stack Address 3 : win32k.sys+14b98f
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini031212-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini031112-01.dmp
    Crash Time : 11/03/2012 18:07:42
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x10000050
    Parameter 1 : 0xe142101c
    Parameter 2 : 0x00000000
    Parameter 3 : 0xbf82ebb3
    Parameter 4 : 0x00000001
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+2ebb3
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.6188 (xpsp_sp3_gdr.120112-1716)
    Processor : 32-bit
    Crash Address : win32k.sys+2ebb3
    Stack Address 1 : win32k.sys+2f129
    Stack Address 2 : win32k.sys+2ee69
    Stack Address 3 : ntoskrnl.exe+6a67c
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini031112-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini031012-02.dmp
    Crash Time : 10/03/2012 02:20:59
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0xbf8124c6
    Parameter 3 : 0xa6ca7878
    Parameter 4 : 0x00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+124c6
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.6188 (xpsp_sp3_gdr.120112-1716)
    Processor : 32-bit
    Crash Address : win32k.sys+124c6
    Stack Address 1 : win32k.sys+1188f
    Stack Address 2 : win32k.sys+1c942
    Stack Address 3 : win32k.sys+998d9
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini031012-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 98,304
    ==================================================

    ==================================================
    Dump File : Mini031012-01.dmp
    Crash Time : 10/03/2012 02:05:27
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0xbf8124c6
    Parameter 3 : 0xa47b9878
    Parameter 4 : 0x00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+124c6
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.6188 (xpsp_sp3_gdr.120112-1716)
    Processor : 32-bit
    Crash Address : win32k.sys+124c6
    Stack Address 1 : win32k.sys+1188f
    Stack Address 2 : win32k.sys+1c942
    Stack Address 3 : win32k.sys+998d9
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini031012-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 98,304
    ==================================================

    ==================================================
    Dump File : Mini030812-03.dmp
    Crash Time : 08/03/2012 14:03:21
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0xbf8124c6
    Parameter 3 : 0xa6aa3878
    Parameter 4 : 0x00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+124c6
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.6188 (xpsp_sp3_gdr.120112-1716)
    Processor : 32-bit
    Crash Address : win32k.sys+124c6
    Stack Address 1 : win32k.sys+1188f
    Stack Address 2 : win32k.sys+1c942
    Stack Address 3 : win32k.sys+998d9
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini030812-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 98,304
    ==================================================

    ==================================================
    Dump File : Mini030812-02.dmp
    Crash Time : 08/03/2012 01:36:18
    Bug Check String : BAD_POOL_HEADER
    Bug Check Code : 0x00000019
    Parameter 1 : 0x00000020
    Parameter 2 : 0x88ec8388
    Parameter 3 : 0x88ec8bb0
    Parameter 4 : 0x1b050004
    Caused By Driver : awtdrpod.sys
    Caused By Address : awtdrpod.sys+55b0
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address : ntoskrnl.exe+22f43
    Stack Address 1 : ntoskrnl.exe+74583
    Stack Address 2 : ntoskrnl.exe+1dc20
    Stack Address 3 : ntoskrnl.exe+28853
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini030812-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 98,304
    ==================================================

    ==================================================
    Dump File : Mini030812-01.dmp
    Crash Time : 08/03/2012 01:25:34
    Bug Check String : BAD_POOL_HEADER
    Bug Check Code : 0x00000019
    Parameter 1 : 0x00000020
    Parameter 2 : 0x88d82000
    Parameter 3 : 0x88d82828
    Parameter 4 : 0x1b050000
    Caused By Driver : awtdrpod.sys
    Caused By Address : awtdrpod.sys+55b0
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address : ntoskrnl.exe+22f43
    Stack Address 1 : ntoskrnl.exe+74583
    Stack Address 2 : ntoskrnl.exe+1dc20
    Stack Address 3 : ntoskrnl.exe+28853
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini030812-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 98,304
    ==================================================
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    By tools I just mean scanners we have used, Any that remain on your Desktop can be deleted after running OTL cleanup..

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :filefind
      win32k.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  14. wubwubwub

    wubwubwub Thread Starter

    Joined:
    Mar 7, 2012
    Messages:
    25
    SystemLook Scan

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:50 on 12/03/2012 by EAGLE
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "win32k.sys"
    C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys --a--c- 1861120 bytes [02:14 24/06/2010] [02:14 24/06/2010] C0B2DA12C5CB448F9EA3AF16416745CB
    C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys --a--c- 1862272 bytes [13:27 26/10/2010] [13:27 26/10/2010] ED970A04FDAEAB9D9A5FA9B25E9196A8
    C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys --a--c- 1864064 bytes [13:14 31/12/2010] [13:14 31/12/2010] 62FC2280FBEA1DCC64A276BCF71709D9
    C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys --a--c- 1866880 bytes [13:27 03/03/2011] [13:27 03/03/2011] D302C0D9ADC931B598405D2C953B334B
    C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys --a--c- 1867904 bytes [14:07 02/06/2011] [14:07 02/06/2011] BE79F0A0273DEF353BA5D1F43CBAD858
    C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys --a--c- 1867904 bytes [13:25 06/09/2011] [13:25 06/09/2011] C30AAF3B63F3BE3B515B50FB7292EA9F
    C:\WINDOWS\$hf_mig$\KB2639417\SP3QFE\win32k.sys --a---- 1868544 bytes [13:29 23/11/2011] [13:29 23/11/2011] 679592ECA1DAEBC7D912AFF21F68A682
    C:\WINDOWS\$hf_mig$\KB2660465\SP3QFE\win32k.sys --a---- 1869056 bytes [16:54 12/01/2012] [16:54 12/01/2012] 8BA29CE11D73CC2C1C42FD00854C398B
    C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys --a--c- 1847808 bytes [10:50 17/04/2009] [10:50 17/04/2009] 7CEDA3396DECF312144BC788D699EE48
    C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys --a--c- 1859712 bytes [12:19 14/08/2009] [12:19 14/08/2009] F6B54A56F02D24BF43E72662D44A6B14
    C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys --a--c- 1860352 bytes [06:34 02/05/2010] [06:34 02/05/2010] A3D4A7B714D4A74B7CD4296302F1A9FA
    C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys --a--c- 1861888 bytes [13:38 31/08/2010] [13:38 31/08/2010] 51420D569A883CC13D656783B2C86D8E
    C:\WINDOWS\$NtServicePackUninstall$\win32k.sys -----c- 1835904 bytes [14:58 30/10/2009] [12:00 04/08/2004] B74C69A810949E7A54DC688CAE662206
    C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys -----c- 1851264 bytes [12:14 12/08/2010] [05:22 02/05/2010] B9D41312F6D9FFA8D1D80488D9FDE849
    C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys -----c- 1852800 bytes [12:54 16/12/2010] [13:42 31/08/2010] A77B5764CD2106D36148CB5E5DDF6BC6
    C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys -----c- 1853312 bytes [03:04 10/02/2011] [13:25 26/10/2010] E40E572FD5DA970921A893B05FB217D9
    C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys -----c- 1854976 bytes [01:16 15/04/2011] [13:10 31/12/2010] 4F404415E13DDC541CB34294D266B65C
    C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys -----c- 1857920 bytes [01:11 14/07/2011] [13:21 03/03/2011] 4F97E6BAAA847EA90EBBCD90A3FFA8E5
    C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys -----c- 1858944 bytes [02:03 14/10/2011] [14:02 02/06/2011] E97153BE7D053976348554EFD71C53A8
    C:\WINDOWS\$NtUninstallKB2639417$\win32k.sys -----c- 1858944 bytes [03:24 16/12/2011] [13:20 06/09/2011] BFE37C3B420D2CA00D83554182130D32
    C:\WINDOWS\$NtUninstallKB2660465$\win32k.sys -----c- 1859584 bytes [03:03 15/02/2012] [13:25 23/11/2011] A3952692FE63986981A54AEB7BCC39C8
    C:\WINDOWS\$NtUninstallKB968537$\win32k.sys -----c- 1845632 bytes [15:29 30/10/2009] [19:30 13/04/2008] DE01D79A607C7B9AE7FF88E934D0FFB2
    C:\WINDOWS\$NtUninstallKB969947$\win32k.sys -----c- 1847168 bytes [15:48 11/11/2009] [12:26 17/04/2009] B707EA8E261F47B51CAC6FB7AF7770F6
    C:\WINDOWS\$NtUninstallKB979559$\win32k.sys -----c- 1850624 bytes [02:14 13/06/2010] [13:21 14/08/2009] 716ED09D8D9A9E1E4A03549B32B68186
    C:\WINDOWS\$NtUninstallKB981957$\win32k.sys -----c- 1851904 bytes [07:05 15/10/2010] [13:44 23/06/2010] 2F2D6B7515363E855EE44D88199ADD5F
    C:\WINDOWS\ServicePackFiles\i386\win32k.sys -----c- 1845632 bytes [19:30 13/04/2008] [19:30 13/04/2008] DE01D79A607C7B9AE7FF88E934D0FFB2
    C:\WINDOWS\system32\win32k.sys --a---- 1859968 bytes [12:00 04/08/2004] [16:53 12/01/2012] 5820A858AB8F413E86707C2E54F28265
    C:\WINDOWS\system32\dllcache\win32k.sys -----c- 1859968 bytes [12:26 17/04/2009] [16:53 12/01/2012] 5820A858AB8F413E86707C2E54F28265

    -= EOF =-
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    MD5`s are returning OK for that file, run this and see if the BSOD continue after this completes:

    Go to Start, then Run and type cmd into the Run box and tap <Enter>. After the command box opens, type this at the prompt chkdsk /r and tap <Enter>.
    Note the space between the "k" and the "/". You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot. Type Y and then tap <Enter> again. You will get a message that chkdsk has been scheduled to run on the next boot. Then reboot.

    chkdsk will run during the boot, and it will take quite a bit of time, particularly if your boot partition is large. What the /r flag does is force chkdsk to run an expanded version of chkdsk that has 5 tests. The last two will check the drive for file/folder/free space errors and also fix related MFT errors if there are any.

    Re-boot and see if you still encounter BSOD...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1044291