Author Topic: [Resolved] Win32/Adware.MultiPlug.F / Windows Error Code 80080005  (Read 6534 times)

0 Members and 1 Guest are viewing this topic.

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1151
Re: [In Progress] Windows Error Code 80080005
« Reply #15 on: February 03, 2013, 07:42:22 am »
Hello,
Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for  member hum only. If you are a casual viewer, do NOT try this on your system!
If you are not hum and have a similar problem, do NOT post here;  start your own topic


  • Temporarily disable your antivirus program and close any programs that you started.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Download the attached file OTLFIX.txt and SAVE to your DESKTOP
  • Start NOTEPAD
    Start NOTEPAD. Check and make sure "word wrap" is off.
    From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
    IF it -is- checkmarked, click that one time so that it is un-checked.

  • Open the OTLFIX.txt  that you saved

  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

  • Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).

  • Right click in the window (under the aqua-blue bar) and choose Paste.

  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button .
  • Once you see a message box "Fix complete! Click OK to open the fix log."

Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
« Last Edit: February 03, 2013, 08:04:44 am by Maurice Naggar »
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1151
Re: [In Progress] Windows Error Code 80080005
« Reply #16 on: February 03, 2013, 07:58:20 am »
In addition to the above, be sure to tell me why you have Advanced SystemCare Service 6 ?
Did you buy it ?
Be very aware that Iobit is held in low esteem, having stolen intellectual property of MalwareBytes.
I would urge you to uninstall Advanced SystemCare Service 6 

I would also remind you, while I am helping you, do not get other tools, run other tools, do any changes or fixes on your own, without first checking with me.

Tell me if you have recently used any sort of "registry cleaner", "tweaker", "optimizer", or "fixer-upper" ??
Registry cleaners can very often do more harm than good.
Thank you.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline hum

  • Bronze Member
  • Posts: 37
Re: [In Progress] Windows Error Code 80080005
« Reply #17 on: February 03, 2013, 04:04:23 pm »
OK, steps 1-3 completed.  Advanced SystemCare 6 has been deleted, "registry cleaners can often do more harm than good" now I know, thanks!  The last time I used it was roughly two weeks ago.  Won't make any future changes without first checking with you.

========== OTL ==========
========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\ProgramData\Zoomex\50e15e198c476.dll moved successfully.
C:\ProgramData\Premium\ZoomEx\ZoomEx.exe moved successfully.
C:\PROGRAM FILES (X86)\ZOOMEX\sprotector.dll moved successfully.
C:\Users\Wes Cheney\AppData\Local\Temp\~nsu.tmp\Au_.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"appinit_dlls"|"" /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: Admin
->Flash cache emptied: 10775 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: Admin
->Java cache emptied: 22915 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02032013_134918

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1151
Re: [In Progress] Windows Error Code 80080005
« Reply #18 on: February 04, 2013, 09:14:43 am »
Please do these next:
Step 1
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.


  • If an infected file is detected, the default action will be Cure, click on Continue.





  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2
  • Download & SAVE to your Desktop >> Tigzy's RogueKiller  from here << or
    >> from here <<   

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline hum

  • Bronze Member
  • Posts: 37
Re: [In Progress] Windows Error Code 80080005
« Reply #19 on: February 04, 2013, 02:17:43 pm »
Thanks, steps 1-2 completed.  Step 1 resulted in nothing found, so nothing to report.  Here are the contents of the RogueKiller log:

RogueKiller V8.4.4 [Feb  4 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User  [Admin rights]
Mode : Scan -- Date : 02/04/2013 12:12:59
| ARK || MBR |

Bad processes : 0

Registry Entries : 11
[TASK][SUSP PATH] ZoomExUpdaterTask{8F2E9199-0E2A-4ED7-A8C3-325B7547E4EC}.job : C:\ProgramData\Premium\ZoomEx\ZoomEx.exe /schedule /profile "C:\ProgramData\Premium\ZoomEx\profile.ini" -> FOUND
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\AppData\Local\gigglinggamesSA\bin\1.0.6.0\GigglingGamesSA.exe"  -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @postgres : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT1 +++++
--- User ---
[MBR] 0c07f9650cee174c4430ceac74b822ab
[BSP] b09c6f0857f1ce4df9ed5f1465316822 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670405 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02042013_02d1212.txt >>
RKreport[1]_S_02042013_02d1212.txt

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1151
Re: [In Progress] Windows Error Code 80080005
« Reply #20 on: February 04, 2013, 02:43:22 pm »
As we go along, irregardless of the shown result, copy & paste the logs I ask for, please.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.

  • On the RogueKiller console, click the Registry tab.

    Put a check next to all of these and uncheck the rest: (if found)
    [TASK][SUSP PATH] ZoomExUpdaterTask{8F2E9199-0E2A-4ED7-A8C3-325B7547E4EC}.job : C:\ProgramData\Premium\ZoomEx\ZoomEx.exe /schedule /profile "C:\ProgramData\Premium\ZoomEx\profile.ini" -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @postgres : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

  • Then click on Delete on the right hand column under Options.

  • When done, logoff & Restart the system.
  • The log will be found as RKreport

Copy & Paste the contents into next reply.[/list]

Step 2
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
    • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
    • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
    IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

    When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

    More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

    Step 3
    Next, a new run of OTL
    Locate the OTL.exe on your Desktop

    RIGHT-click OTL.exe and select Run As Administrator  to start it.

    Look at the upper left of window. Press the pink color Quick Scan button.
    Have infinite {endless} patience while it runs.
    It will produce a new log. Save it.

    Copy and paste back here a copy of the new OTL.txt


    Download Security Check by screen317 and save it to your Desktop: here 
    • Run Security Check
    • Follow the onscreen instructions inside of the command window.
    • A Notepad document should open automatically called checkup.txt; close Notepad.  We will need this log, too, so remember where you've saved it!
    Then copy/paste the following into your post (in order):
    • the contents of RKReport log;
    • the contents of RKILL log ; and
    • the contents of OTL.txt;
    • the contents of checkup.txt
    Be sure to do a Preview prior to pressing Post because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
    Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline hum

    • Bronze Member
    • Posts: 37
    Re: [In Progress] Windows Error Code 80080005
    « Reply #21 on: February 05, 2013, 12:09:27 am »
    Steps 1-3 completed, thanks!

    RogueKiller V8.4.4 [Feb  4 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Wes Cheney [Admin rights]
    Mode : Remove -- Date : 02/04/2013 16:11:21
    | ARK || MBR |

    Bad processes : 2
    [SUSP PATH] spotify.exe -- C:\Users\Wes Cheney\AppData\Roaming\Spotify\spotify.exe -> KILLED [TermProc]
    [SUSP PATH] Blockify Lite 0.4.exe -- C:\Users\Wes Cheney\Desktop\Blockify Lite 0.4.exe -> KILLED [TermProc]

    Registry Entries : 8
    [TASK][SUSP PATH] ZoomExUpdaterTask{8F2E9199-0E2A-4ED7-A8C3-325B7547E4EC}.job : C:\ProgramData\Premium\ZoomEx\ZoomEx.exe /schedule /profile "C:\ProgramData\Premium\ZoomEx\profile.ini" -> DELETED
    [TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Wes Cheney\AppData\Local\gigglinggamesSA\bin\1.0.6.0\GigglingGamesSA.exe"  -> DELETED
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @postgres : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

    Particular Files / Folders:

    Driver : [NOT LOADED]

    HOSTS File:
    --> C:\windows\system32\drivers\etc\hosts



    MBR Check:

    +++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT1 +++++
    --- User ---
    [MBR] 0c07f9650cee174c4430ceac74b822ab
    [BSP] b09c6f0857f1ce4df9ed5f1465316822 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670405 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 Mo
    3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3]_D_02042013_02d1611.txt >>
    RKreport[1]_S_02042013_02d1212.txt ; RKreport[2]_S_02042013_02d1607.txt ; RKreport[3]_D_02042013_02d1611.txt


    Rkill 2.4.6 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/04/2013 09:43:04 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

     * No malware services found to stop.

    Checking for processes to terminate:

     * C:\Users\Wes Cheney\Desktop\RogueKiller.exe (PID: 2216) [UP-HEUR]
     * C:\Users\Wes Cheney\Desktop\Blockify Lite 0.4.exe (PID: 556) [UP-HEUR]

    2 proccesses terminated!

    Checking Registry for malware related settings:

     * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:
     C:\Users\Wes Cheney\Desktop\rkill\rkill-02-04-2013-09-43-10.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
      * HKLM\Software\Classes\.exe\shell found and deleted!


    Performing miscellaneous checks:

     * No issues found.

    Checking Windows Service Integrity:

     * No issues found.

    Searching for Missing Digital Signatures:

     * No issues found.

    Checking HOSTS File:

     * No issues found.

    Program finished at: 02/04/2013 09:43:24 PM
    Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)


     Results of screen317's Security Check version 0.99.57 
     Windows 7 Service Pack 1 x64 (UAC is enabled) 
     Internet Explorer 9 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Microsoft Security Essentials   
     Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Malwarebytes Anti-Malware version 1.70.0.1100 
     Java(TM) 6 Update 13 
     Java(TM) 6 Update 31 
     Java(TM) 6 Update 2 
     Java version out of Date!
     Adobe Flash Player 11.5.502.146 
     Adobe Reader 10.1.5 Adobe Reader out of Date! 
     Mozilla Firefox (18.0.1)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbamgui.exe 
     Malwarebytes' Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C: 4%
    ````````````````````End of Log``````````````````````[/u]




    Offline hum

    • Bronze Member
    • Posts: 37
    Re: [In Progress] Windows Error Code 80080005
    « Reply #22 on: February 05, 2013, 12:11:44 am »
    OTL logfile created on: 2/4/2013 9:44:47 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    5.92 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 62.44% Memory free
    11.83 Gb Paging File | 9.26 Gb Available in Paging File | 78.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 654.69 Gb Total Space | 586.82 Gb Free Space | 89.63% Space Free | Partition Type: NTFS
    Drive D: | 29.00 Gb Total Space | 26.23 Gb Free Space | 90.45% Space Free | Partition Type: NTFS
     
    Computer Name: WESCHENEY-PC | User Name: Wes Cheney | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2013/02/03 13:21:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Cheney\Desktop\OTL.exe
    PRC - [2013/01/22 01:07:25 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/01/17 23:08:37 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2013/01/10 16:54:04 | 001,250,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    PRC - [2013/01/10 16:46:44 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    PRC - [2013/01/09 10:41:34 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/09 06:31:47 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012/12/05 13:22:38 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/11/22 12:03:04 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Wes Cheney\AppData\Roaming\Spotify\spotify.exe
    PRC - [2012/11/22 12:02:58 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Wes Cheney\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/10/20 21:14:47 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/10/17 19:11:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/10/11 09:55:32 | 000,336,304 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    PRC - [2011/12/21 09:58:40 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/08 04:24:00 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/12/24 03:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    PRC - [2010/12/20 02:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 02:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/13 15:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    PRC - [2010/12/13 15:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    PRC - [2010/12/13 15:58:20 | 000,383,344 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    PRC - [2010/11/05 10:54:36 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    PRC - [2010/11/05 10:54:24 | 000,202,096 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    PRC - [2010/10/22 06:37:42 | 000,364,400 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
    PRC - [2010/10/22 06:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
    PRC - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
    PRC - [2009/12/10 02:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/01/22 01:07:16 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/01/17 23:08:51 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
    MOD - [2013/01/17 23:08:36 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2013/01/17 23:08:33 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2013/01/17 23:08:31 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2013/01/17 23:08:29 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2013/01/17 23:08:27 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2013/01/09 10:41:33 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    MOD - [2012/11/22 12:02:58 | 020,220,376 | ---- | M] () -- C:\Users\Wes Cheney\AppData\Roaming\Spotify\Data\libcef.dll
    MOD - [2012/06/14 03:02:17 | 018,000,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
    MOD - [2012/06/14 03:02:07 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
    MOD - [2012/06/14 03:02:04 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:01:58 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
    MOD - [2012/06/14 03:01:56 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    MOD - [2012/05/12 13:53:25 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
    MOD - [2012/05/12 13:52:00 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
    MOD - [2012/05/12 13:51:59 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/12 13:51:59 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
    MOD - [2012/05/12 13:51:57 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
    MOD - [2012/05/12 13:51:38 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
    MOD - [2012/05/12 12:38:47 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/12 12:36:30 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/05/12 12:36:29 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
    MOD - [2012/05/12 12:36:27 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/05/12 12:36:20 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/05/12 12:36:15 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/09/08 04:23:59 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
    MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/12/21 10:39:28 | 000,441,344 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
    SRV:64bit: - [2011/06/14 02:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2011/06/14 02:26:20 | 000,986,112 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2010/11/02 05:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/11/02 05:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/11/02 05:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/12/09 01:52:52 | 000,047,712 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/22 01:07:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/17 23:08:37 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/01/10 16:46:44 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2013/01/09 10:41:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/05 13:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/10/17 19:11:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/12/21 09:58:40 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/12/20 02:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 02:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/12/13 15:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
    SRV - [2010/12/13 15:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
    SRV - [2010/10/22 06:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/08 04:37:31 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
    DRV:64bit: - [2011/09/08 04:37:31 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
    DRV:64bit: - [2011/09/08 04:35:42 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
    DRV:64bit: - [2011/09/08 04:35:40 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV:64bit: - [2011/09/08 04:23:39 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
    DRV:64bit: - [2011/09/08 04:17:52 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2011/09/08 04:17:52 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2011/09/08 04:17:52 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/19 05:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
    DRV:64bit: - [2011/05/19 05:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
    DRV:64bit: - [2011/05/19 05:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2011/04/05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2011/04/05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
    DRV:64bit: - [2011/04/05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
    DRV:64bit: - [2011/03/25 02:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/02/18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/02/08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2010/12/24 03:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/12/22 04:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/11/30 21:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/29 22:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/08 19:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/10/31 02:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
    DRV:64bit: - [2010/10/19 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/14 09:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/10/11 06:21:56 | 000,135,776 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2010/02/02 12:05:26 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
    DRV:64bit: - [2010/02/02 12:05:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
    DRV:64bit: - [2009/12/09 01:52:28 | 000,023,648 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2009/07/21 06:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2012/11/13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
    DRV - [2010/02/02 12:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/02/02 12:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=f6ade550-f1f6-11e1-b39a-91ab2391c28a
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = ${SEARCH_URL}{searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT3007394
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
    IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {B49D7FE7-0ACD-48CD-B9CF-9B14CC1BB163}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://searchab.com/?aff=7&uid=f6ade550-f1f6-11e1-b39a-91ab2391c28a&q={searchTerms}
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS460
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{8E5B10FA-8E3C-41EC-8CB1-671438085ED9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113931&tt=3512_3&babsrc=SP_ss&mntrId=94588eff000000000000f0def18a2f77
    IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=d57ac2dc-6888-4038-bb7d-aeebe5ba78e4&query={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
    IE - HKCU\..\SearchScopes\{AB189267-3CFF-493B-A7C2-D12CA0F101AD}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=X-SD&o=13959&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=SV&apn_dtid=YYYYYYBCUS&apn_uid=5a56735e-78eb-459e-8dc5-b58dcce5e97d&apn_sauid=C3830B50-15ED-4605-A7B3-1C1518F468A7
    IE - HKCU\..\SearchScopes\{B49D7FE7-0ACD-48CD-B9CF-9B14CC1BB163}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: "Privitize VPN"
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.selectedEngine,S: S", ""
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
     
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011/09/08 04:17:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/27 19:06:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/01 20:22:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/22 01:07:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/22 01:07:12 | 000,000,000 | ---D | M]
     
    [2012/12/30 09:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Cheney\AppData\Roaming\Mozilla\Extensions
    [2012/12/30 09:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Cheney\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2013/02/03 21:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Cheney\AppData\Roaming\Mozilla\Firefox\Profiles\3ndl1fyn.default\extensions
    [2013/02/03 21:37:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Wes Cheney\AppData\Roaming\Mozilla\Firefox\Profiles\3ndl1fyn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/12/31 01:23:06 | 000,002,090 | ---- | M] () -- C:\Users\Wes Cheney\AppData\Roaming\Mozilla\Firefox\Profiles\3ndl1fyn.default\searchplugins\Searchab.xml
    [2013/01/22 01:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/22 01:07:25 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/10/20 21:14:56 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2012/08/29 08:31:48 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2013/01/22 01:07:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/22 01:07:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     


    Offline hum

    • Bronze Member
    • Posts: 37
    Re: [In Progress] Windows Error Code 80080005
    « Reply #23 on: February 05, 2013, 12:12:35 am »

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll (215 Apps)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
    O2 - BHO: (Zoomex) - {7B750BF2-0B18-6E0C-88BA-D7305DDCF59D} - C:\ProgramData\Zoomex\50e15e198c476.dll File not found
    O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.7\iobitappsToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
    O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
    O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
    O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
    O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Wes Cheney\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - Startup: C:\Users\Wes Cheney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: stockcharts.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{121C5723-648C-4101-BAEF-8E32C9869139}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12B2E990-5515-425F-B280-37A4C83620C4}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/02/04 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\Desktop\rkill
    [2013/02/04 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\Desktop\RK_Quarantine
    [2013/02/03 13:41:17 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/03 13:21:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wes Cheney\Desktop\OTL.exe
    [2013/02/03 13:18:56 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2013/02/03 13:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
    [2013/02/03 13:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
    [2013/02/03 13:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    [2013/02/01 18:07:54 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/02/01 18:07:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/01 02:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
    [2013/01/31 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\Doctor Web
    [2013/01/31 20:29:33 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\DoctorWeb
    [2013/01/31 12:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/01/31 12:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/01/30 22:23:17 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\Documents\ForceField Shared Files
    [2013/01/30 22:23:16 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Roaming\CheckPoint
    [2013/01/30 22:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2013/01/30 22:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
    [2013/01/30 22:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2013/01/30 22:17:18 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Local\Zoom_Downloader
    [2013/01/26 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Roaming\Philipp Winterberg
    [2013/01/26 22:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RarZilla Free Unrar
    [2013/01/26 22:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RarZilla Free Unrar
    [2013/01/26 22:35:00 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Local\Coupon Companion
    [2013/01/26 22:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion
    [2013/01/24 22:57:16 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\Desktop\Mushroom
    [2013/01/22 01:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/15 17:12:15 | 000,025,472 | ---- | C] (IObit) -- C:\windows\SysNative\RegistryDefragBootTime.exe
    [2013/01/14 20:28:41 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\RTCOM
    [2013/01/14 20:28:08 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\WavesGUILib.dll
    [2013/01/14 20:27:54 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSWOW64.dll
    [2013/01/14 20:27:53 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSX64.dll
    [2013/01/14 20:27:53 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSH64.dll
    [2013/01/14 20:27:53 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSHP64.dll
    [2013/01/14 20:27:42 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFNHK64.dll
    [2013/01/14 20:27:40 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFCOM64.dll
    [2013/01/14 20:27:40 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFAPO64.dll
    [2013/01/14 20:27:40 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\windows\SysWow64\SFCOM.dll
    [2013/01/14 20:27:31 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEP64A.dll
    [2013/01/14 20:27:31 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEED64A.dll
    [2013/01/14 20:27:31 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEL64A.dll
    [2013/01/14 20:27:31 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEG64A.dll
    [2013/01/14 20:27:29 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DHT64.dll
    [2013/01/14 20:27:29 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DAA64.dll
    [2013/01/14 20:27:21 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEP64A.dll
    [2013/01/14 20:27:20 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEL64A.dll
    [2013/01/14 20:27:19 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EED64A.dll
    [2013/01/14 20:27:19 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEA64A.dll
    [2013/01/14 20:27:19 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEG64A.dll
    [2013/01/14 20:27:17 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxVolumeSDAPO.dll
    [2013/01/14 20:27:16 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioRealtek.dll
    [2013/01/14 20:27:16 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioRealtek264.dll
    [2013/01/14 20:27:15 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioEQ.dll
    [2013/01/14 20:27:14 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPOShell64.dll
    [2013/01/14 20:27:13 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\windows\SysNative\KAAPORT64.dll
    [2013/01/14 20:27:13 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO30.dll
    [2013/01/14 20:27:13 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO20.dll
    [2013/01/14 20:26:59 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\windows\SysNative\FMAPO64.dll
    [2013/01/14 20:26:58 | 000,693,352 | ---- | C] (DTS) -- C:\windows\SysNative\DTSVoiceClarityDLL64.dll
    [2013/01/14 20:26:58 | 000,537,456 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PLFX64.dll
    [2013/01/14 20:26:58 | 000,449,392 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PREC64.dll
    [2013/01/14 20:26:57 | 000,524,656 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PGFX64.dll
    [2013/01/14 20:26:56 | 001,756,264 | ---- | C] (DTS) -- C:\windows\SysNative\DTSS2SpeakerDLL64.dll
    [2013/01/14 20:26:56 | 000,712,296 | ---- | C] (DTS) -- C:\windows\SysNative\DTSSymmetryDLL64.dll
    [2013/01/14 20:26:55 | 001,568,360 | ---- | C] (DTS) -- C:\windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2013/01/14 20:26:54 | 000,491,112 | ---- | C] (DTS) -- C:\windows\SysNative\DTSNeoPCDLL64.dll
    [2013/01/14 20:26:54 | 000,432,744 | ---- | C] (DTS) -- C:\windows\SysNative\DTSLimiterDLL64.dll
    [2013/01/14 20:26:54 | 000,242,792 | ---- | C] (DTS) -- C:\windows\SysNative\DTSLFXAPO64.dll
    [2013/01/14 20:26:54 | 000,242,792 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGFXAPO64.dll
    [2013/01/14 20:26:54 | 000,241,768 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGFXAPONS64.dll
    [2013/01/14 20:26:53 | 000,428,648 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGainCompensatorDLL64.dll
    [2013/01/14 20:26:52 | 001,486,952 | ---- | C] (DTS) -- C:\windows\SysNative\DTSBoostDLL64.dll
    [2013/01/14 20:26:52 | 000,728,680 | ---- | C] (DTS) -- C:\windows\SysNative\DTSBassEnhancementDLL64.dll
    [2013/01/14 16:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2013/01/14 16:43:48 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Roaming\IObit
    [2013/01/14 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2013/01/14 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Local\KSafe
    [2013/01/14 16:34:57 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Roaming\kingsoft
    [2013/01/14 16:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingsoft
    [2013/01/14 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
    [2013/01/14 15:39:19 | 000,000,000 | ---D | C] -- C:\Users\Wes Cheney\AppData\Local\Programs
    [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
    [2 C:\Users\Wes Cheney\Desktop\*.tmp files -> C:\Users\Wes Cheney\Desktop\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/02/04 21:41:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/02/04 21:31:09 | 000,086,962 | ---- | M] () -- C:\Users\Wes Cheney\Desktop\RESUME(1).pdf
    [2013/02/04 21:07:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/04 21:07:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/04 18:51:58 | 000,780,172 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/02/04 18:51:58 | 000,660,990 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/02/04 18:51:58 | 000,121,628 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/02/04 16:20:10 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/04 16:20:10 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/04 16:13:28 | 000,181,095 | ---- | M] () -- C:\windows\SysNative\fastboot.set
    [2013/02/04 16:13:10 | 000,000,412 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
    [2013/02/04 16:12:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/02/04 16:12:07 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/04 12:35:38 | 000,298,280 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
    [2013/02/04 12:35:38 | 000,298,280 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
    [2013/02/04 12:11:43 | 000,777,728 | ---- | M] () -- C:\Users\Wes Cheney\Desktop\RogueKiller.exe
    [2013/02/04 00:04:44 | 000,298,280 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
    [2013/02/03 21:38:24 | 000,013,029 | ---- | M] () -- C:\Users\Wes Cheney\Desktop\Add or remove programs - Shortcut.lnk
    [2013/02/03 13:21:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Cheney\Desktop\OTL.exe
    [2013/02/03 13:18:06 | 000,001,104 | ---- | M] () -- C:\Users\Wes Cheney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/02/03 13:18:02 | 000,000,924 | ---- | M] () -- C:\Users\Wes Cheney\Desktop\NTREGOPT.lnk
    [2013/02/02 18:26:47 | 000,000,140 | ---- | M] () -- C:\Users\Wes Cheney\Desktop\Options.ini
    [2013/02/02 16:11:26 | 000,313,922 | ---- | M] () -- C:\Users\Wes Cheney\Desktop\GEOS355.pdf
    [2013/02/02 15:10:08 | 000,000,141 | ---- | M] () -- C:\windows\SysWow64\Options.ini
    [2013/01/30 20:20:15 | 000,000,044 | RH-- | M] () -- C:\Users\Wes Cheney\Desktop\Stinger.opt
    [2013/01/26 22:35:36 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk
    [2013/01/15 17:35:09 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
    [2013/01/15 17:34:34 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
    [2013/01/14 17:09:59 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/14 17:05:40 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
    [2013/01/14 15:39:45 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/09 16:07:58 | 136,971,938 | ---- | M] () -- C:\Users\Wes Cheney\Desktop\Trader_Dante_30_Live_Trades_Example - Tomdante's library2.mp4
    [3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
    [2 C:\Users\Wes Cheney\Desktop\*.tmp files -> C:\Users\Wes Cheney\Desktop\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/02/04 21:31:09 | 000,086,962 | ---- | C] () -- C:\Users\Wes Cheney\Desktop\RESUME(1).pdf
    [2013/02/04 12:11:34 | 000,777,728 | ---- | C] () -- C:\Users\Wes Cheney\Desktop\RogueKiller.exe
    [2013/02/03 21:38:24 | 000,013,029 | ---- | C] () -- C:\Users\Wes Cheney\Desktop\Add or remove programs - Shortcut.lnk
    [2013/02/03 13:18:06 | 000,001,104 | ---- | C] () -- C:\Users\Wes Cheney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/02/03 13:18:02 | 000,000,924 | ---- | C] () -- C:\Users\Wes Cheney\Desktop\NTREGOPT.lnk
    [2013/02/02 16:11:26 | 000,313,922 | ---- | C] () -- C:\Users\Wes Cheney\Desktop\GEOS355.pdf
    [2013/02/02 15:23:30 | 000,000,140 | ---- | C] () -- C:\Users\Wes Cheney\Desktop\Options.ini
    [2013/02/02 15:09:09 | 000,000,141 | ---- | C] () -- C:\windows\SysWow64\Options.ini
    [2013/01/30 20:20:15 | 000,000,044 | RH-- | C] () -- C:\Users\Wes Cheney\Desktop\Stinger.opt
    [2013/01/26 22:35:36 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk
    [2013/01/15 17:35:09 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
    [2013/01/15 17:34:34 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
    [2013/01/14 20:27:29 | 000,293,889 | ---- | C] () -- C:\windows\SysNative\drivers\RTAIODAT.DAT
    [2013/01/14 17:09:59 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/14 17:05:40 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
    [2013/01/09 16:01:57 | 136,971,938 | ---- | C] () -- C:\Users\Wes Cheney\Desktop\Trader_Dante_30_Live_Trades_Example - Tomdante's library2.mp4
    [2012/12/14 22:57:03 | 000,000,320 | ---- | C] () -- C:\Users\Wes Cheney\AppData\Roaming\SEC2056886.trad
    [2012/12/14 22:56:47 | 000,000,043 | ---- | C] () -- C:\windows\WALLSTRT.INI
    [2012/09/28 16:05:55 | 000,298,280 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
    [2012/09/28 16:05:48 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
    [2012/09/28 16:05:47 | 003,360,624 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
    [2012/09/06 09:40:39 | 000,110,936 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
    [2012/08/16 17:45:53 | 000,000,000 | ---- | C] () -- C:\ProgramData\039d141fc3e7ab503641d8f217f67878_c
    [2012/07/18 12:48:11 | 000,004,922 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
    [2012/02/13 14:08:29 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
    [2012/02/13 14:08:28 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
    [2011/12/25 14:55:48 | 000,007,601 | ---- | C] () -- C:\Users\Wes Cheney\AppData\Local\Resmon.ResmonCfg
    [2011/12/13 21:12:54 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2011/12/13 21:11:10 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/12/12 06:24:14 | 000,060,304 | ---- | C] () -- C:\Users\Wes Cheney\g2mdlhlpx.exe
    [2011/11/22 14:56:37 | 000,797,758 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
    [2011/09/08 13:06:07 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
    [2011/09/08 13:06:07 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
    [2011/09/08 13:06:06 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
    [2011/09/08 13:06:06 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
    [2011/09/08 13:06:06 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
    [2011/09/08 13:06:06 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
    [2011/09/08 13:06:06 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
    [2011/09/08 13:06:06 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
    [2011/09/08 13:06:06 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
    [2011/09/08 13:06:06 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
    [2011/09/08 13:06:06 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
    [2011/09/08 13:06:06 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
    [2011/09/08 04:24:02 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
    [2011/09/08 04:24:02 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
    [2011/09/08 04:24:02 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
    [2011/09/08 04:24:02 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
    [2011/09/08 04:23:54 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
    [2011/09/08 04:09:28 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
    [2011/09/08 04:09:28 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
    [2011/09/08 04:09:28 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
    [2011/09/08 04:09:28 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
    [2011/09/08 04:09:28 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
    [2011/09/08 04:09:28 | 000,002,573 | ---- | C] () -- C:\windows\Remove.ini
    [2011/04/14 21:29:01 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
    [2011/04/14 21:28:23 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/04/14 21:28:18 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/04/14 21:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 19:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 19:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2012/04/28 23:33:26 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Amazon
    [2012/10/04 08:39:47 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Audacity
    [2012/04/06 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\AVG
    [2013/02/01 20:23:01 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Azureus
    [2012/08/29 08:31:47 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Babylon
    [2013/01/30 22:23:16 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\CheckPoint
    [2013/02/01 20:23:01 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\FreeFileViewer
    [2012/03/20 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\FXTS2
    [2012/07/20 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\HoldemManager
    [2013/01/26 13:18:58 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\IObit
    [2013/01/14 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\kingsoft
    [2012/11/27 19:07:25 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\MetaQuotes
    [2013/01/26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Philipp Winterberg
    [2011/11/22 17:13:06 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Sammsoft
    [2013/02/01 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\SoftGrid Client
    [2013/02/04 21:24:59 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Spotify
    [2011/11/22 17:13:32 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Systweak
    [2012/12/30 09:13:39 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\TomTom
    [2011/12/09 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\TP
    [2012/12/14 22:52:04 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\TradeStation Technologies
    [2012/02/28 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Wes Cheney\AppData\Roaming\Windows Live Writer
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

    < End of report >

    Offline Maurice Naggar

    • Malware Removal Staff
    • Silver Member
    • Posts: 1151
    Re: [In Progress] Windows Error Code 80080005
    « Reply #24 on: February 05, 2013, 07:14:53 am »
    You will want to print out or copy these instructions to Notepad for offline reference!
    These steps are for  member Hum only. If you are a casual viewer, do NOT try this on your system!
    If you are not Hum  and have a similar problem, do NOT post here;  start your own topic


    • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    • Download the attached file FIX2.txt and SAVE to your DESKTOP
    • Start NOTEPAD
      Start NOTEPAD. Check and make sure "word wrap" is off.
      From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
      IF it -is- checkmarked, click that one time so that it is un-checked.

    • Open the Fix2.txt  that you saved

    • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    • Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).

    • Right click in the window (under the aqua-blue bar) and choose Paste.

    • Close any browser(s) windows that may be open.
    • Using your mouse, click on the red-lettered button .
    • Once you see a message box "Fix complete! Click OK to open the fix log."

    Click the OK button
    • The log will open in Notepad (your default text editor).
    • Save the log. Post a copy of that log in your next reply.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline hum

    • Bronze Member
    • Posts: 37
    Re: [In Progress] Windows Error Code 80080005
    « Reply #25 on: February 05, 2013, 02:49:44 pm »
    When starting the computer, it occasionally gets stuck on "please wait" before I enter the password  :w1.  It did today and I had to restore to 02/03/2013  :h.

    Offline Maurice Naggar

    • Malware Removal Staff
    • Silver Member
    • Posts: 1151
    Re: [In Progress] Windows Error Code 80080005
    « Reply #26 on: February 05, 2013, 07:48:29 pm »
     :m
    I do think I asked before that you -not- use system restore by yourself, but rather that you ask me first !    >:(

    Can we have that understanding, please ?

    The alternative is to use & tap F8 as the computer is starting up, get Advanced Boot options, and then choose Safe Mode with Networking.

    BTW, if this thing (restoring or a BSOD lockup ) happens again, you may be looking at a wipe / nuke/ erase the drive and a new install of Windows and all your programs from scratch !!!!


    For x32 (x86) bit systems download [Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select English as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select English as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
      • System Restore
      • Windows Complete PC Restore
      • Windows Memory Diagnostic Tool
      • Command Prompt[/b]
      • Select Command Prompt
      • In the command window type in notepad and press Enter.
      • The notepad opens. Under File menu select Open.
      • Select "Computer" and find your flash drive letter and close the notepad.
      • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
        Note: Replace letter e with the drive letter of your flash drive.
      • The tool will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
      « Last Edit: February 05, 2013, 07:58:48 pm by Maurice Naggar »
      ~Maurice Naggar
      MS-MVP (October 2002 - September 2010)

      Offline hum

      • Bronze Member
      • Posts: 37
      Re: [In Progress] Windows Error Code 80080005
      « Reply #27 on: February 06, 2013, 12:39:21 am »
      OK, sorry!  Yes, that is understood.  Unfortunately I don't have a flash drive, can this be done another way?

      Offline Maurice Naggar

      • Malware Removal Staff
      • Silver Member
      • Posts: 1151
      Re: [In Progress] Windows Error Code 80080005
      « Reply #28 on: February 06, 2013, 07:10:39 am »
      It is best done using a USB-flash-thumb drive since USB ports are on just about all systems.

      You'd be taking a long shot, but you might try saving it to the C:\ drive   and then do the instructions but just open the tool by directing to c drive.
      ~Maurice Naggar
      MS-MVP (October 2002 - September 2010)

      Offline hum

      • Bronze Member
      • Posts: 37
      Re: [In Progress] Windows Error Code 80080005
      « Reply #29 on: February 06, 2013, 10:16:59 pm »
      Copy, C drive method didn't work.  I'll obtain a flash drive tomorrow and report back.  Thanks