Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security center disabled and google redirects


  • Please log in to reply

#1
frustrated@computer

frustrated@computer

    New Member

  • Member
  • Pip
  • 2 posts
I've seen several posts on this and other forums dealing with this problem and it seems all of them require some geek power for understand code that is way beyond me. So here goes:

Window's security center will not turn on. When I go into the services and turn it back on it shuts off after about one minute. Also google search results are being redirected to weird sites. I know got some kind of malware and am 99.9% sure I even know where it came from. I have run every free antivirus program you can name AVG, Avast, Malwarebytes, etc. and everyone of them says there's no infected files or malware. Help is definitely needed.

Here is the OTL log. Thanks for any assistance!!!
OTL logfile created on: 8/17/2011 11:09:24 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jamie\Documents\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.01 Gb Available Physical Memory | 75.55% Memory free
15.92 Gb Paging File | 13.79 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 851.50 Gb Free Space | 92.39% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 434.37 Gb Free Space | 93.26% Space Free | Partition Type: NTFS
Drive T: | 921.59 Gb Total Space | 851.50 Gb Free Space | 92.39% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 434.37 Gb Free Space | 93.26% Space Free | Partition Type: NTFS

Computer Name: ADOFFICE | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 11:08:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\My Documents\Downloads\OTL.exe
PRC - [2011/08/16 12:26:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/02 17:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/27 16:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2004/10/01 00:19:08 | 000,106,496 | ---- | M] (SHARP CORPORATION) -- C:\Program Files (x86)\SHARP\Button Manager E\btnman.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/16 12:26:07 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 03:34:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/11 03:28:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/11 03:28:03 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
MOD - [2011/08/11 03:27:50 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/11 03:27:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/11 03:27:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/11 03:27:34 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/11 03:27:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/11 03:27:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/11 03:27:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/11 03:27:19 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/11 03:18:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/07/23 17:36:10 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/21 11:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 11:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 11:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 11:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 11:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 11:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 11:33:36 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/07/21 11:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 13:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2002/04/17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/10 17:15:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/08/03 13:58:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 06:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 06:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 06:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 06:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 06:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 06:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/12/10 19:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/01 01:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/08/13 12:51:10 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.beatricec...ityplayers.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.beatricec...typlayers.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/09 10:30:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/16 21:24:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 12:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/09 17:19:05 | 000,000,000 | ---D | M]

[2010/08/07 13:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2011/07/05 14:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\965ag9xk.default\extensions
[2010/12/28 12:31:46 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\965ag9xk.default\extensions\[email protected]
[2010/08/07 14:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\b3bge72q.default\extensions
[2011/07/12 12:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 11:05:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 12:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/14 10:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/12 12:27:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\965AG9XK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/16 12:26:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/11 10:17:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/02 00:30:04 | 000,000,045 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{cf55e190-a983-11e0-a83f-b8ac6fa10632}\Shell - "" = AutoRun
O33 - MountPoints2\{cf55e190-a983-11e0-a83f-b8ac6fa10632}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 10:27:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2011/08/17 10:27:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/17 10:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/17 10:27:33 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/17 10:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/16 21:25:04 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/16 21:25:04 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/16 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/16 21:24:59 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/16 21:24:58 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/16 21:24:57 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/16 21:24:56 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/16 21:24:55 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/16 21:24:43 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/16 21:24:43 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/16 21:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/16 21:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/10 22:13:06 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 22:13:03 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 22:13:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 22:13:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 22:13:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 22:13:03 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 22:13:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 22:13:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 22:13:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 22:13:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 22:12:55 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 22:12:55 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 22:12:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 22:12:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 22:12:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 22:12:55 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 22:12:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 22:12:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 22:12:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 22:12:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 22:12:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 22:12:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 22:12:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 22:12:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 22:12:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 22:12:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 22:12:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 22:12:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 22:12:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 22:12:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 22:12:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 22:12:44 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 22:12:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 22:12:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 22:12:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 22:12:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 22:12:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 22:12:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 22:12:29 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 22:12:29 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 22:12:29 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 13:49:13 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Grants
[2011/08/09 17:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/09 17:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/02 18:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/02 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/02 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/02 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/02 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/02 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[1996/11/18 00:00:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 11:09:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 11:09:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 11:01:57 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\fnup.job
[2011/08/17 11:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 11:01:37 | 2115,330,047 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 10:27:37 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 10:18:13 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/16 21:24:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/16 17:15:13 | 128,261,890 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/16 15:27:22 | 000,061,952 | RHS- | M] () -- C:\Windows\SysWow64\wshrme.dll
[2011/08/16 12:26:26 | 000,002,054 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/11 10:19:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/11 03:04:43 | 000,910,778 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/11 03:04:43 | 000,757,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/11 03:04:43 | 000,158,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/11 03:04:32 | 000,910,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/09 17:19:02 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 10:31:00 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/09 10:26:34 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/02 18:04:35 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/18 16:44:16 | 012,806,923 | ---- | M] () -- C:\Users\Jamie\Desktop\Beatrice_2011_06-30.pdf
[2011/07/18 16:39:00 | 012,502,157 | ---- | M] () -- C:\Users\Jamie\Desktop\Final Document.zip
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 10:27:37 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/16 21:25:04 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/16 21:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/16 15:27:23 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\fnup.job
[2011/08/16 15:27:22 | 000,061,952 | RHS- | C] () -- C:\Windows\SysWow64\wshrme.dll
[2011/08/09 17:19:02 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/02 18:04:35 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/18 16:39:00 | 012,502,157 | ---- | C] () -- C:\Users\Jamie\Desktop\Final Document.zip
[2010/11/18 19:13:15 | 000,009,961 | ---- | C] () -- C:\Windows\SysWow64\sk1bNP.DAT
[2010/11/18 19:13:15 | 000,004,788 | ---- | C] () -- C:\Windows\SysWow64\sk1bGCT2.DAT
[2010/11/18 19:13:15 | 000,004,788 | ---- | C] () -- C:\Windows\SysWow64\sk1bGCT1.DAT
[2010/11/18 19:13:15 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\sk1bGCP.DAT
[2010/11/18 19:12:29 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\usk1b.dll
[2010/11/18 19:12:29 | 000,000,142 | ---- | C] () -- C:\Windows\SysWow64\Usk1bMsg.dat
[2010/08/24 11:14:47 | 000,356,692 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/24 11:07:37 | 000,001,456 | ---- | C] () -- C:\Users\Jamie\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/09 18:52:23 | 000,910,778 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/09 11:18:59 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\SC3BLMON.DAT
[2010/08/09 11:18:56 | 000,172,128 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010/08/09 11:18:31 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\usc3.dll
[2010/08/09 11:18:31 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010/08/09 11:18:31 | 000,000,142 | ---- | C] () -- C:\Windows\SysWow64\usc3bMsg.dat
[2010/08/03 15:50:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/11/11 18:00:00 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\CP30FWM.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/20 19:27:48 | 000,006,159 | RH-- | M] () -- C:\DELL (1).SDR
[2010/08/03 16:43:08 | 000,004,278 | RH-- | M] () -- C:\dell.sdr
[2006/01/06 16:51:02 | 000,142,647 | ---- | M] () -- C:\documents
[2011/08/17 11:01:37 | 2115,330,047 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/20 19:53:44 | 000,000,854 | -H-- | M] () -- C:\IPH.PH
[2011/08/17 11:01:37 | 4252,098,559 | -HS- | M] () -- C:\pagefile.sys
[2004/09/08 12:23:13 | 000,007,195 | ---- | M] () -- C:\SSPPPoE.log
[2004/08/20 19:53:54 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Uninstall
AVG then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
[2011/08/16 15:27:23 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\fnup.job
[2011/08/16 15:27:22 | 000,061,952 | RHS- | C] () -- C:\Windows\SysWow64\wshrme.dll

:Commands
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix: Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image




Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Are you still getting redirected?
Ron
  • 0

#3
frustrated@computer

frustrated@computer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for your help!!

I've run everything you said, the exception being Avast boot-time scan that you said may take hours. I'll run it later tonight.

Security Center is back on and stays on and google search results are no longer being re-directed.

When I ran MBRCheck, however, it produced a message saying:
931 GB PhysicalDriveO Dell Inspiron MBR code detected
465 GB PhysicalDrive5 RE: Unknown MBR code

Found non-standard or infected MBR
Then gave me the options to
1 dump the MBR of a physical disk to file.
2 Restore the MBR of a physical disk wiht a standard boot code.
3 Exit.
Based on the size it listed I think the Drive5 is my external hard drive that is really just used to back up some files.

-------
Here are the log reports from all the other programs I ran:

ComboFix 11-08-17.02 - Jamie 08/17/2011 14:32:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6340 [GMT -5:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents
c:\temp\bkR11
c:\users\Jamie\WINDOWS
I:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 19:37 . 2011-08-17 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 18:54 . 2011-08-17 18:54 -------- d-----w- C:\_OTL
2011-08-17 16:34 . 2011-08-17 16:34 -------- d-----w- c:\program files (x86)\ESET
2011-08-17 15:27 . 2011-08-17 15:27 -------- d-----w- c:\users\Jamie\AppData\Roaming\Malwarebytes
2011-08-17 15:27 . 2011-07-07 00:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-17 15:27 . 2011-08-17 15:27 -------- d-----w- c:\programdata\Malwarebytes
2011-08-17 15:27 . 2011-08-17 15:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-17 15:27 . 2011-07-07 00:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 02:25 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-17 02:25 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-17 02:24 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-17 02:24 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-17 02:24 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-17 02:24 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-17 02:24 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-17 02:24 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-17 02:24 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-08-17 02:24 . 2011-08-17 02:24 -------- d-----w- c:\programdata\AVAST Software
2011-08-17 02:24 . 2011-08-17 02:24 -------- d-----w- c:\program files\AVAST Software
2011-08-11 03:12 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-08-09 22:19 . 2011-08-09 22:19 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-02 23:04 . 2011-08-02 23:04 -------- d-----w- c:\program files\iTunes
2011-08-02 23:04 . 2011-08-02 23:04 -------- d-----w- c:\program files (x86)\iTunes
2011-08-02 23:04 . 2011-08-02 23:04 -------- d-----w- c:\program files\iPod
2011-08-02 23:03 . 2011-08-02 23:03 -------- d-----w- c:\program files\Bonjour
2011-08-02 23:03 . 2011-08-02 23:03 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 15:19 . 2011-06-17 14:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:26 . 2011-08-11 03:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 17:10 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-12 17:10 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:34 . 2011-07-12 16:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:34 . 2011-07-12 16:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-11 03:07 . 2011-07-13 17:19 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 11:42 . 2011-06-30 18:49 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-30 18:49 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-30 18:49 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-30 18:49 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-30 18:49 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1392" [?]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-06 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Button Manager E.lnk - c:\program files (x86)\SHARP\Button Manager E\btnman.exe [2010-8-9 106496]
Camera Monitor SD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2010-10-5 541976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MSSQL$TRAKPRODEMO;SQL Server (TRAKPRODEMO);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.beatricecommunityplayers.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: musicmatch.com
TCP: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\965ag9xk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.beatricecommunityplayers.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-08-17 14:44:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 19:44
.
Pre-Run: 914,270,834,688 bytes free
Post-Run: 916,773,060,608 bytes free
.
- - End Of File - - C3A3F4298F4762AC5E770670F08DACED

OTL Extras logfile created on: 8/17/2011 2:16:36 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jamie\Documents\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 78.12% Memory free
15.92 Gb Paging File | 14.07 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 851.50 Gb Free Space | 92.39% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 434.37 Gb Free Space | 93.26% Space Free | Partition Type: NTFS

Computer Name: ADOFFICE | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1B918A92-A0BC-4B34-B2EF-AD427332732D}" = Microsoft SQL Server Management Studio Express
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{BFE972A5-DC62-03F9-F03E-8AC751DFE770}" = ccc-utility64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CEC5A3-648C-3E00-7CDB-C049B47A5EDC}" = CCC Help Spanish
"{051EF664-EB85-8320-1184-35136C6B0BEF}" = CCC Help Portuguese
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0566E404-1FCB-16C4-C265-9415012650D5}" = CCC Help Korean
"{07BB25C3-55B6-303C-1E7C-2C528555014D}" = CCC Help Dutch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1583FB9E-D1D7-A29B-F3D3-7D6B74D75128}" = Catalyst Control Center Graphics Previews Vista
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EE6959C-49F2-5D45-A007-776A7A053043}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{222E1C7F-5892-0015-BF94-914B7EBEB564}" = CCC Help Finnish
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (TRAKPRODEMO)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{38001EBD-D270-2BBC-CEAE-B88BDE197E16}" = CCC Help Russian
"{42E0794B-B4A6-CDB6-308F-04A5CA54B81E}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{599EAA99-BBA8-C8FF-C2EA-04D0C8FA6D89}" = Catalyst Control Center InstallProxy
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{5DFB9027-0099-5816-8428-CF25B64B46C9}" = CCC Help Czech
"{634CE363-2BB8-FF85-83C3-734699DFC570}" = CCC Help German
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6545416A-A60A-8DE4-3590-15F0662461DF}" = CCC Help Polish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B629F70-BE1D-456E-AA97-73619020E7A1}" = Sony Sound Forge Audio Studio 7.0b
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{774A70C8-29CA-565A-FB84-01B408F119B2}" = CCC Help Chinese Standard
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9DE8C3-5B21-34EC-DE5D-BAFAB8D8C9D9}" = CCC Help Greek
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91D1580F-35C5-8D29-144C-605E3568B3A5}" = Catalyst Control Center Graphics Full Existing
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{958FD5FD-1F71-493B-CC6C-4922F3EA2356}" = CCC Help Danish
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FDFB9AE-B7A9-3481-E85C-08E7FA6D620B}" = Catalyst Control Center Graphics Full New
"{A0AD3E2F-427D-09F9-85FB-450E35A03046}" = CCC Help Hungarian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1D31E2C-C7E1-2E6E-EAE9-0C3BAFB5B1F9}" = CCC Help Thai
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF8607A0-2E72-4421-A155-557B5360F05D}" = DSIClient
"{B2C07E85-76D6-DC01-48A9-7577AD95CD70}" = CCC Help Swedish
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B91C2CFE-15D0-C863-963A-DFF09D2AE726}" = Catalyst Control Center Core Implementation
"{BACF2A73-2F91-9657-F9B5-10723A9B1E5B}" = CCC Help Italian
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8694EE7-24F3-6593-FE50-00E575C79272}" = Skins
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDF7810C-10AB-7E95-ABC5-0D60C5761876}" = Catalyst Control Center Graphics Light
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}" = Adobe Audition CS5.5
"{D5D35107-8CFE-5FFB-2D64-1CE29202493B}" = Catalyst Control Center Graphics Previews Common
"{D8D98FAB-17E7-A123-D654-6574E6187EE2}" = CCC Help Chinese Traditional
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC44207-C17F-DAFA-CE5D-010AB94A38AB}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E31C77D0-B0F0-318B-0A39-F57BF54D22AD}" = ccc-core-static
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EA3CD5E7-0C84-2479-6490-B6228F87B174}" = CCC Help Japanese
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECEB9207-85FE-3004-CD20-5DAEE0F1D1E0}" = CCC Help Turkish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3446474-29B7-4F6E-B716-76AA1914C60B}" = Tick-It! Trak Pro 3.0
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F68AFC71-77CD-0B22-4C4F-C09097E058E9}" = Catalyst Control Center Localization All
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Dock" = Dell Dock
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2011" = Finale NotePad 2011
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"Office14.Access" = Microsoft Access 2010
"Office14.PUBLISHER" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Punch! Professional Home Design" = Punch! Professional Home Design
"SHARP AR-M150/168 Series MFP Driver" = SHARP AR-M150/168 Series MFP Driver
"SHARP AR-M250/M310/5600 Series Printer Driver" = SHARP AR-M250/M310/5600 Series Printer Driver
"Sharp Button Manager E" = Sharp Button Manager E
"SHARP PCL6 T1 Printer Driver" = SHARP PCL6 T1 Printer Driver
"SHARP T1 Printer Driver" = SHARP T1 Printer Driver
"ST6UNST #1" = Tick-It! 2K Plus
"ST6UNST #2" = Tick-It! 2K Plus Service Pack 1
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/10/2011 11:05:18 AM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 8/10/2011 11:05:18 AM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 8/10/2011 7:05:20 PM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 8/10/2011 7:05:20 PM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 8/11/2011 10:48:19 PM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 8/11/2011 10:48:19 PM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 8/12/2011 11:07:17 AM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 8/12/2011 11:07:17 AM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 8/12/2011 10:28:41 PM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 8/12/2011 10:28:41 PM | Computer Name = ADoffice | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

[ System Events ]
Error - 8/6/2011 10:31:49 AM | Computer Name = ADoffice | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 8/9/2011 12:23:29 PM | Computer Name = ADoffice | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS

Error - 8/10/2011 11:05:23 AM | Computer Name = ADoffice | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 8/10/2011 11:05:24 AM | Computer Name = ADoffice | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 8/10/2011 11:05:25 AM | Computer Name = ADoffice | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 8/11/2011 4:24:31 AM | Computer Name = ADoffice | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS

Error - 8/11/2011 10:48:22 PM | Computer Name = ADoffice | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 8/12/2011 10:28:43 PM | Computer Name = ADoffice | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 8/15/2011 11:24:50 AM | Computer Name = ADoffice | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS

Error - 8/16/2011 11:09:50 AM | Computer Name = ADoffice | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.


< End of report >


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7490

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/17/2011 2:26:03 PM
mbam-log-2011-08-17 (14-26-03).txt

Scan type: Quick scan
Objects scanned: 180138
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 8/17/2011 2:16:36 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jamie\Documents\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 78.12% Memory free
15.92 Gb Paging File | 14.07 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 851.50 Gb Free Space | 92.39% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 434.37 Gb Free Space | 93.26% Space Free | Partition Type: NTFS

Computer Name: ADOFFICE | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 11:08:22 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\My Documents\Downloads\OTL.exe
PRC - [2011/08/16 12:26:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/09/02 17:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/27 16:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/08/06 16:56:38 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2004/10/01 00:19:08 | 000,106,496 | ---- | M] (SHARP CORPORATION) -- C:\Program Files (x86)\SHARP\Button Manager E\btnman.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/16 12:26:07 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/11 03:34:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/11 03:28:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/11 03:28:03 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
MOD - [2011/08/11 03:27:50 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/11 03:27:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/11 03:27:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/11 03:27:34 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/11 03:27:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/11 03:27:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/11 03:27:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/11 03:27:19 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/11 03:18:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/23 17:36:10 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/07/21 11:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/21 11:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 11:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 11:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 11:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 11:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 11:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 11:33:36 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/07/21 11:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 13:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2004/09/09 17:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll
MOD - [2002/04/17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/10 17:15:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/08/03 13:58:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 06:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 06:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 06:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 06:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 06:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 06:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/12/10 19:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/01 01:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/08/13 12:51:10 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.beatricec...ityplayers.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.beatricec...typlayers.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/16 21:24:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 12:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/09 17:19:05 | 000,000,000 | ---D | M]

[2010/08/07 13:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Extensions
[2011/07/05 14:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\965ag9xk.default\extensions
[2010/12/28 12:31:46 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\965ag9xk.default\extensions\[email protected]
[2010/08/07 14:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\b3bge72q.default\extensions
[2011/07/12 12:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 11:05:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 12:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/14 10:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/12 12:27:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JAMIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\965AG9XK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/16 12:26:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/11 10:17:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/02 00:30:04 | 000,000,045 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{cf55e190-a983-11e0-a83f-b8ac6fa10632}\Shell - "" = AutoRun
O33 - MountPoints2\{cf55e190-a983-11e0-a83f-b8ac6fa10632}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 13:54:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/17 13:49:32 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jamie\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/08/17 13:48:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/17 11:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/08/17 11:21:54 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\tdsskiller
[2011/08/17 10:27:44 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2011/08/17 10:27:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/17 10:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/17 10:27:33 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/17 10:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/16 21:25:04 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/16 21:25:04 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/16 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/16 21:24:59 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/16 21:24:58 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/16 21:24:57 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/16 21:24:56 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/16 21:24:55 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/16 21:24:43 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/16 21:24:43 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/16 21:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/16 21:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/10 22:13:06 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 22:13:03 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 22:13:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 22:13:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 22:13:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 22:13:03 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 22:13:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 22:13:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 22:13:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 22:13:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 22:12:55 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 22:12:55 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 22:12:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 22:12:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 22:12:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 22:12:55 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 22:12:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 22:12:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 22:12:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 22:12:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 22:12:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 22:12:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 22:12:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 22:12:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 22:12:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 22:12:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 22:12:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 22:12:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 22:12:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 22:12:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 22:12:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 22:12:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 22:12:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 22:12:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 22:12:44 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 22:12:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 22:12:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 22:12:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 22:12:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 22:12:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 22:12:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 22:12:29 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 22:12:29 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 22:12:29 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 13:49:13 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Grants
[2011/08/09 17:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/09 17:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/02 18:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/02 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/02 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/02 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/02 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/02 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[1996/11/18 00:00:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 14:11:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 14:11:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 14:05:36 | 000,684,297 | ---- | M] () -- C:\Users\Jamie\Desktop\unhide.exe
[2011/08/17 14:01:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 14:01:21 | 2115,330,047 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 13:49:32 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Jamie\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/08/17 11:21:33 | 001,388,507 | ---- | M] () -- C:\Users\Jamie\Desktop\tdsskiller.zip
[2011/08/17 10:27:37 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 10:18:13 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/16 21:24:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/16 12:26:26 | 000,002,054 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/11 10:19:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/11 03:04:43 | 000,910,778 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/11 03:04:43 | 000,757,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/11 03:04:43 | 000,158,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/11 03:04:32 | 000,910,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/09 17:19:02 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 10:26:34 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/02 18:04:35 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/18 16:44:16 | 012,806,923 | ---- | M] () -- C:\Users\Jamie\Desktop\Beatrice_2011_06-30.pdf
[2011/07/18 16:39:00 | 012,502,157 | ---- | M] () -- C:\Users\Jamie\Desktop\Final Document.zip
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 14:05:34 | 000,684,297 | ---- | C] () -- C:\Users\Jamie\Desktop\unhide.exe
[2011/08/17 11:21:32 | 001,388,507 | ---- | C] () -- C:\Users\Jamie\Desktop\tdsskiller.zip
[2011/08/17 10:27:37 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/16 21:25:04 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/16 21:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/09 17:19:02 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/02 18:04:35 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/18 16:39:00 | 012,502,157 | ---- | C] () -- C:\Users\Jamie\Desktop\Final Document.zip
[2010/11/18 19:13:15 | 000,009,961 | ---- | C] () -- C:\Windows\SysWow64\sk1bNP.DAT
[2010/11/18 19:13:15 | 000,004,788 | ---- | C] () -- C:\Windows\SysWow64\sk1bGCT2.DAT
[2010/11/18 19:13:15 | 000,004,788 | ---- | C] () -- C:\Windows\SysWow64\sk1bGCT1.DAT
[2010/11/18 19:13:15 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\sk1bGCP.DAT
[2010/11/18 19:12:29 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\usk1b.dll
[2010/11/18 19:12:29 | 000,000,142 | ---- | C] () -- C:\Windows\SysWow64\Usk1bMsg.dat
[2010/08/24 11:14:47 | 000,356,692 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/24 11:07:37 | 000,001,456 | ---- | C] () -- C:\Users\Jamie\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/09 18:52:23 | 000,910,778 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/09 11:18:59 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\SC3BLMON.DAT
[2010/08/09 11:18:56 | 000,172,128 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010/08/09 11:18:31 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\usc3.dll
[2010/08/09 11:18:31 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010/08/09 11:18:31 | 000,000,142 | ---- | C] () -- C:\Windows\SysWow64\usc3bMsg.dat
[2010/08/03 15:50:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/11/11 18:00:00 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\CP30FWM.DLL

< End of report >

2011/08/17 14:46:12.0475 4768 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 14:46:13.0068 4768 ================================================================================
2011/08/17 14:46:13.0068 4768 SystemInfo:
2011/08/17 14:46:13.0068 4768
2011/08/17 14:46:13.0068 4768 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/17 14:46:13.0068 4768 Product type: Workstation
2011/08/17 14:46:13.0068 4768 ComputerName: ADOFFICE
2011/08/17 14:46:13.0068 4768 UserName: Jamie
2011/08/17 14:46:13.0068 4768 Windows directory: C:\Windows
2011/08/17 14:46:13.0068 4768 System windows directory: C:\Windows
2011/08/17 14:46:13.0068 4768 Running under WOW64
2011/08/17 14:46:13.0068 4768 Processor architecture: Intel x64
2011/08/17 14:46:13.0068 4768 Number of processors: 4
2011/08/17 14:46:13.0068 4768 Page size: 0x1000
2011/08/17 14:46:13.0068 4768 Boot type: Normal boot
2011/08/17 14:46:13.0068 4768 ================================================================================
2011/08/17 14:46:13.0895 4768 Initialize success
2011/08/17 14:46:45.0266 3324 ================================================================================
2011/08/17 14:46:45.0266 3324 Scan started
2011/08/17 14:46:45.0266 3324 Mode: Manual;
2011/08/17 14:46:45.0266 3324 ================================================================================
2011/08/17 14:46:45.0672 3324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/17 14:46:45.0719 3324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/17 14:46:45.0766 3324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/17 14:46:45.0797 3324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/17 14:46:45.0812 3324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/17 14:46:45.0828 3324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/17 14:46:45.0875 3324 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/17 14:46:45.0937 3324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/17 14:46:45.0968 3324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/17 14:46:46.0000 3324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/17 14:46:46.0015 3324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/17 14:46:46.0031 3324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/17 14:46:46.0062 3324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/17 14:46:46.0078 3324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/17 14:46:46.0093 3324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/17 14:46:46.0156 3324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/17 14:46:46.0202 3324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/17 14:46:46.0218 3324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/17 14:46:46.0249 3324 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/17 14:46:46.0296 3324 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/17 14:46:46.0327 3324 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/08/17 14:46:46.0358 3324 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/08/17 14:46:46.0390 3324 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/08/17 14:46:46.0405 3324 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/08/17 14:46:46.0452 3324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/17 14:46:46.0499 3324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/17 14:46:46.0546 3324 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/17 14:46:46.0624 3324 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/17 14:46:46.0733 3324 atikmdag (37456be85384e4cc38dc899f07f88c45) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/17 14:46:46.0889 3324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/17 14:46:46.0904 3324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/17 14:46:46.0982 3324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/17 14:46:47.0014 3324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/17 14:46:47.0060 3324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/17 14:46:47.0076 3324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/17 14:46:47.0107 3324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/17 14:46:47.0123 3324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/17 14:46:47.0138 3324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/17 14:46:47.0154 3324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/17 14:46:47.0170 3324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/17 14:46:47.0185 3324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/17 14:46:47.0232 3324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/17 14:46:47.0263 3324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/17 14:46:47.0310 3324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/17 14:46:47.0341 3324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/17 14:46:47.0372 3324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/17 14:46:47.0404 3324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/17 14:46:47.0435 3324 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/17 14:46:47.0466 3324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/17 14:46:47.0482 3324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/17 14:46:47.0513 3324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/17 14:46:47.0560 3324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/17 14:46:47.0575 3324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/17 14:46:47.0606 3324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/17 14:46:47.0653 3324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/17 14:46:47.0684 3324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/17 14:46:47.0778 3324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/17 14:46:47.0872 3324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/17 14:46:47.0903 3324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/17 14:46:47.0918 3324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/17 14:46:47.0950 3324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/17 14:46:47.0965 3324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/17 14:46:47.0996 3324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/17 14:46:48.0012 3324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/17 14:46:48.0028 3324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/17 14:46:48.0059 3324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/17 14:46:48.0090 3324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/17 14:46:48.0121 3324 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/17 14:46:48.0152 3324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/17 14:46:48.0168 3324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/17 14:46:48.0184 3324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/17 14:46:48.0230 3324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/17 14:46:48.0262 3324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/17 14:46:48.0308 3324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/17 14:46:48.0355 3324 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/08/17 14:46:48.0371 3324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/17 14:46:48.0386 3324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/17 14:46:48.0418 3324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/17 14:46:48.0449 3324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/17 14:46:48.0480 3324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/17 14:46:48.0511 3324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/17 14:46:48.0558 3324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/17 14:46:48.0574 3324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/17 14:46:48.0605 3324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/17 14:46:48.0636 3324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/17 14:46:48.0667 3324 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/17 14:46:48.0730 3324 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/17 14:46:48.0761 3324 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/08/17 14:46:48.0792 3324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/17 14:46:48.0808 3324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/17 14:46:48.0854 3324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/17 14:46:48.0901 3324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/17 14:46:48.0917 3324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/17 14:46:48.0964 3324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/17 14:46:48.0995 3324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/17 14:46:49.0010 3324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/17 14:46:49.0042 3324 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/08/17 14:46:49.0057 3324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/17 14:46:49.0135 3324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/17 14:46:49.0182 3324 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/17 14:46:49.0213 3324 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/17 14:46:49.0244 3324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/17 14:46:49.0291 3324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/17 14:46:49.0338 3324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/17 14:46:49.0354 3324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/17 14:46:49.0385 3324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/17 14:46:49.0416 3324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/17 14:46:49.0432 3324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/17 14:46:49.0447 3324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/17 14:46:49.0478 3324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/17 14:46:49.0494 3324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/17 14:46:49.0525 3324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/17 14:46:49.0556 3324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/17 14:46:49.0572 3324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/17 14:46:49.0603 3324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/17 14:46:49.0619 3324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/17 14:46:49.0650 3324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/17 14:46:49.0697 3324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/17 14:46:49.0728 3324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/17 14:46:49.0759 3324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/17 14:46:49.0790 3324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/17 14:46:49.0837 3324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/17 14:46:49.0853 3324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/17 14:46:49.0900 3324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/17 14:46:49.0931 3324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/17 14:46:49.0946 3324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/17 14:46:49.0978 3324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/17 14:46:50.0009 3324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/17 14:46:50.0024 3324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/17 14:46:50.0056 3324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/17 14:46:50.0087 3324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/17 14:46:50.0165 3324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/17 14:46:50.0196 3324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/17 14:46:50.0212 3324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/17 14:46:50.0243 3324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/17 14:46:50.0290 3324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/17 14:46:50.0321 3324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/17 14:46:50.0368 3324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/17 14:46:50.0399 3324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/17 14:46:50.0446 3324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/17 14:46:50.0477 3324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/17 14:46:50.0492 3324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/17 14:46:50.0524 3324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/17 14:46:50.0570 3324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/17 14:46:50.0586 3324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/17 14:46:50.0617 3324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/17 14:46:50.0680 3324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/17 14:46:50.0711 3324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/17 14:46:50.0758 3324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/17 14:46:50.0789 3324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/17 14:46:50.0836 3324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/17 14:46:50.0867 3324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/17 14:46:50.0914 3324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/17 14:46:50.0945 3324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/17 14:46:50.0976 3324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/17 14:46:50.0992 3324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/17 14:46:51.0023 3324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/17 14:46:51.0054 3324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/17 14:46:51.0085 3324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/17 14:46:51.0194 3324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/17 14:46:51.0210 3324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/17 14:46:51.0272 3324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/17 14:46:51.0304 3324 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/17 14:46:51.0350 3324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/17 14:46:51.0382 3324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/17 14:46:51.0413 3324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/17 14:46:51.0444 3324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/17 14:46:51.0460 3324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/17 14:46:51.0506 3324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/17 14:46:51.0522 3324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/17 14:46:51.0553 3324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/17 14:46:51.0584 3324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/17 14:46:51.0600 3324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/17 14:46:51.0631 3324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/17 14:46:51.0647 3324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/17 14:46:51.0662 3324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/17 14:46:51.0709 3324 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/17 14:46:51.0740 3324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/17 14:46:51.0787 3324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/17 14:46:51.0818 3324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/17 14:46:51.0850 3324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/17 14:46:51.0912 3324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/17 14:46:51.0943 3324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/17 14:46:51.0959 3324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/17 14:46:51.0990 3324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/17 14:46:52.0021 3324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/17 14:46:52.0052 3324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/17 14:46:52.0068 3324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/17 14:46:52.0099 3324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/17 14:46:52.0130 3324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/17 14:46:52.0146 3324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/17 14:46:52.0177 3324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/17 14:46:52.0208 3324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/17 14:46:52.0271 3324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/17 14:46:52.0302 3324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/17 14:46:52.0333 3324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/17 14:46:52.0364 3324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/17 14:46:52.0396 3324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/17 14:46:52.0474 3324 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/17 14:46:52.0552 3324 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/17 14:46:52.0583 3324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/17 14:46:52.0614 3324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/17 14:46:52.0614 3324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/17 14:46:52.0645 3324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/17 14:46:52.0676 3324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/17 14:46:52.0723 3324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/17 14:46:52.0770 3324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/17 14:46:52.0832 3324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/17 14:46:52.0848 3324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/17 14:46:52.0879 3324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/17 14:46:52.0910 3324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/17 14:46:52.0926 3324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/17 14:46:52.0957 3324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/17 14:46:52.0988 3324 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/17 14:46:53.0004 3324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
2011/08/17 14:46:53.0035 3324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/17 14:46:53.0051 3324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/08/17 14:46:53.0082 3324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/17 14:46:53.0098 3324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/08/17 14:46:53.0129 3324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/17 14:46:53.0160 3324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/17 14:46:53.0191 3324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/17 14:46:53.0222 3324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/08/17 14:46:53.0238 3324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/17 14:46:53.0254 3324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/17 14:46:53.0285 3324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/17 14:46:53.0300 3324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/17 14:46:53.0332 3324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/17 14:46:53.0347 3324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/17 14:46:53.0378 3324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/17 14:46:53.0410 3324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/17 14:46:53.0441 3324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/17 14:46:53.0456 3324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/17 14:46:53.0488 3324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/17 14:46:53.0503 3324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/17 14:46:53.0534 3324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/17 14:46:53.0566 3324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/17 14:46:53.0566 3324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/17 14:46:53.0597 3324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/17 14:46:53.0628 3324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/17 14:46:53.0659 3324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/17 14:46:53.0690 3324 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/17 14:46:53.0722 3324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/17 14:46:53.0768 3324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/17 14:46:53.0800 3324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/17 14:46:53.0831 3324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/17 14:46:53.0878 3324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/17 14:46:53.0909 3324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/17 14:46:53.0956 3324 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/08/17 14:46:53.0971 3324 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk5\DR5
2011/08/17 14:46:54.0002 3324 Boot (0x1200) (9bb389b340dc3a52ed1386631e606894) \Device\Harddisk0\DR0\Partition0
2011/08/17 14:46:54.0002 3324 Boot (0x1200) (c4a84f872ad971a896ba0a2c412f1f59) \Device\Harddisk0\DR0\Partition1
2011/08/17 14:46:54.0018 3324 Boot (0x1200) (7eb774d4eb0d7a90914019a9ee35b201) \Device\Harddisk5\DR5\Partition0
2011/08/17 14:46:54.0018 3324 ================================================================================
2011/08/17 14:46:54.0018 3324 Scan finished
2011/08/17 14:46:54.0018 3324 ================================================================================
2011/08/17 14:46:54.0034 3888 Detected object count: 0
2011/08/17 14:46:54.0034 3888 Actual detected object count: 0


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 580
Logical Drives Mask: 0x020801fc

Kernel Drivers (total 166):
0x02C61000 \SystemRoot\system32\ntoskrnl.exe
0x02C18000 \SystemRoot\system32\hal.dll
0x00B9D000 \SystemRoot\system32\kdcom.dll
0x00C83000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CD2000 \SystemRoot\system32\PSHED.dll
0x00CE6000 \SystemRoot\system32\CLFS.SYS
0x00EBF000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F7F000 \SystemRoot\system32\drivers\ACPI.sys
0x00FD6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FDF000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D44000 \SystemRoot\system32\drivers\pci.sys
0x00FE9000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00D77000 \SystemRoot\System32\drivers\partmgr.sys
0x00D8C000 \SystemRoot\system32\drivers\volmgr.sys
0x00DA1000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF6000 \SystemRoot\system32\drivers\pciide.sys
0x00C00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EB3000 \SystemRoot\system32\drivers\atapi.sys
0x00C2A000 \SystemRoot\system32\drivers\ataport.SYS
0x00C54000 \SystemRoot\system32\drivers\amdxata.sys
0x01025000 \SystemRoot\system32\drivers\fltmgr.sys
0x01071000 \SystemRoot\system32\drivers\fileinfo.sys
0x01085000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01238000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01091000 \SystemRoot\System32\Drivers\msrpc.sys
0x013DB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010EF000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014BF000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016C3000 \SystemRoot\System32\drivers\tcpip.sys
0x018C7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01911000 \SystemRoot\system32\drivers\volsnap.sys
0x0195D000 \SystemRoot\System32\Drivers\spldr.sys
0x01965000 \SystemRoot\System32\drivers\rdyboost.sys
0x0199F000 \SystemRoot\System32\Drivers\mup.sys
0x019B1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019BA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
0x01616000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0167C000 \SystemRoot\system32\drivers\cdrom.sys
0x01161000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x016A6000 \SystemRoot\System32\Drivers\Null.SYS
0x016AF000 \SystemRoot\System32\Drivers\Beep.SYS
0x0148B000 \SystemRoot\System32\drivers\vga.sys
0x01499000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015B2000 \SystemRoot\System32\drivers\watchdog.sys
0x016B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015C2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015CB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01000000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0121B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x0405C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040A1000 \SystemRoot\system32\drivers\afd.sys
0x0412A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x04134000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0413D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04163000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04179000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04188000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041A3000 \SystemRoot\system32\drivers\termdd.sys
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041B7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041C3000 \SystemRoot\system32\drivers\mssmbios.sys
0x041CE000 \SystemRoot\System32\drivers\discache.sys
0x041DD000 \SystemRoot\System32\Drivers\dfsc.sys
0x00C5F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E49000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03E96000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03EBC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x048F3000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03ED2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F2A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F70000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04F94000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04FA5000 \SystemRoot\system32\drivers\usbehci.sys
0x04800000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04856000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x048A7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x048B4000 \SystemRoot\system32\drivers\CompositeBus.sys
0x048C4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04FB6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04FDA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03FC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E1B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04FE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x048DA000 \SystemRoot\system32\drivers\kbdclass.sys
0x01229000 \SystemRoot\system32\drivers\mouclass.sys
0x048E9000 \SystemRoot\system32\drivers\swenum.sys
0x044D7000 \SystemRoot\system32\drivers\ks.sys
0x0451A000 \SystemRoot\system32\drivers\umbus.sys
0x0452C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04586000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0459B000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x045BC000 \SystemRoot\system32\drivers\portcls.sys
0x04400000 \SystemRoot\system32\drivers\drmk.sys
0x04422000 \SystemRoot\system32\drivers\ksthunk.sys
0x05611000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05839000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x05880000 \SystemRoot\system32\drivers\hidusb.sys
0x0588E000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x058A7000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x058B0000 \SystemRoot\system32\drivers\USBD.SYS
0x058B2000 \SystemRoot\system32\drivers\kbdhid.sys
0x058C0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x058CE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x058DA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x058E3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x058F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05903000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x00010000 \SystemRoot\System32\win32k.sys
0x0591E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0592A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x05938000 \SystemRoot\system32\drivers\luafv.sys
0x0595B000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05995000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x0599E000 \SystemRoot\system32\drivers\WudfPf.sys
0x059BF000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x059CB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04428000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x059E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0447B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x046E3000 \SystemRoot\system32\drivers\HTTP.sys
0x047AC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x047CA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0462D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0467B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x064BB000 \SystemRoot\system32\drivers\peauth.sys
0x06561000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0656C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0659D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C5C000 \SystemRoot\System32\DRIVERS\srv.sys
0x06CF4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06D25000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06DCC000 \??\C:\Users\Jamie\AppData\Local\Temp\aswMBR.sys
0x77C30000 \Windows\System32\ntdll.dll
0x48180000 \Windows\System32\smss.exe
0xFFF50000 \Windows\System32\apisetschema.dll
0xFF950000 \Windows\System32\autochk.exe
0xFFEE0000 \Windows\System32\Wldap32.dll
0xFF150000 \Windows\System32\shell32.dll
0xFF0E0000 \Windows\System32\gdi32.dll
0x77B10000 \Windows\System32\kernel32.dll
0xFF0D0000 \Windows\System32\lpk.dll
0xFF0B0000 \Windows\System32\imagehlp.dll
0xFF090000 \Windows\System32\sechost.dll
0xFEE30000 \Windows\System32\iertutil.dll
0x77A10000 \Windows\System32\user32.dll
0x77E00000 \Windows\System32\normaliz.dll
0xFED90000 \Windows\System32\clbcatq.dll
0xFECB0000 \Windows\System32\oleaut32.dll
0xFEBE0000 \Windows\System32\usp10.dll

Processes (total 74):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
460 csrss.exe
524 C:\Windows\System32\wininit.exe
548 csrss.exe
588 C:\Windows\System32\services.exe
620 C:\Windows\System32\winlogon.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\atiesrxx.exe
992 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1092 C:\Program Files\Dell\DellDock\DockLogin.exe
1148 C:\Windows\System32\svchost.exe
1248 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1372 C:\Windows\System32\atieclxx.exe
1736 C:\Windows\System32\taskeng.exe
1768 C:\Windows\System32\spoolsv.exe
1812 C:\Windows\System32\svchost.exe
1892 C:\Windows\System32\rundll32.exe
1916 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2028 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1172 C:\Windows\System32\svchost.exe
1192 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1308 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
2108 C:\Windows\System32\taskhost.exe
2256 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2704 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2728 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2764 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2820 C:\Windows\System32\svchost.exe
2936 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2592 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3160 WmiPrvSE.exe
3292 C:\Windows\System32\vds.exe
3456 WUDFHost.exe
3596 C:\Windows\System32\svchost.exe
3768 C:\Windows\System32\dwm.exe
3792 C:\Windows\explorer.exe
4012 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
4160 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4184 C:\Program Files\Windows Sidebar\sidebar.exe
4380 C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
4396 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
4412 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4424 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4432 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
4444 C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
4560 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
4868 C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
4176 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4192 C:\Program Files (x86)\SHARP\Button Manager E\btnman.exe
1260 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4340 C:\Program Files\AVAST Software\Avast\AvastUI.exe
4740 C:\Windows\System32\SearchIndexer.exe
4824 C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
4968 C:\Program Files\Dell\DellDock\DellDock.exe
5004 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
4132 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4056 C:\Program Files\iPod\bin\iPodService.exe
5132 C:\Program Files\Windows Media Player\wmpnetwk.exe
4316 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
5304 C:\Windows\System32\audiodg.exe
5332 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5796 C:\Windows\System32\SearchProtocolHost.exe
5896 C:\Windows\System32\SearchFilterHost.exe
168 C:\Users\Jamie\Desktop\MBRCheck.exe
1432 C:\Windows\System32\conhost.exe
6136 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7ae00000 (NTFS)
\\.\I: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC46
PhysicalDrive5 Model Number: MaxtorOneTouch, Rev: 0125

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
465 GB \\.\PhysicalDrive5 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

I will post the Avast log after it runs tonight. But things seem to have cleared up. Is there anything else I should do?
Thanks again for your help! You're a lifesaver!
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library


Driver::
AFS

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log. (You are getting an error at boot because of a broken AFS driver so this will remove it as well as a McAfee remnant.)

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2010/10/28 11:05:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 12:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/14 10:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
     
:Commands
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. (This cleans up some remnants of AVG and some old Java stuff from FireFox and some run once things that should have been removed the first time they ran)


Combofix removed an autorun.inf file from I:\ which was probably your external drive. You might need it as I see we are getting a controller error for the drive. It usually put a copy of it in C:\Qoobox\Quarantine\I\autorun.inf.vir. Find the file and copy it then paste in in I:\ and right click on it and rename it to autorun.inf.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP