Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win 7 Home Security 2012

Started by gweng , Dec 16 2011 05:31 PM

  • Please log in to reply

#1
gweng
Posted 16 December 2011 - 05:31 PM

gweng

    Member

  • Member
  • PipPip
  • 50 posts
My son's computer has been infected by the Win 7 Home Security Virus. I didn't see any of the specific errors/messages that he originally got because he was away at school. I now have the computer at home. I can not open Firefox or Internet Explorer. I get a "Windows can not access .... You do not have the appropriate permission .." error.

I was not able to run OTL.exe but was able to run OTL.com. Here is the OTL log:

Thanks in advance for your help.


OTL logfile created on: 12/16/2011 4:01:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.38% Memory free
7.99 Gb Paging File | 6.68 Gb Available in Paging File | 83.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 239.80 Gb Free Space | 53.16% Space Free | Partition Type: NTFS

Computer Name: KYLES-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
PRC - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 03:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 11:13:14 | 002,823,512 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/04 06:59:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 21:28:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:28:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/14 21:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 04:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 20:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/05 04:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/07 16:11:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/06/27 21:56:15] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=18705"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kyle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 08:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 00:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\cartoonly

[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/11 09:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/22 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions
[2011/09/20 21:03:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/02/14 22:31:40 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/09/20 21:12:11 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/05/03 20:05:44 | 000,001,919 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\searchplugins\bing-zugo.xml
[2011/11/09 08:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/31 17:49:39 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/03 15:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2011/11/09 08:05:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/03 15:27:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/05/02 19:49:19 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/16 23:19:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 08:05:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...UGO&form=ZGACDF
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - Extension: Ask Toolbar = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoehmlbjgmbfaelmebaigekhbioa\7.13.1.0_0\
CHR - Extension: DealPly = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: GameVance = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: Click to call with Skype = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files (x86)\Gamevance\gvtl.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD34D9-1318-425C-8EFC-6EB2F54D2225}: DhcpNameServer = 129.82.103.78 129.82.103.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D36BC42B-7D0C-46CD-93A6-B11044DE2C82}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = P8] -- "C:\Users\Kyle\AppData\Local\mbq.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 16:01:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:59:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/13 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D1D5E899-5101-4C1B-8785-697EF7B81B70}
[2011/12/13 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D58FAE80-F58B-4171-A0B6-7BD957D9EDC8}
[2011/12/12 20:04:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{13D91D55-C6F1-4029-B087-4317B596A93E}
[2011/12/12 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6106FBE5-CAD9-4C7D-B8B9-B83A3F77EFAA}
[2011/12/12 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{48E260B3-2171-4D60-8F64-111AE80D5DBF}
[2011/12/12 17:28:34 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0416EC56-77F5-4139-ABD3-1557BABF72A3}
[2011/12/12 15:05:07 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\HPAppData
[2011/12/11 21:13:21 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{DFBCEFA3-AC85-47E9-8FFA-F7C55F933908}
[2011/12/11 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{707D04E7-DAA7-47AC-91B8-247CE6DCEE88}
[2011/12/09 23:26:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Facebook
[2011/12/09 23:26:51 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/09 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{14101C58-AEE5-4A81-A3D2-EDBFDA13954D}
[2011/12/09 22:00:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{371A9E60-A33B-42D3-8AFC-CDA52EF1025A}
[2011/12/09 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{99A37BEB-178E-499B-A8C4-6037101A7770}
[2011/12/09 12:54:05 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{107660EC-8ED0-4E3C-BD8D-1A5494AF32AF}
[2011/12/09 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{E9F3C3C4-039C-4B17-ADD1-F2F55A6F224B}
[2011/12/09 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A282B329-EF04-4733-BB93-6332F70A84E2}
[2011/12/09 00:38:56 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{36826070-EFDA-4BFD-BABC-0A0712C6746F}
[2011/12/09 00:38:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{3D77CB17-DB58-40FC-9DC7-7904013B8207}
[2011/12/08 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{05C80FA5-4A03-42CB-AC96-3E92CC243383}
[2011/12/08 17:54:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FBC851D8-184C-461F-95A5-AD783F0726BA}
[2011/12/08 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{1A0CC857-ACCE-497A-9938-1BFA346C3FE6}
[2011/12/08 17:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{EAE6190F-872F-4410-9E2F-039AAB6B0B65}
[2011/12/08 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{77450128-3296-4EFE-9089-3C9E9C8DAAE5}
[2011/12/08 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/08 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/08 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{21AC24BB-3A74-4A34-9090-40AF7A2EA06A}
[2011/12/08 02:11:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{4235F61C-1001-45AF-884A-BFFD32159236}
[2011/12/06 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{82D5ED6E-F456-4848-9CCA-F2926A135534}
[2011/12/06 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6C530D1E-4F96-4236-A7F4-225F713B219C}
[2011/12/06 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F9316766-4BDB-40F3-AD9F-F6175C55E5D1}
[2011/12/06 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{18E5F051-B5CB-40CC-87E4-181A89F7B767}
[2011/12/06 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A1BC8882-1138-4227-ABB0-28DFE833FE1A}
[2011/12/06 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE2D48F2-8944-40E4-802C-5B8E264C774A}
[2011/12/06 14:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{37A1AFDC-BA5F-464B-BA00-EC6CCF3D7EE6}
[2011/12/06 14:35:23 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{47B5D6CA-40F7-4BD8-9BA5-1F4970F02CAE}
[2011/12/04 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5793B16C-FDFF-4427-A333-7040AF8A5148}
[2011/12/02 16:19:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FA0A57EC-175C-4630-B31A-40C407FBA459}
[2011/12/02 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CFA3F009-103A-4585-80D8-D3263690AA70}
[2011/12/01 20:49:53 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{68F3FDAC-96C4-43DF-B64E-C82B842FD755}
[2011/12/01 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0E9B603C-AAAF-4A63-8675-E143B712FFBC}
[2011/11/29 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{09EDB4B1-C581-43C9-8A7D-61DAC373E824}
[2011/11/29 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{67C03F73-A4CE-43CC-9A52-C548EE4490DC}
[2011/11/29 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{27ABEC86-B798-4D5F-B926-7F74B38CC30C}
[2011/11/29 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2A66CDDE-7327-406D-A174-5219F750FE1F}
[2011/11/29 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{8CC440A9-E593-44EB-9479-76F7F99C3E85}
[2011/11/29 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A4B01288-2899-4708-895C-3620472CC470}
[2011/11/29 12:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{9FBCD4CD-AEF2-4AAD-8DE9-D81949BF537E}
[2011/11/28 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE5C3D91-065F-4EA6-831E-14DF5689327F}
[2011/11/28 21:23:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{74C0B14D-71D4-4E47-A938-0A60BF639C1F}
[2011/11/28 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{76CA64BC-309A-4688-81B8-93261D8BFD6E}
[2011/11/28 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{26F91561-DAE7-4218-B93B-AE9E5F53025C}
[2011/11/28 12:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5574B743-69FA-4F77-8637-3E54A7C25B94}
[2011/11/28 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CA279F1D-1613-4A2F-BB34-9569C6061DEB}
[2011/11/28 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2449C7ED-4A37-440C-9D8A-068C2DA04118}
[2011/11/28 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D571DCFF-BFF2-4C1F-BBE7-2F8EE74C72ED}
[2011/11/27 12:41:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F6C34AC3-1E55-4FF6-989F-1C1B25A54EFE}
[2011/11/18 10:41:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6AB037E8-DF3D-4F7B-9966-EAA3FA6227CE}
[2011/11/18 10:40:54 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CC2FF359-9177-4D6D-A3DF-F4B29ED2A3BD}
[2011/11/17 22:11:07 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CF2E918B-0D1B-4B35-9831-E5D350E5993A}
[2011/11/17 18:58:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{7FE816D8-4F36-4DA8-99CE-0EE35E852477}
[2011/11/17 18:57:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{7A38F558-A23A-40D8-BE4C-8FBC91E23A23}
[2011/11/17 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{3045F33F-F8BD-4915-9644-5AB5609798FD}
[2011/11/17 17:00:56 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{126080E0-39B7-4E60-B0B7-53E0C468D440}
[2011/11/17 17:00:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{65C10B31-492B-4D8B-BB5E-81853838E134}
[2011/11/16 18:48:39 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{EF2F0B55-3B88-48B3-A8F1-CCC6B6B9D834}
[2011/11/16 18:48:18 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AA947159-2C48-4F04-B604-9BA0C22181B4}
[2011/11/16 17:59:22 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{353EA73F-8562-4C3D-A84D-71A4232644B6}
[2011/11/16 17:59:01 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{572DD7CC-9C24-4A53-9191-66438A8BEFE6}
[2011/11/16 16:22:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{E950459C-57EF-4AB1-8487-78211E2C5924}
[2011/11/16 16:22:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D550D606-4E22-4F7F-A485-5A9D927DD4F8}
[2011/11/16 16:16:39 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0998379B-F9A6-4DFA-943D-569756860F03}
[2011/11/16 16:16:29 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{E462C7BC-6BC4-4B24-A50D-A78AEC098E49}
[2011/11/16 16:13:33 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{3577301D-9956-4D36-B133-41AFFDBF3028}
[2011/11/16 16:13:12 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{8849BB50-BBB3-4856-8AE7-D52EE08CE670}

========== Files - Modified Within 30 Days ==========

[2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:46:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 15:46:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 15:43:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/16 15:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 15:38:10 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 14:31:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/14 13:46:19 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:17 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/14 13:46:15 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\mbq.exe
[2011/12/14 13:43:57 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/14 13:32:34 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/11 18:28:02 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/11 18:28:02 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/11 18:28:02 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/09 23:26:52 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/08 17:28:32 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/27 12:28:10 | 467,453,007 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/12/14 13:46:22 | 000,012,886 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:22 | 000,012,886 | -HS- | C] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:19 | 000,334,336 | ---- | C] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:15 | 000,334,336 | ---- | C] () -- C:\Users\Kyle\AppData\Local\mbq.exe
[2011/12/09 23:26:58 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/09 23:26:58 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/08 17:28:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/29 12:57:43 | 000,171,933 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/11/03 15:38:32 | 000,188,584 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/22 19:26:19 | 000,000,262 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\iPod Access v4 Prefs
[2010/08/22 18:48:12 | 000,000,011 | -H-- | C] () -- C:\Users\Kyle\AppData\Roaming\iPodAccess_Time
[2010/08/17 16:11:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 12:36:05 | 000,012,800 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 12:04:30 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2010/04/09 07:33:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/04 08:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/04 07:12:36 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/15 02:57:06 | 000,418,008 | ---- | C] () -- C:\Windows\SysWow64\WuWUI.exe

========== LOP Check ==========

[2011/09/20 21:11:54 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\BSD
[2011/11/09 01:44:47 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\bsnes
[2010/05/12 17:16:29 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Canon
[2011/12/15 16:30:39 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Dropbox
[2010/06/16 19:08:10 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Facebook
[2011/10/22 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\GetRightToGo
[2011/07/02 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\go
[2011/11/09 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\gtk-2.0
[2011/01/28 17:24:07 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Keynote Systems
[2010/11/10 19:36:29 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\LimeWire
[2011/10/22 01:08:42 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Spotify
[2010/08/29 15:55:59 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Thunderbird
[2010/11/15 09:42:25 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Windows Live Writer
[2011/12/14 13:46:17 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/14 14:31:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/04/26 15:53:26 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Amlak
Posted 16 December 2011 - 06:34 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Welcome to GTG. Let's help you out with your malware issue(s).

As I'm still in training, I'll need to wait for my fixes to be approved before they can be submitted, so expect a bit of delay in my responses including fixes.

Before we start, make sure you carefully read what I have to say. Don't skip anything. You may even want to have this all printed out in case you're forced to exit this window.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
gweng
Posted 16 December 2011 - 07:25 PM

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Thanks for the prompt response. Here is the aswMBR log:

wMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-16 18:21:58
-----------------------------
18:21:58.710 OS Version: Windows x64 6.1.7600
18:21:58.710 Number of processors: 2 586 0x170A
18:21:58.726 ComputerName: KYLES-PC UserName: Kyle
18:22:00.613 Initialize success
18:22:25.076 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:22:25.076 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:22:25.092 Disk 0 MBR read successfully
18:22:25.107 Disk 0 MBR scan
18:22:25.107 Disk 0 Windows VISTA default MBR code
18:22:25.123 Service scanning
18:22:30.365 Modules scanning
18:22:30.365 Disk 0 trace - called modules:
18:22:30.380 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:22:30.396 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800423a320]
18:22:30.396 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040a2050]
18:22:30.411 Scan finished successfully
18:23:34.995 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
18:23:34.995 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"
  • 0

#4
Amlak
Posted 17 December 2011 - 01:49 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Waiting for my fix to be approved. In the meantime, could you please post the contents of the Extras.txt log? It should be located somewhere on your Desktop.
  • 0

#5
Amlak
Posted 17 December 2011 - 06:39 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O37 - HKCU\...exe [@ = P8] -- "C:\Users\Kyle\AppData\Local\mbq.exe" -a "%1" %* ()
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:19 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:15 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\mbq.exe

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]
  • Click the Run Fix button at the top.
  • When done, post the content of the resultant log in your next reply.


Step 2

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    msconfig
safebootminimal
safebootnetwork
activex
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%APPDATA%\*.*
%systemroot%\Tasks\*.job
C:\ProgramData\*.*
C:\Users\Kyle\AppData\Local\*.*
  • Click the Run Scan button at the top.
  • Make sure you post the log it produces in your next reply.

  • 0

#6
gweng
Posted 18 December 2011 - 10:53 AM

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Results of 2 OTL scans:


OTL logfile created on: 12/18/2011 9:40:05 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 70.63% Memory free
7.99 Gb Paging File | 6.62 Gb Available in Paging File | 82.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 240.69 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive E: | 983.72 Mb Total Space | 983.67 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: KYLES-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
PRC - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 03:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 11:13:14 | 002,823,512 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/04 06:59:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 21:28:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:28:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/14 21:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 04:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 20:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/05 04:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/07 16:11:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/06/27 21:56:15] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=18705"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kyle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 08:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 00:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\cartoonly

[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/11 09:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/22 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions
[2011/09/20 21:03:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/02/14 22:31:40 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/09/20 21:12:11 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/05/03 20:05:44 | 000,001,919 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\searchplugins\bing-zugo.xml
[2011/11/09 08:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/31 17:49:39 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/03 15:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2011/11/09 08:05:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/03 15:27:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/05/02 19:49:19 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/16 23:19:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 08:05:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...UGO&form=ZGACDF
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - Extension: Ask Toolbar = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoehmlbjgmbfaelmebaigekhbioa\7.13.1.0_0\
CHR - Extension: DealPly = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: GameVance = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: Click to call with Skype = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files (x86)\Gamevance\gvtl.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD34D9-1318-425C-8EFC-6EB2F54D2225}: DhcpNameServer = 129.82.103.78 129.82.103.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D36BC42B-7D0C-46CD-93A6-B11044DE2C82}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = P8] -- "C:\Users\Kyle\AppData\Local\mbq.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 18:20:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2011/12/16 16:22:47 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\virus stuff kyle's pc
[2011/12/16 16:01:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:59:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/16 15:47:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/16 15:47:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/16 15:47:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/16 15:47:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 15:47:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 15:47:37 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/16 15:47:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/16 15:47:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/16 15:47:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 15:47:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 15:47:37 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 15:47:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 15:47:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/16 15:47:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/16 15:47:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/16 15:47:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 15:47:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/16 15:47:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D1D5E899-5101-4C1B-8785-697EF7B81B70}
[2011/12/13 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D58FAE80-F58B-4171-A0B6-7BD957D9EDC8}
[2011/12/12 20:04:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{13D91D55-C6F1-4029-B087-4317B596A93E}
[2011/12/12 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6106FBE5-CAD9-4C7D-B8B9-B83A3F77EFAA}
[2011/12/12 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{48E260B3-2171-4D60-8F64-111AE80D5DBF}
[2011/12/12 17:28:34 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0416EC56-77F5-4139-ABD3-1557BABF72A3}
[2011/12/12 15:05:07 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\HPAppData
[2011/12/11 21:13:21 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{DFBCEFA3-AC85-47E9-8FFA-F7C55F933908}
[2011/12/11 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{707D04E7-DAA7-47AC-91B8-247CE6DCEE88}
[2011/12/09 23:26:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Facebook
[2011/12/09 23:26:51 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/09 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{14101C58-AEE5-4A81-A3D2-EDBFDA13954D}
[2011/12/09 22:00:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{371A9E60-A33B-42D3-8AFC-CDA52EF1025A}
[2011/12/09 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{99A37BEB-178E-499B-A8C4-6037101A7770}
[2011/12/09 12:54:05 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{107660EC-8ED0-4E3C-BD8D-1A5494AF32AF}
[2011/12/09 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{E9F3C3C4-039C-4B17-ADD1-F2F55A6F224B}
[2011/12/09 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A282B329-EF04-4733-BB93-6332F70A84E2}
[2011/12/09 00:38:56 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{36826070-EFDA-4BFD-BABC-0A0712C6746F}
[2011/12/09 00:38:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{3D77CB17-DB58-40FC-9DC7-7904013B8207}
[2011/12/08 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{05C80FA5-4A03-42CB-AC96-3E92CC243383}
[2011/12/08 17:54:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FBC851D8-184C-461F-95A5-AD783F0726BA}
[2011/12/08 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{1A0CC857-ACCE-497A-9938-1BFA346C3FE6}
[2011/12/08 17:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{EAE6190F-872F-4410-9E2F-039AAB6B0B65}
[2011/12/08 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{77450128-3296-4EFE-9089-3C9E9C8DAAE5}
[2011/12/08 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/08 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/08 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{21AC24BB-3A74-4A34-9090-40AF7A2EA06A}
[2011/12/08 02:11:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{4235F61C-1001-45AF-884A-BFFD32159236}
[2011/12/06 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{82D5ED6E-F456-4848-9CCA-F2926A135534}
[2011/12/06 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6C530D1E-4F96-4236-A7F4-225F713B219C}
[2011/12/06 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F9316766-4BDB-40F3-AD9F-F6175C55E5D1}
[2011/12/06 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{18E5F051-B5CB-40CC-87E4-181A89F7B767}
[2011/12/06 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A1BC8882-1138-4227-ABB0-28DFE833FE1A}
[2011/12/06 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE2D48F2-8944-40E4-802C-5B8E264C774A}
[2011/12/06 14:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{37A1AFDC-BA5F-464B-BA00-EC6CCF3D7EE6}
[2011/12/06 14:35:23 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{47B5D6CA-40F7-4BD8-9BA5-1F4970F02CAE}
[2011/12/04 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5793B16C-FDFF-4427-A333-7040AF8A5148}
[2011/12/02 16:19:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FA0A57EC-175C-4630-B31A-40C407FBA459}
[2011/12/02 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CFA3F009-103A-4585-80D8-D3263690AA70}
[2011/12/01 20:49:53 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{68F3FDAC-96C4-43DF-B64E-C82B842FD755}
[2011/12/01 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0E9B603C-AAAF-4A63-8675-E143B712FFBC}
[2011/11/29 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{09EDB4B1-C581-43C9-8A7D-61DAC373E824}
[2011/11/29 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{67C03F73-A4CE-43CC-9A52-C548EE4490DC}
[2011/11/29 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{27ABEC86-B798-4D5F-B926-7F74B38CC30C}
[2011/11/29 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2A66CDDE-7327-406D-A174-5219F750FE1F}
[2011/11/29 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{8CC440A9-E593-44EB-9479-76F7F99C3E85}
[2011/11/29 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A4B01288-2899-4708-895C-3620472CC470}
[2011/11/29 12:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{9FBCD4CD-AEF2-4AAD-8DE9-D81949BF537E}
[2011/11/28 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE5C3D91-065F-4EA6-831E-14DF5689327F}
[2011/11/28 21:23:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{74C0B14D-71D4-4E47-A938-0A60BF639C1F}
[2011/11/28 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{76CA64BC-309A-4688-81B8-93261D8BFD6E}
[2011/11/28 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{26F91561-DAE7-4218-B93B-AE9E5F53025C}
[2011/11/28 12:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5574B743-69FA-4F77-8637-3E54A7C25B94}
[2011/11/28 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CA279F1D-1613-4A2F-BB34-9569C6061DEB}
[2011/11/28 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2449C7ED-4A37-440C-9D8A-068C2DA04118}
[2011/11/28 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D571DCFF-BFF2-4C1F-BBE7-2F8EE74C72ED}
[2011/11/27 12:41:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F6C34AC3-1E55-4FF6-989F-1C1B25A54EFE}
[2011/11/18 10:41:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6AB037E8-DF3D-4F7B-9966-EAA3FA6227CE}
[2011/11/18 10:40:54 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CC2FF359-9177-4D6D-A3DF-F4B29ED2A3BD}

========== Files - Modified Within 30 Days ==========

[2011/12/18 09:43:15 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/18 09:43:15 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/18 09:43:15 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/18 09:36:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 09:36:29 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 09:36:29 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 05:54:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 05:54:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/16 18:23:34 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/12/16 18:14:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:14:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:06:29 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 18:05:32 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 17:41:35 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:43:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:19 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:15 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\mbq.exe
[2011/12/09 23:26:52 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/08 17:38:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/08 17:28:32 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/27 12:28:10 | 467,453,007 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/12/16 18:23:34 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/12/14 13:46:22 | 000,012,886 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:22 | 000,012,886 | -HS- | C] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:19 | 000,334,336 | ---- | C] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:15 | 000,334,336 | ---- | C] () -- C:\Users\Kyle\AppData\Local\mbq.exe
[2011/12/09 23:26:58 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/09 23:26:58 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/08 17:28:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/29 12:57:43 | 000,171,933 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/11/03 15:38:32 | 000,188,584 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/22 19:26:19 | 000,000,262 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\iPod Access v4 Prefs
[2010/08/22 18:48:12 | 000,000,011 | -H-- | C] () -- C:\Users\Kyle\AppData\Roaming\iPodAccess_Time
[2010/08/17 16:11:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 12:36:05 | 000,012,800 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 12:04:30 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2010/04/09 07:33:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/04 08:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/04 07:12:36 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/15 02:57:06 | 000,418,008 | ---- | C] () -- C:\Windows\SysWow64\WuWUI.exe

========== Custom Scans ==========


< :OTL >

< O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell - "" = AutoRun >

< O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a >

< O37 - HKCU\...exe [@ = P8] -- "C:\Users\Kyle\AppData\Local\mbq.exe" -a "%1" %* () >

< [2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d >
Invalid Switch: 15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d


< [2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d >
Invalid Switch: 15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d


< [2011/12/14 13:46:19 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\kxw.exe >
Invalid Switch: 14 13:46:19 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\kxw.exe


< [2011/12/14 13:46:15 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\mbq.exe >
Invalid Switch: 14 13:46:15 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\mbq.exe


< >

< :FILES >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< :COMMANDS >

< [emptytemp] >

< End of report >

OTL logfile created on: 12/18/2011 9:46:51 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.58% Memory free
7.99 Gb Paging File | 6.40 Gb Available in Paging File | 80.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 240.68 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive E: | 983.72 Mb Total Space | 983.67 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: KYLES-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
PRC - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 03:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 11:13:14 | 002,823,512 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/04 06:59:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 21:28:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:28:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/14 21:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 04:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 20:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/05 04:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/07 16:11:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/06/27 21:56:15] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=18705"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kyle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 08:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 00:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\cartoonly

[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/11 09:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/22 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions
[2011/09/20 21:03:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/02/14 22:31:40 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/09/20 21:12:11 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/05/03 20:05:44 | 000,001,919 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\searchplugins\bing-zugo.xml
[2011/11/09 08:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/31 17:49:39 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/03 15:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2011/11/09 08:05:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/03 15:27:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/05/02 19:49:19 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/16 23:19:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 08:05:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...UGO&form=ZGACDF
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - Extension: Ask Toolbar = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoehmlbjgmbfaelmebaigekhbioa\7.13.1.0_0\
CHR - Extension: DealPly = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: GameVance = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: Click to call with Skype = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files (x86)\Gamevance\gvtl.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD34D9-1318-425C-8EFC-6EB2F54D2225}: DhcpNameServer = 129.82.103.78 129.82.103.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D36BC42B-7D0C-46CD-93A6-B11044DE2C82}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell - "" = AutoRun
O33 - MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = P8] -- "C:\Users\Kyle\AppData\Local\mbq.exe" -a "%1" %* ()


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 18:20:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2011/12/16 16:22:47 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\virus stuff kyle's pc
[2011/12/16 16:01:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:59:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/16 15:47:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/16 15:47:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/16 15:47:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/16 15:47:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 15:47:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 15:47:37 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/16 15:47:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/16 15:47:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/16 15:47:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 15:47:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 15:47:37 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 15:47:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 15:47:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/16 15:47:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/16 15:47:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/16 15:47:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 15:47:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/16 15:47:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D1D5E899-5101-4C1B-8785-697EF7B81B70}
[2011/12/13 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D58FAE80-F58B-4171-A0B6-7BD957D9EDC8}
[2011/12/12 20:04:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{13D91D55-C6F1-4029-B087-4317B596A93E}
[2011/12/12 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6106FBE5-CAD9-4C7D-B8B9-B83A3F77EFAA}
[2011/12/12 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{48E260B3-2171-4D60-8F64-111AE80D5DBF}
[2011/12/12 17:28:34 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0416EC56-77F5-4139-ABD3-1557BABF72A3}
[2011/12/12 15:05:07 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\HPAppData
[2011/12/11 21:13:21 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{DFBCEFA3-AC85-47E9-8FFA-F7C55F933908}
[2011/12/11 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{707D04E7-DAA7-47AC-91B8-247CE6DCEE88}
[2011/12/09 23:26:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Facebook
[2011/12/09 23:26:51 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/09 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{14101C58-AEE5-4A81-A3D2-EDBFDA13954D}
[2011/12/09 22:00:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{371A9E60-A33B-42D3-8AFC-CDA52EF1025A}
[2011/12/09 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{99A37BEB-178E-499B-A8C4-6037101A7770}
[2011/12/09 12:54:05 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{107660EC-8ED0-4E3C-BD8D-1A5494AF32AF}
[2011/12/09 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{E9F3C3C4-039C-4B17-ADD1-F2F55A6F224B}
[2011/12/09 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A282B329-EF04-4733-BB93-6332F70A84E2}
[2011/12/09 00:38:56 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{36826070-EFDA-4BFD-BABC-0A0712C6746F}
[2011/12/09 00:38:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{3D77CB17-DB58-40FC-9DC7-7904013B8207}
[2011/12/08 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{05C80FA5-4A03-42CB-AC96-3E92CC243383}
[2011/12/08 17:54:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FBC851D8-184C-461F-95A5-AD783F0726BA}
[2011/12/08 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{1A0CC857-ACCE-497A-9938-1BFA346C3FE6}
[2011/12/08 17:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{EAE6190F-872F-4410-9E2F-039AAB6B0B65}
[2011/12/08 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{77450128-3296-4EFE-9089-3C9E9C8DAAE5}
[2011/12/08 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/08 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/08 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{21AC24BB-3A74-4A34-9090-40AF7A2EA06A}
[2011/12/08 02:11:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{4235F61C-1001-45AF-884A-BFFD32159236}
[2011/12/06 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{82D5ED6E-F456-4848-9CCA-F2926A135534}
[2011/12/06 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6C530D1E-4F96-4236-A7F4-225F713B219C}
[2011/12/06 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F9316766-4BDB-40F3-AD9F-F6175C55E5D1}
[2011/12/06 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{18E5F051-B5CB-40CC-87E4-181A89F7B767}
[2011/12/06 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A1BC8882-1138-4227-ABB0-28DFE833FE1A}
[2011/12/06 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE2D48F2-8944-40E4-802C-5B8E264C774A}
[2011/12/06 14:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{37A1AFDC-BA5F-464B-BA00-EC6CCF3D7EE6}
[2011/12/06 14:35:23 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{47B5D6CA-40F7-4BD8-9BA5-1F4970F02CAE}
[2011/12/04 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5793B16C-FDFF-4427-A333-7040AF8A5148}
[2011/12/02 16:19:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FA0A57EC-175C-4630-B31A-40C407FBA459}
[2011/12/02 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CFA3F009-103A-4585-80D8-D3263690AA70}
[2011/12/01 20:49:53 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{68F3FDAC-96C4-43DF-B64E-C82B842FD755}
[2011/12/01 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0E9B603C-AAAF-4A63-8675-E143B712FFBC}
[2011/11/29 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{09EDB4B1-C581-43C9-8A7D-61DAC373E824}
[2011/11/29 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{67C03F73-A4CE-43CC-9A52-C548EE4490DC}
[2011/11/29 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{27ABEC86-B798-4D5F-B926-7F74B38CC30C}
[2011/11/29 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2A66CDDE-7327-406D-A174-5219F750FE1F}
[2011/11/29 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{8CC440A9-E593-44EB-9479-76F7F99C3E85}
[2011/11/29 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A4B01288-2899-4708-895C-3620472CC470}
[2011/11/29 12:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{9FBCD4CD-AEF2-4AAD-8DE9-D81949BF537E}
[2011/11/28 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE5C3D91-065F-4EA6-831E-14DF5689327F}
[2011/11/28 21:23:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{74C0B14D-71D4-4E47-A938-0A60BF639C1F}
[2011/11/28 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{76CA64BC-309A-4688-81B8-93261D8BFD6E}
[2011/11/28 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{26F91561-DAE7-4218-B93B-AE9E5F53025C}
[2011/11/28 12:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5574B743-69FA-4F77-8637-3E54A7C25B94}
[2011/11/28 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CA279F1D-1613-4A2F-BB34-9569C6061DEB}
[2011/11/28 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2449C7ED-4A37-440C-9D8A-068C2DA04118}
[2011/11/28 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D571DCFF-BFF2-4C1F-BBE7-2F8EE74C72ED}
[2011/11/27 12:41:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F6C34AC3-1E55-4FF6-989F-1C1B25A54EFE}
[2011/11/18 10:41:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6AB037E8-DF3D-4F7B-9966-EAA3FA6227CE}
[2011/11/18 10:40:54 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CC2FF359-9177-4D6D-A3DF-F4B29ED2A3BD}

========== Files - Modified Within 30 Days ==========

[2011/12/18 09:43:15 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/18 09:43:15 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/18 09:43:15 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/18 09:36:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 09:36:29 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 09:36:29 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 05:54:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 05:54:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/16 18:23:34 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/12/16 18:14:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:14:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:06:29 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 18:05:32 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 17:41:35 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:43:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:19 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:15 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\mbq.exe
[2011/12/09 23:26:52 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/08 17:38:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/08 17:28:32 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/27 12:28:10 | 467,453,007 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/12/16 18:23:34 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/12/14 13:46:22 | 000,012,886 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:22 | 000,012,886 | -HS- | C] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:19 | 000,334,336 | ---- | C] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:15 | 000,334,336 | ---- | C] () -- C:\Users\Kyle\AppData\Local\mbq.exe
[2011/12/09 23:26:58 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/09 23:26:58 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/08 17:28:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/29 12:57:43 | 000,171,933 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/11/03 15:38:32 | 000,188,584 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/22 19:26:19 | 000,000,262 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\iPod Access v4 Prefs
[2010/08/22 18:48:12 | 000,000,011 | -H-- | C] () -- C:\Users\Kyle\AppData\Roaming\iPodAccess_Time
[2010/08/17 16:11:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 12:36:05 | 000,012,800 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 12:04:30 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2010/04/09 07:33:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/04 08:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/04 07:12:36 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/15 02:57:06 | 000,418,008 | ---- | C] () -- C:\Windows\SysWow64\WuWUI.exe

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2010/04/04 09:39:29 | 000,003,282 | RH-- | M] () -- C:\dell.sdr
[2011/12/16 18:05:32 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 18:05:36 | 4291,145,728 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\*.* >
[2011/09/20 20:52:37 | 000,000,262 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\iPod Access v4 Prefs
[2010/08/22 18:48:12 | 000,000,011 | -H-- | M] () -- C:\Users\Kyle\AppData\Roaming\iPodAccess_Time

< %systemroot%\Tasks\*.job >
[2011/12/18 05:54:03 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 09:36:29 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 05:54:03 | 000,000,852 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 09:36:29 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job

< C:\ProgramData\*.* >
[2011/07/28 13:03:50 | 000,009,996 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d

< C:\Users\Kyle\AppData\Local\*.* >
[2011/05/22 19:43:43 | 000,012,800 | ---- | M] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 13:07:52 | 000,109,608 | ---- | M] () -- C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/12/16 17:29:16 | 001,581,275 | -H-- | M] () -- C:\Users\Kyle\AppData\Local\IconCache.db
[2011/12/15 16:29:03 | 000,012,886 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 13:46:19 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\kxw.exe
[2011/12/14 13:46:15 | 000,334,336 | ---- | M] () -- C:\Users\Kyle\AppData\Local\mbq.exe

< End of report >
  • 0

#7
Amlak
Posted 18 December 2011 - 03:08 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, please repeat both steps in my previous post and pay attention to the instructions for the first step. You were asked to click on Run Fix not Run Scan.
  • 0

#8
gweng
Posted 18 December 2011 - 07:47 PM

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Sorry about that. Here you go.


========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db5174b2-d7ff-11df-8bba-a4badb9d1ba7}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\P8\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Kyle\AppData\Local\ivxvcq4w1pxm8trh6uhg7v758u1d moved successfully.
C:\ProgramData\ivxvcq4w1pxm8trh6uhg7v758u1d moved successfully.
C:\Users\Kyle\AppData\Local\kxw.exe moved successfully.
C:\Users\Kyle\AppData\Local\mbq.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kyle\Desktop\cmd.bat deleted successfully.
C:\Users\Kyle\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptytemp> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 12182011_184142

OTL logfile created on: 12/18/2011 6:43:05 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 70.52% Memory free
7.99 Gb Paging File | 6.66 Gb Available in Paging File | 83.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 240.68 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive E: | 983.72 Mb Total Space | 983.56 Mb Free Space | 99.98% Space Free | Partition Type: FAT

Computer Name: KYLES-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
PRC - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 03:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 11:13:14 | 002,823,512 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/04 06:59:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 21:28:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:28:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/14 21:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 04:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 20:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/05 04:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/07 16:11:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/06/27 21:56:15] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=18705"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kyle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 08:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 00:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\cartoonly

[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/11 09:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/22 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions
[2011/09/20 21:03:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/02/14 22:31:40 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/09/20 21:12:11 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/05/03 20:05:44 | 000,001,919 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\searchplugins\bing-zugo.xml
[2011/11/09 08:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/31 17:49:39 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/03 15:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2011/11/09 08:05:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/03 15:27:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/05/02 19:49:19 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/16 23:19:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 08:05:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...UGO&form=ZGACDF
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - Extension: Ask Toolbar = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoehmlbjgmbfaelmebaigekhbioa\7.13.1.0_0\
CHR - Extension: DealPly = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: GameVance = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: Click to call with Skype = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files (x86)\Gamevance\gvtl.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD34D9-1318-425C-8EFC-6EB2F54D2225}: DhcpNameServer = 129.82.103.78 129.82.103.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D36BC42B-7D0C-46CD-93A6-B11044DE2C82}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 18:41:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/16 18:20:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2011/12/16 16:22:47 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\virus stuff kyle's pc
[2011/12/16 16:01:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:59:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/16 15:47:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/16 15:47:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/16 15:47:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/16 15:47:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 15:47:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 15:47:37 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/16 15:47:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/16 15:47:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/16 15:47:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 15:47:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 15:47:37 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 15:47:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 15:47:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/16 15:47:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/16 15:47:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/16 15:47:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 15:47:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/16 15:47:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D1D5E899-5101-4C1B-8785-697EF7B81B70}
[2011/12/13 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D58FAE80-F58B-4171-A0B6-7BD957D9EDC8}
[2011/12/12 20:04:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{13D91D55-C6F1-4029-B087-4317B596A93E}
[2011/12/12 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6106FBE5-CAD9-4C7D-B8B9-B83A3F77EFAA}
[2011/12/12 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{48E260B3-2171-4D60-8F64-111AE80D5DBF}
[2011/12/12 17:28:34 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0416EC56-77F5-4139-ABD3-1557BABF72A3}
[2011/12/12 15:05:07 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\HPAppData
[2011/12/11 21:13:21 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{DFBCEFA3-AC85-47E9-8FFA-F7C55F933908}
[2011/12/11 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{707D04E7-DAA7-47AC-91B8-247CE6DCEE88}
[2011/12/09 23:26:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Facebook
[2011/12/09 23:26:51 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/09 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{14101C58-AEE5-4A81-A3D2-EDBFDA13954D}
[2011/12/09 22:00:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{371A9E60-A33B-42D3-8AFC-CDA52EF1025A}
[2011/12/09 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{99A37BEB-178E-499B-A8C4-6037101A7770}
[2011/12/09 12:54:05 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{107660EC-8ED0-4E3C-BD8D-1A5494AF32AF}
[2011/12/09 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{E9F3C3C4-039C-4B17-ADD1-F2F55A6F224B}
[2011/12/09 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A282B329-EF04-4733-BB93-6332F70A84E2}
[2011/12/09 00:38:56 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{36826070-EFDA-4BFD-BABC-0A0712C6746F}
[2011/12/09 00:38:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{3D77CB17-DB58-40FC-9DC7-7904013B8207}
[2011/12/08 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{05C80FA5-4A03-42CB-AC96-3E92CC243383}
[2011/12/08 17:54:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FBC851D8-184C-461F-95A5-AD783F0726BA}
[2011/12/08 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{1A0CC857-ACCE-497A-9938-1BFA346C3FE6}
[2011/12/08 17:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{EAE6190F-872F-4410-9E2F-039AAB6B0B65}
[2011/12/08 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{77450128-3296-4EFE-9089-3C9E9C8DAAE5}
[2011/12/08 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/08 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/08 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{21AC24BB-3A74-4A34-9090-40AF7A2EA06A}
[2011/12/08 02:11:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{4235F61C-1001-45AF-884A-BFFD32159236}
[2011/12/06 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{82D5ED6E-F456-4848-9CCA-F2926A135534}
[2011/12/06 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6C530D1E-4F96-4236-A7F4-225F713B219C}
[2011/12/06 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F9316766-4BDB-40F3-AD9F-F6175C55E5D1}
[2011/12/06 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{18E5F051-B5CB-40CC-87E4-181A89F7B767}
[2011/12/06 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A1BC8882-1138-4227-ABB0-28DFE833FE1A}
[2011/12/06 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE2D48F2-8944-40E4-802C-5B8E264C774A}
[2011/12/06 14:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{37A1AFDC-BA5F-464B-BA00-EC6CCF3D7EE6}
[2011/12/06 14:35:23 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{47B5D6CA-40F7-4BD8-9BA5-1F4970F02CAE}
[2011/12/04 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5793B16C-FDFF-4427-A333-7040AF8A5148}
[2011/12/02 16:19:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FA0A57EC-175C-4630-B31A-40C407FBA459}
[2011/12/02 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CFA3F009-103A-4585-80D8-D3263690AA70}
[2011/12/01 20:49:53 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{68F3FDAC-96C4-43DF-B64E-C82B842FD755}
[2011/12/01 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0E9B603C-AAAF-4A63-8675-E143B712FFBC}
[2011/11/29 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{09EDB4B1-C581-43C9-8A7D-61DAC373E824}
[2011/11/29 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{67C03F73-A4CE-43CC-9A52-C548EE4490DC}
[2011/11/29 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{27ABEC86-B798-4D5F-B926-7F74B38CC30C}
[2011/11/29 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2A66CDDE-7327-406D-A174-5219F750FE1F}
[2011/11/29 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{8CC440A9-E593-44EB-9479-76F7F99C3E85}
[2011/11/29 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A4B01288-2899-4708-895C-3620472CC470}
[2011/11/29 12:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{9FBCD4CD-AEF2-4AAD-8DE9-D81949BF537E}
[2011/11/28 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE5C3D91-065F-4EA6-831E-14DF5689327F}
[2011/11/28 21:23:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{74C0B14D-71D4-4E47-A938-0A60BF639C1F}
[2011/11/28 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{76CA64BC-309A-4688-81B8-93261D8BFD6E}
[2011/11/28 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{26F91561-DAE7-4218-B93B-AE9E5F53025C}
[2011/11/28 12:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5574B743-69FA-4F77-8637-3E54A7C25B94}
[2011/11/28 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CA279F1D-1613-4A2F-BB34-9569C6061DEB}
[2011/11/28 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2449C7ED-4A37-440C-9D8A-068C2DA04118}
[2011/11/28 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D571DCFF-BFF2-4C1F-BBE7-2F8EE74C72ED}
[2011/11/27 12:41:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F6C34AC3-1E55-4FF6-989F-1C1B25A54EFE}

========== Files - Modified Within 30 Days ==========

[2011/12/18 18:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 17:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 17:34:48 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 09:43:15 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/18 09:43:15 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/18 09:43:15 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/18 05:54:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 05:54:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/16 18:23:34 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/12/16 18:14:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:14:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 18:06:29 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 18:05:32 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 17:41:35 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:43:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/12/09 23:26:52 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/08 17:38:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/08 17:28:32 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/27 12:28:10 | 467,453,007 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/12/16 18:23:34 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/12/09 23:26:58 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/09 23:26:58 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/08 17:28:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/29 12:57:43 | 000,171,933 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/11/03 15:38:32 | 000,188,584 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/22 19:26:19 | 000,000,262 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\iPod Access v4 Prefs
[2010/08/22 18:48:12 | 000,000,011 | -H-- | C] () -- C:\Users\Kyle\AppData\Roaming\iPodAccess_Time
[2010/08/17 16:11:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 12:36:05 | 000,012,800 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 12:04:30 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2010/04/09 07:33:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/04 08:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/04 07:12:36 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/15 02:57:06 | 000,418,008 | ---- | C] () -- C:\Windows\SysWow64\WuWUI.exe

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/04 09:39:29 | 000,003,282 | RH-- | M] () -- C:\dell.sdr
[2011/12/16 18:05:32 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 18:05:36 | 4291,145,728 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\*.* >
[2011/09/20 20:52:37 | 000,000,262 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\iPod Access v4 Prefs
[2010/08/22 18:48:12 | 000,000,011 | -H-- | M] () -- C:\Users\Kyle\AppData\Roaming\iPodAccess_Time

< %systemroot%\Tasks\*.job >
[2011/12/18 05:54:03 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 17:34:48 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/18 05:54:03 | 000,000,852 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 18:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job

< C:\ProgramData\*.* >
[2011/07/28 13:03:50 | 000,009,996 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< C:\Users\Kyle\AppData\Local\*.* >
[2011/05/22 19:43:43 | 000,012,800 | ---- | M] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 13:07:52 | 000,109,608 | ---- | M] () -- C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/12/16 17:29:16 | 001,581,275 | -H-- | M] () -- C:\Users\Kyle\AppData\Local\IconCache.db

< End of report >
  • 0

#9
Amlak
Posted 18 December 2011 - 09:58 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Still having problems with your system?
  • 0

#10
gweng
Posted 19 December 2011 - 10:57 AM

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Everything appears to be working fine now. Thank you for your help.
  • 0

Advertisements

#11
Amlak
Posted 19 December 2011 - 04:41 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
No worries. Just a couple more things before we declare your system clean.

Could you please post the contents of the Extras.txt log? It should be located somewhere on your Desktop.
  • 0

#12
gweng
Posted 21 December 2011 - 09:55 AM

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Looks like we're back to square one. When you asked if the system was running okay, I assumed you thought it was clean and wanted me to test it. My son started using it again. Win 7 Home Security 2012 popped up again when he was adding music to his itunes library. Here is a new OTL.txt log. I don't see an extras.txt log this time.

OTL logfile created on: 12/21/2011 8:46:47 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.43% Memory free
7.99 Gb Paging File | 6.24 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 239.58 Gb Free Space | 53.11% Space Free | Partition Type: NTFS

Computer Name: KYLES-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 18:42:05 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\Users\Kyle\AppData\Local\rxi.exe
PRC - [2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
PRC - [2011/09/18 11:27:32 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 21:28:59 | 000,223,912 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
PRC - [2011/06/09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/09 11:58:14 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/07 16:11:28 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 17:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 06:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 16:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:37:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/12 02:37:02 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/12 02:36:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 03:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/06/28 21:28:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 14:52:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/20 11:13:14 | 002,823,512 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/04 06:59:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/15 02:57:04 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 21:28:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 21:28:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/14 21:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 04:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 20:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/05 04:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/07 16:11:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/06/27 21:56:15] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=18705"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kyle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 08:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 00:45:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 13:03:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\cartoonly

[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2010/08/29 15:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/11 09:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/22 09:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions
[2011/09/20 21:03:19 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/02/14 22:31:40 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/09/20 21:12:11 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\extensions\[email protected]
[2011/05/03 20:05:44 | 000,001,919 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hhi5aued.default\searchplugins\bing-zugo.xml
[2011/11/09 08:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/31 17:49:39 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/03 15:27:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/01/28 17:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2011/11/09 08:05:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/03 15:27:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/05/02 19:49:19 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/16 23:19:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 08:05:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...UGO&form=ZGACDF
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - Extension: Ask Toolbar = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoehmlbjgmbfaelmebaigekhbioa\7.13.1.0_0\
CHR - Extension: DealPly = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: GameVance = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: Click to call with Skype = C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files (x86)\Gamevance\gvtl.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD34D9-1318-425C-8EFC-6EB2F54D2225}: DhcpNameServer = 129.82.103.78 129.82.103.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D36BC42B-7D0C-46CD-93A6-B11044DE2C82}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 6v] -- "C:\Users\Kyle\AppData\Local\rxi.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 18:42:05 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Users\Kyle\AppData\Local\rxi.exe
[2011/12/19 12:55:44 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{88007320-0AD4-4012-8AD5-B7BD1645D876}
[2011/12/19 12:55:33 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{8F691F16-AB98-489A-8B82-945264B4FDC0}
[2011/12/18 18:41:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/16 16:22:47 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\virus stuff kyle's pc
[2011/12/16 16:01:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/16 15:47:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/16 15:47:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/16 15:47:38 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/16 15:47:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 15:47:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 15:47:37 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/16 15:47:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/16 15:47:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/16 15:47:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 15:47:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 15:47:37 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 15:47:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 15:47:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/16 15:47:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/16 15:47:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/16 15:47:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 15:47:23 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/16 15:47:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 11:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D1D5E899-5101-4C1B-8785-697EF7B81B70}
[2011/12/13 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D58FAE80-F58B-4171-A0B6-7BD957D9EDC8}
[2011/12/12 20:04:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{13D91D55-C6F1-4029-B087-4317B596A93E}
[2011/12/12 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6106FBE5-CAD9-4C7D-B8B9-B83A3F77EFAA}
[2011/12/12 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{48E260B3-2171-4D60-8F64-111AE80D5DBF}
[2011/12/12 17:28:34 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0416EC56-77F5-4139-ABD3-1557BABF72A3}
[2011/12/11 21:13:21 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{DFBCEFA3-AC85-47E9-8FFA-F7C55F933908}
[2011/12/11 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{707D04E7-DAA7-47AC-91B8-247CE6DCEE88}
[2011/12/09 23:26:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Facebook
[2011/12/09 23:26:51 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/09 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{14101C58-AEE5-4A81-A3D2-EDBFDA13954D}
[2011/12/09 22:00:45 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{371A9E60-A33B-42D3-8AFC-CDA52EF1025A}
[2011/12/09 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{99A37BEB-178E-499B-A8C4-6037101A7770}
[2011/12/09 12:54:05 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{107660EC-8ED0-4E3C-BD8D-1A5494AF32AF}
[2011/12/09 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{E9F3C3C4-039C-4B17-ADD1-F2F55A6F224B}
[2011/12/09 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A282B329-EF04-4733-BB93-6332F70A84E2}
[2011/12/09 00:38:56 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{36826070-EFDA-4BFD-BABC-0A0712C6746F}
[2011/12/09 00:38:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{3D77CB17-DB58-40FC-9DC7-7904013B8207}
[2011/12/08 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{05C80FA5-4A03-42CB-AC96-3E92CC243383}
[2011/12/08 17:54:59 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FBC851D8-184C-461F-95A5-AD783F0726BA}
[2011/12/08 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{1A0CC857-ACCE-497A-9938-1BFA346C3FE6}
[2011/12/08 17:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{EAE6190F-872F-4410-9E2F-039AAB6B0B65}
[2011/12/08 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{77450128-3296-4EFE-9089-3C9E9C8DAAE5}
[2011/12/08 17:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/08 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/08 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/08 17:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/08 02:12:04 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{21AC24BB-3A74-4A34-9090-40AF7A2EA06A}
[2011/12/08 02:11:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{4235F61C-1001-45AF-884A-BFFD32159236}
[2011/12/06 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{82D5ED6E-F456-4848-9CCA-F2926A135534}
[2011/12/06 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{6C530D1E-4F96-4236-A7F4-225F713B219C}
[2011/12/06 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F9316766-4BDB-40F3-AD9F-F6175C55E5D1}
[2011/12/06 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{18E5F051-B5CB-40CC-87E4-181A89F7B767}
[2011/12/06 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A1BC8882-1138-4227-ABB0-28DFE833FE1A}
[2011/12/06 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE2D48F2-8944-40E4-802C-5B8E264C774A}
[2011/12/06 14:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{37A1AFDC-BA5F-464B-BA00-EC6CCF3D7EE6}
[2011/12/06 14:35:23 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{47B5D6CA-40F7-4BD8-9BA5-1F4970F02CAE}
[2011/12/04 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5793B16C-FDFF-4427-A333-7040AF8A5148}
[2011/12/02 16:19:19 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{FA0A57EC-175C-4630-B31A-40C407FBA459}
[2011/12/02 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CFA3F009-103A-4585-80D8-D3263690AA70}
[2011/12/01 20:49:53 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{68F3FDAC-96C4-43DF-B64E-C82B842FD755}
[2011/12/01 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{0E9B603C-AAAF-4A63-8675-E143B712FFBC}
[2011/11/29 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{09EDB4B1-C581-43C9-8A7D-61DAC373E824}
[2011/11/29 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{67C03F73-A4CE-43CC-9A52-C548EE4490DC}
[2011/11/29 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{27ABEC86-B798-4D5F-B926-7F74B38CC30C}
[2011/11/29 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2A66CDDE-7327-406D-A174-5219F750FE1F}
[2011/11/29 13:24:30 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{8CC440A9-E593-44EB-9479-76F7F99C3E85}
[2011/11/29 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{A4B01288-2899-4708-895C-3620472CC470}
[2011/11/29 12:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{9FBCD4CD-AEF2-4AAD-8DE9-D81949BF537E}
[2011/11/28 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{AE5C3D91-065F-4EA6-831E-14DF5689327F}
[2011/11/28 21:23:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{74C0B14D-71D4-4E47-A938-0A60BF639C1F}
[2011/11/28 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{76CA64BC-309A-4688-81B8-93261D8BFD6E}
[2011/11/28 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{26F91561-DAE7-4218-B93B-AE9E5F53025C}
[2011/11/28 12:39:41 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{5574B743-69FA-4F77-8637-3E54A7C25B94}
[2011/11/28 12:39:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{CA279F1D-1613-4A2F-BB34-9569C6061DEB}
[2011/11/28 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{2449C7ED-4A37-440C-9D8A-068C2DA04118}
[2011/11/28 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{D571DCFF-BFF2-4C1F-BBE7-2F8EE74C72ED}
[2011/11/27 12:41:43 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\{F6C34AC3-1E55-4FF6-989F-1C1B25A54EFE}

========== Files - Modified Within 30 Days ==========

[2011/12/21 08:47:09 | 000,009,712 | -HS- | M] () -- C:\Users\Kyle\AppData\Local\1e01ns5b52v572
[2011/12/21 08:47:09 | 000,009,712 | -HS- | M] () -- C:\ProgramData\1e01ns5b52v572
[2011/12/21 08:46:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 08:46:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 08:39:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/21 08:38:42 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 18:42:05 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\Users\Kyle\AppData\Local\rxi.exe
[2011/12/20 18:39:32 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/20 18:32:28 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/20 02:11:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/20 01:04:22 | 450,806,635 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/19 05:55:35 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/18 09:43:15 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/18 09:43:15 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/18 09:43:15 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/16 18:06:29 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 16:00:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.com
[2011/12/09 23:26:52 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Kyle\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/12/08 17:38:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/08 17:28:32 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/12/20 18:42:12 | 000,009,712 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\1e01ns5b52v572
[2011/12/20 18:42:12 | 000,009,712 | -HS- | C] () -- C:\ProgramData\1e01ns5b52v572
[2011/12/09 23:26:58 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001UA.job
[2011/12/09 23:26:58 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-697939985-1200249214-131175403-1001Core.job
[2011/12/08 17:28:32 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/29 12:57:43 | 000,171,933 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/11/03 15:38:32 | 000,188,584 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/22 19:26:19 | 000,000,262 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\iPod Access v4 Prefs
[2010/08/22 18:48:12 | 000,000,011 | -H-- | C] () -- C:\Users\Kyle\AppData\Roaming\iPodAccess_Time
[2010/08/17 16:11:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 12:36:05 | 000,012,800 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 12:04:30 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2010/04/09 07:33:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/04 08:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/04 07:12:36 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/15 02:57:06 | 000,418,008 | ---- | C] () -- C:\Windows\SysWow64\WuWUI.exe

< End of report >
  • 0

#13
Amlak
Posted 21 December 2011 - 04:28 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
What exactly did your son do? Did he use an external device to add music?
  • 0

#14
gweng
Posted 21 December 2011 - 04:53 PM

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
He was downloading a *.rar file from goodmusicallday.com. The first time he had just downloaded the newest version of itunes.
  • 0

#15
gweng
Posted 22 December 2011 - 11:19 AM

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I still need help with this please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP