[smwheel]

My computer was infected with the windows 7 security malware. I was able to fix that with antimalware I think but then had problems with web searches be redirected and not being able to run antimalware or avast. I was unalbe to open microsoft programs. I started computer in safe mode and ran antimalware and fixed one infection. Rebooted and ran antimalware again -- found nothing, but avast found 6 -- moved 3 to chest -- 3 still remain. I am geting frequent block alerts from avast but can get to web pages and programs.

OTL quick scan

OTL logfile created on: 12/22/2011 8:54:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\w Desktop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 75.02% Memory free
15.73 Gb Paging File | 13.60 Gb Available in Paging File | 86.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.82 Gb Total Space | 627.76 Gb Free Space | 68.03% Space Free | Partition Type: NTFS
Drive D: | 587.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.39 Gb Total Space | 2.29 Gb Free Space | 30.96% Space Free | Partition Type: FAT32
Drive I: | 62.53 Mb Total Space | 60.63 Mb Free Space | 96.97% Space Free | Partition Type: FAT

Computer Name: wDESKTOP | User Name: w Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 20:38:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\w Desktop\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/03 19:21:30 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/12 14:58:50 | 002,697,656 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/10/08 11:46:48 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/30 10:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/17 10:47:46 | 000,776,704 | ---- | M] (BodyMedia, Inc.) -- C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
PRC - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/12/29 15:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 02:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/10 15:53:52 | 000,372,736 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
PRC - [2009/07/10 15:50:36 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:35:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/12 02:35:08 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/12 02:35:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/07/09 06:22:14 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2009/10/15 02:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 02:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/27 23:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/07/10 15:50:24 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/17 01:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/30 10:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/13 13:39:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/21 20:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 20:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 22:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/04/30 05:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 05:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/01 21:18:38 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/04/28 23:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 20:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/16 05:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/14 21:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/27 06:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 17:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/15 13:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 13:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/11/14 13:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 03:11:39 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 03:11:39 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111128.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/03 22:12:59 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111128.036\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 22:12:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111128.036\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/31 12:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/11 02:25:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/12/22 07:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 03:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files (x86)\Virtual Account Numbers [2011/04/04 19:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/03 19:22:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/31 12:24:36 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\w Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\

O1 HOSTS File: ([2011/12/13 07:15:31 | 000,001,283 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.231 www.google-analytics.com.
O1 - Hosts: 66.197.194.231 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.231 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - Startup: C:\Users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6180F3B-3E9C-4BBD-A620-B5D6EDEFC674}: DhcpNameServer = 163.244.194.254 163.244.212.254 163.244.194.42 163.244.199.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B474B7DD-81DB-4916-BD7E-1F9FBACC7AE1}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL) -C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/28 08:29:17 | 000,000,055 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{32120056-b0f9-11e0-a125-a4badbe38809}\Shell - "" = AutoRun
O33 - MountPoints2\{32120056-b0f9-11e0-a125-a4badbe38809}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9f054cb8-62dc-11df-a708-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9f054cb8-62dc-11df-a708-806e6f6e6963}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{aee6878e-5ed6-11df-8603-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aee6878e-5ed6-11df-8603-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2008/03/27 08:18:58 | 001,193,472 | R--- | M] (ResMed)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 20:38:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\w Desktop\Desktop\OTL.exe
[2011/12/22 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{91789515-9C62-4FAB-95FD-3468991C75D6}
[2011/12/22 07:31:28 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{93A63ADF-8B91-480F-AC58-A0257B430247}
[2011/12/22 07:30:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{A960758C-0B0E-4246-9B2B-7238A98756EF}
[2011/12/21 07:21:34 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/21 07:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/21 07:21:33 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/21 07:21:30 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/21 07:21:29 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/21 07:21:27 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/21 07:21:20 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/21 07:21:19 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/21 07:19:41 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/21 07:19:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/21 07:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/21 07:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/20 06:26:17 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/19 20:12:36 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{7FD13830-6538-4FD8-9D8C-F7A8E40515DD}
[2011/12/19 08:11:54 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{194A071D-006F-466C-9FFF-0912DE5D3DD8}
[2011/12/18 20:11:19 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{D4F80CC6-469D-4222-8DF1-F00B77867372}
[2011/12/18 08:10:43 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{A05147AD-8FF0-41F1-AB7E-7A35E774C76D}
[2011/12/17 20:04:44 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{F7465644-3D9B-4C3A-8FE6-DC1482D8020A}
[2011/12/17 08:04:08 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{EBDF7378-162A-4931-A1F5-AC4ED15CE47A}
[2011/12/16 20:03:33 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{0DC1B842-CF62-4D02-9A1F-248CCB37252D}
[2011/12/16 08:02:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{AB088650-1C3C-45C9-8950-E9E71DA04213}
[2011/12/15 20:02:23 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{6EFB4ED5-E041-4FBD-B3D6-4062126512F3}
[2011/12/15 08:01:48 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{04B85652-8178-4212-8BEC-CA8283CA45ED}
[2011/12/14 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{779DBC70-4820-4A08-AA41-C44F714A4980}
[2011/12/14 08:00:39 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{79CF5482-EA61-4D5D-8477-DEB22FB0F527}
[2011/12/14 08:00:16 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{4445CD31-CEBC-4A28-BF1A-53FAF32FF01E}
[2011/12/13 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Roaming\Malwarebytes
[2011/12/13 21:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/13 21:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/13 21:07:15 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/13 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/13 20:48:53 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{BF543E5C-5989-4C5C-97BD-B2A9566665C4}
[2011/12/13 20:48:26 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{62EF343B-9CB0-42CB-A4CA-1618D88C12ED}
[2011/12/13 19:59:51 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{37DE7AFD-E0DF-4467-BAD2-7BB30AE2B9F1}
[2011/12/13 06:44:42 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{4E1F2B8A-373F-47C1-BC3F-C5135DBF318A}
[2011/12/13 06:44:15 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{74569BB2-B798-46E3-9952-562AFA0F49AA}
[2011/12/12 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{682CB2AF-3581-4767-8CAE-868FD15E147F}
[2011/12/11 23:02:43 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{441D5172-747A-48FA-A3F0-E0B061CCCEF1}
[2011/12/11 11:02:19 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{3319A4D7-FA31-41BE-87A0-A8F7D8B69A25}
[2011/12/10 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{AFF9F65C-4E1C-43C6-9859-8B9A9F038CFE}
[2011/12/10 10:10:16 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{220C6312-504A-4C06-92A1-4DA8C3C54DFE}
[2011/12/09 22:09:41 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{AB40D4A8-53E1-4CFB-AF18-A70D1ADE0FC4}
[2011/12/09 06:10:16 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{97C14A80-1B84-45F4-BAFA-AD622902C338}
[2011/12/08 17:30:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{6FB196C2-8EE2-4EE0-BA09-05A36ADAEE35}
[2011/12/07 20:21:30 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8AF1934B-6E81-4BF8-BE61-42CDCE70B0FE}
[2011/12/07 07:26:54 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{5B58FA44-7B80-496A-B1B1-E9A11E6D9F64}
[2011/12/06 19:26:19 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{7AE836E9-993C-478B-9864-5DDF878870E1}
[2011/12/05 21:36:36 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{9AB290CC-3B2E-48CB-B180-65744E717BEE}
[2011/12/05 07:58:10 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{2BE84676-65CE-466F-82A4-BE3CCCF2566C}
[2011/12/04 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{3207E7E6-F42E-43D4-A533-F9139641A3FF}
[2011/12/03 18:32:32 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{90E55CC1-C77C-43AF-AE11-DDED54EB781D}
[2011/12/03 06:31:56 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{0C009143-3BDB-48C1-ABCB-0E1CE7A08490}
[2011/12/02 07:52:34 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{3919A5CB-6CEB-464C-9152-785D0A362B90}
[2011/12/01 19:51:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8FD2BBD8-1ECC-4C80-BB1B-755CCEF5E552}
[2011/11/30 19:08:18 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{9CEAA3AA-6D2C-40D5-BA9D-3B381F7EE750}
[2011/11/30 07:07:43 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8FEB1F6F-5659-49AE-BBFA-9CA54F177E37}
[2011/11/29 19:07:08 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{44A3786D-491F-4B8F-BA0B-02BD4C085C39}
[2011/11/29 06:21:14 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{C649C701-4B0D-4F74-9724-8E989865B8E3}
[2011/11/28 14:19:32 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{FE099520-C809-4BDF-8462-8DDDD6829300}
[2011/11/27 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{B0BE945C-4B5B-44B1-B216-19FB2BA6B637}
[2011/11/27 09:20:46 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{19A6D204-A269-4435-8BC2-0F0B9C865366}
[2011/11/26 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{0F598915-7B34-4210-900C-5D74A83202FD}
[2011/11/26 09:19:46 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{CF035B4C-E70D-44D5-A5C6-30CDD2D0FC04}
[2011/11/25 21:19:11 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8CA626C5-9178-4719-9EDD-8B86CA1B23B6}
[2011/11/25 09:18:35 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{19177B91-DE37-4042-BF5F-EB0DA02A081C}
[2011/11/24 21:18:11 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{B08B6D9C-64A5-4B78-8892-E986ABD7B0F2}
[2011/11/23 09:55:07 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{644011A3-659C-4B19-B615-6005DB81DE86}
[2011/11/22 21:54:32 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{D7DD213E-72CD-4968-8789-B1A5FF78630D}
[2011/11/22 21:54:09 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{683B5A46-25D4-4788-B2D5-42C7BD67C0A9}

========== Files - Modified Within 30 Days ==========

[2011/12/22 20:38:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\w Desktop\Desktop\OTL.exe
[2011/12/22 20:32:49 | 3867,960,320 | ---- | M] () -- C:\Users\w Desktop\Desktop\Outlook.pst
[2011/12/22 20:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/22 18:54:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/22 18:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 07:38:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 07:38:41 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 07:34:44 | 000,001,940 | ---- | M] () -- C:\Users\w Desktop\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/12/22 07:28:54 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 06:31:45 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/22 06:31:45 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/22 06:31:45 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/21 07:21:35 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/21 07:21:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/19 07:11:27 | 000,001,283 | ---- | M] () -- C:\Users\w Desktop\Desktop\MyPublisher.lnk
[2011/12/14 18:57:49 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/14 03:23:16 | 000,351,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 21:07:20 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 20:56:57 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/13 20:47:08 | 000,012,980 | -HS- | M] () -- C:\Users\w Desktop\AppData\Local\405635u2t127e105x827k4iov7g3
[2011/12/13 20:47:08 | 000,012,980 | -HS- | M] () -- C:\ProgramData\405635u2t127e105x827k4iov7g3
[2011/12/13 07:15:31 | 000,001,283 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/30 06:56:55 | 000,477,057 | ---- | M] () -- C:\Users\w Desktop\Desktop\www_radissonbignightgiveaway_com.mht
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/12/22 06:31:45 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/21 07:21:34 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/21 07:21:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/20 06:26:06 | 000,012,980 | -HS- | C] () -- C:\Users\w Desktop\AppData\Local\405635u2t127e105x827k4iov7g3
[2011/12/20 06:26:06 | 000,012,980 | -HS- | C] () -- C:\ProgramData\405635u2t127e105x827k4iov7g3
[2011/12/19 07:11:27 | 000,001,283 | ---- | C] () -- C:\Users\w Desktop\Desktop\MyPublisher.lnk
[2011/12/19 07:11:26 | 000,001,313 | ---- | C] () -- C:\Users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPublisher.lnk
[2011/12/13 21:07:19 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 06:56:53 | 000,477,057 | ---- | C] () -- C:\Users\w Desktop\Desktop\www_radissonbignightgiveaway_com.mht
[2011/05/18 18:01:40 | 000,001,940 | ---- | C] () -- C:\Users\w Desktop\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/02 20:47:26 | 000,221,393 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011/05/02 20:47:26 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/03/19 07:30:42 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/12/19 15:18:58 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll
[2010/07/31 12:20:43 | 000,220,556 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/07/31 12:20:43 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/05/18 20:30:25 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/25 19:20:08 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\Blackberry Desktop
[2011/01/24 06:42:15 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\BodyMedia
[2011/02/08 06:56:00 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\ICAClient
[2011/09/21 21:47:37 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\Leadertech
[2011/08/10 19:20:52 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\MyPublisher
[2011/03/06 07:37:44 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\PCDr
[2011/09/25 19:18:02 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\Research In Motion
[2011/09/26 16:25:25 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\TeamViewer
[2011/09/20 20:50:52 | 000,000,000 | ---D | M] -- C:\Users\w Desktop\AppData\Roaming\Windows Live Writer
[2009/07/13 23:08:49 | 000,019,192 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[Advertisements]

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:

• Click on the Start button and then choose Control Panel.
• Click on the System and Security link.
  
  Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
• In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
• In the Administrative Tools window, double-click on the Computer Management icon.
• When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
  
  After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
  
  Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron

[RKinner]

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:

• Click on the Start button and then choose Control Panel.
• Click on the System and Security link.
  
  Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
• In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
• In the Administrative Tools window, double-click on the Computer Management icon.
• When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
  
  After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
  
  Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron

[smwheel]

Ran combofix - was seeing several stages completing. Next time screen was black -- stayed there rebooted to safe mode and then log created
ComboFix 11-12-23.01 - w Desktop 12/23/2011 5:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8055.6512 [GMT -6:00]
Running from: c:\users\w Desktop\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\w Desktop\R114874.EXE
c:\users\w Desktop\R66602.EXE
c:\users\w Desktop\R70165.EXE
c:\users\w Desktop\R73044.EXE
c:\users\w Desktop\R74546.EXE
c:\users\w Desktop\R76737.EXE
c:\users\w Desktop\R78499.EXE
c:\windows\system32\java.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 12:02 . 2011-12-23 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-23 02:33 . 2011-12-23 02:33 -------- d-----w- C:\## aswSnx private storage
2011-12-21 13:21 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-21 13:21 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-21 13:21 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-21 13:21 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-21 13:21 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-21 13:21 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-21 13:21 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-21 13:19 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-21 13:19 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-21 13:19 . 2011-12-21 13:19 -------- d-----w- c:\programdata\AVAST Software
2011-12-21 13:19 . 2011-12-21 13:19 -------- d-----w- c:\program files\AVAST Software
2011-12-14 03:07 . 2011-12-14 03:07 -------- d-----w- c:\users\w Desktop\AppData\Roaming\Malwarebytes
2011-12-14 03:07 . 2011-12-14 03:07 -------- d-----w- c:\programdata\Malwarebytes
2011-12-14 03:07 . 2011-12-14 03:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-14 03:07 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-14 02:12 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 02:12 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 02:12 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 02:12 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 02:12 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 01:21 . 2010-05-13 19:41 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-04 01:21 . 2010-05-13 19:41 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-08 17:46 . 2011-07-01 01:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:24 . 2011-11-09 03:33 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-27 02:12 . 2011-09-27 02:12 53248 ----a-r- c:\users\w Desktop\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-09-27 00:39 . 2011-09-27 00:39 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-19 39408]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2011-10-12 2697656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ConnectionCenter"="c:\users\w Desktop\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-04 273528]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BodyMedia Sync.lnk - c:\program files (x86)\BodyMedia\Sync\BodyMediaSync.exe [2011-8-17 776704]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111128.030\IDSvia64.sys [2011-08-23 488568]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-09 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 135664]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 08:25]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 08:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"combofix"="c:\combofix\CF17414.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF17414.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-23 06:30:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-23 12:30
.
Pre-Run: 677,295,210,496 bytes free
Post-Run: 676,276,379,648 bytes free
.
- - End Of File - - 63C7246C7F2AE0E428F4728C43FCB3D2

Edited by smwheel, 23 December 2011 - 06:44 AM.

[smwheel]

tddsskiller log

06:45:44.0262 5936 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
06:45:44.0605 5936 ============================================================
06:45:44.0605 5936 Current date / time: 2011/12/23 06:45:44.0605
06:45:44.0605 5936 SystemInfo:
06:45:44.0605 5936
06:45:44.0605 5936 OS Version: 6.1.7600 ServicePack: 0.0
06:45:44.0605 5936 Product type: Workstation
06:45:44.0605 5936 ComputerName: wDESKTOP
06:45:44.0605 5936 UserName: w Desktop
06:45:44.0605 5936 Windows directory: C:\Windows
06:45:44.0605 5936 System windows directory: C:\Windows
06:45:44.0605 5936 Running under WOW64
06:45:44.0605 5936 Processor architecture: Intel x64
06:45:44.0605 5936 Number of processors: 4
06:45:44.0605 5936 Page size: 0x1000
06:45:44.0605 5936 Boot type: Normal boot
06:45:44.0605 5936 ============================================================
06:45:45.0790 5936 Initialize success
06:46:08.0192 6052 ============================================================
06:46:08.0192 6052 Scan started
06:46:08.0192 6052 Mode: Manual;
06:46:08.0192 6052 ============================================================
06:46:09.0050 6052 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
06:46:09.0050 6052 1394ohci - ok
06:46:09.0097 6052 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
06:46:09.0097 6052 ACPI - ok
06:46:09.0112 6052 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
06:46:09.0112 6052 AcpiPmi - ok
06:46:09.0128 6052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:46:09.0144 6052 adp94xx - ok
06:46:09.0159 6052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:46:09.0159 6052 adpahci - ok
06:46:09.0190 6052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:46:09.0190 6052 adpu320 - ok
06:46:09.0315 6052 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
06:46:09.0331 6052 AFD - ok
06:46:09.0331 6052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
06:46:09.0346 6052 agp440 - ok
06:46:09.0378 6052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
06:46:09.0378 6052 aliide - ok
06:46:09.0409 6052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
06:46:09.0409 6052 amdide - ok
06:46:09.0424 6052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:46:09.0424 6052 AmdK8 - ok
06:46:09.0440 6052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:46:09.0440 6052 AmdPPM - ok
06:46:09.0502 6052 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
06:46:09.0502 6052 amdsata - ok
06:46:09.0518 6052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:46:09.0534 6052 amdsbs - ok
06:46:09.0565 6052 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
06:46:09.0565 6052 amdxata - ok
06:46:09.0612 6052 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
06:46:09.0612 6052 AppID - ok
06:46:09.0658 6052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:46:09.0658 6052 arc - ok
06:46:09.0674 6052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:46:09.0690 6052 arcsas - ok
06:46:09.0721 6052 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
06:46:09.0721 6052 aswFsBlk - ok
06:46:09.0768 6052 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
06:46:09.0768 6052 aswMonFlt - ok
06:46:09.0814 6052 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
06:46:09.0814 6052 aswRdr - ok
06:46:09.0861 6052 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
06:46:09.0861 6052 aswSnx - ok
06:46:09.0908 6052 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
06:46:09.0908 6052 aswSP - ok
06:46:09.0955 6052 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
06:46:09.0955 6052 aswTdi - ok
06:46:09.0970 6052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:46:09.0970 6052 AsyncMac - ok
06:46:10.0002 6052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
06:46:10.0002 6052 atapi - ok
06:46:10.0080 6052 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
06:46:10.0111 6052 athr - ok
06:46:10.0189 6052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:46:10.0204 6052 b06bdrv - ok
06:46:10.0236 6052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:46:10.0251 6052 b57nd60a - ok
06:46:10.0267 6052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:46:10.0267 6052 Beep - ok
06:46:10.0360 6052 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys
06:46:10.0376 6052 BHDrvx64 - ok
06:46:10.0392 6052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:46:10.0392 6052 blbdrive - ok
06:46:10.0438 6052 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
06:46:10.0438 6052 bowser - ok
06:46:10.0454 6052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:46:10.0454 6052 BrFiltLo - ok
06:46:10.0470 6052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:46:10.0470 6052 BrFiltUp - ok
06:46:10.0485 6052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:46:10.0485 6052 Brserid - ok
06:46:10.0501 6052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:46:10.0501 6052 BrSerWdm - ok
06:46:10.0516 6052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:46:10.0516 6052 BrUsbMdm - ok
06:46:10.0548 6052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:46:10.0548 6052 BrUsbSer - ok
06:46:10.0579 6052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:46:10.0579 6052 BTHMODEM - ok
06:46:10.0594 6052 catchme - ok
06:46:10.0672 6052 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
06:46:10.0672 6052 ccHP - ok
06:46:10.0688 6052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:46:10.0688 6052 cdfs - ok
06:46:10.0719 6052 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
06:46:10.0719 6052 cdrom - ok
06:46:10.0766 6052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:46:10.0766 6052 circlass - ok
06:46:10.0797 6052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:46:10.0797 6052 CLFS - ok
06:46:10.0828 6052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:46:10.0828 6052 CmBatt - ok
06:46:10.0844 6052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
06:46:10.0844 6052 cmdide - ok
06:46:10.0875 6052 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
06:46:10.0875 6052 CNG - ok
06:46:10.0906 6052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:46:10.0906 6052 Compbatt - ok
06:46:10.0938 6052 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
06:46:10.0938 6052 CompositeBus - ok
06:46:10.0953 6052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:46:10.0953 6052 crcdisk - ok
06:46:11.0016 6052 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
06:46:11.0016 6052 ctxusbm - ok
06:46:11.0047 6052 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
06:46:11.0062 6052 DfsC - ok
06:46:11.0078 6052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:46:11.0078 6052 discache - ok
06:46:11.0094 6052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:46:11.0094 6052 Disk - ok
06:46:11.0156 6052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:46:11.0156 6052 drmkaud - ok
06:46:11.0203 6052 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
06:46:11.0218 6052 DXGKrnl - ok
06:46:11.0296 6052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:46:11.0343 6052 ebdrv - ok
06:46:11.0406 6052 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
06:46:11.0406 6052 eeCtrl - ok
06:46:11.0452 6052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:46:11.0452 6052 elxstor - ok
06:46:11.0468 6052 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:46:11.0468 6052 EraserUtilRebootDrv - ok
06:46:11.0499 6052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
06:46:11.0499 6052 ErrDev - ok
06:46:11.0530 6052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:46:11.0530 6052 exfat - ok
06:46:11.0562 6052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:46:11.0562 6052 fastfat - ok
06:46:11.0593 6052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:46:11.0593 6052 fdc - ok
06:46:11.0624 6052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:46:11.0624 6052 FileInfo - ok
06:46:11.0640 6052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:46:11.0655 6052 Filetrace - ok
06:46:11.0671 6052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:46:11.0671 6052 flpydisk - ok
06:46:11.0686 6052 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
06:46:11.0686 6052 FltMgr - ok
06:46:11.0702 6052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:46:11.0702 6052 FsDepends - ok
06:46:11.0749 6052 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
06:46:11.0749 6052 fssfltr - ok
06:46:11.0827 6052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
06:46:11.0827 6052 Fs_Rec - ok
06:46:11.0874 6052 FTDIBUS (54891a87ba8dbfac580a3d256f4d2ceb) C:\Windows\system32\drivers\ftdibus.sys
06:46:11.0874 6052 FTDIBUS - ok
06:46:11.0905 6052 FTSER2K (7c98f85966a11d1a4214fa8b48be6a44) C:\Windows\system32\drivers\ftser2k.sys
06:46:11.0920 6052 FTSER2K - ok
06:46:11.0967 6052 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:46:11.0967 6052 fvevol - ok
06:46:12.0014 6052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:46:12.0014 6052 gagp30kx - ok
06:46:12.0030 6052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:46:12.0030 6052 GEARAspiWDM - ok
06:46:12.0108 6052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:46:12.0108 6052 hcw85cir - ok
06:46:12.0170 6052 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
06:46:12.0170 6052 HdAudAddService - ok
06:46:12.0186 6052 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:46:12.0186 6052 HDAudBus - ok
06:46:12.0217 6052 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
06:46:12.0217 6052 HECIx64 - ok
06:46:12.0232 6052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:46:12.0232 6052 HidBatt - ok
06:46:12.0264 6052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:46:12.0264 6052 HidBth - ok
06:46:12.0279 6052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:46:12.0279 6052 HidIr - ok
06:46:12.0326 6052 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
06:46:12.0326 6052 HidUsb - ok
06:46:12.0357 6052 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
06:46:12.0373 6052 HpSAMD - ok
06:46:12.0404 6052 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
06:46:12.0420 6052 HTTP - ok
06:46:12.0420 6052 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
06:46:12.0420 6052 hwpolicy - ok
06:46:12.0466 6052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
06:46:12.0466 6052 i8042prt - ok
06:46:12.0498 6052 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
06:46:12.0498 6052 iaStorV - ok
06:46:12.0607 6052 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111128.030\IDSvia64.sys
06:46:12.0607 6052 IDSVia64 - ok
06:46:12.0638 6052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:46:12.0638 6052 iirsp - ok
06:46:12.0747 6052 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
06:46:12.0763 6052 IntcAzAudAddService - ok
06:46:12.0794 6052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
06:46:12.0794 6052 intelide - ok
06:46:12.0825 6052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:46:12.0825 6052 intelppm - ok
06:46:12.0841 6052 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:46:12.0856 6052 IpFilterDriver - ok
06:46:12.0872 6052 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:46:12.0872 6052 IPMIDRV - ok
06:46:12.0888 6052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:46:12.0888 6052 IPNAT - ok
06:46:12.0919 6052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:46:12.0919 6052 IRENUM - ok
06:46:12.0934 6052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
06:46:12.0934 6052 isapnp - ok
06:46:12.0966 6052 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
06:46:12.0966 6052 iScsiPrt - ok
06:46:12.0997 6052 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
06:46:13.0012 6052 k57nd60a - ok
06:46:13.0028 6052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
06:46:13.0028 6052 kbdclass - ok
06:46:13.0044 6052 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
06:46:13.0044 6052 kbdhid - ok
06:46:13.0075 6052 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
06:46:13.0075 6052 KSecDD - ok
06:46:13.0122 6052 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
06:46:13.0122 6052 KSecPkg - ok
06:46:13.0137 6052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:46:13.0137 6052 ksthunk - ok
06:46:13.0200 6052 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
06:46:13.0200 6052 LHidFilt - ok
06:46:13.0200 6052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:46:13.0215 6052 lltdio - ok
06:46:13.0262 6052 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
06:46:13.0262 6052 LMouFilt - ok
06:46:13.0293 6052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:46:13.0293 6052 LSI_FC - ok
06:46:13.0309 6052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:46:13.0324 6052 LSI_SAS - ok
06:46:13.0340 6052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:46:13.0340 6052 LSI_SAS2 - ok
06:46:13.0356 6052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:46:13.0356 6052 LSI_SCSI - ok
06:46:13.0387 6052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:46:13.0387 6052 luafv - ok
06:46:13.0434 6052 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
06:46:13.0434 6052 MBAMProtector - ok
06:46:13.0465 6052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:46:13.0465 6052 megasas - ok
06:46:13.0496 6052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:46:13.0496 6052 MegaSR - ok
06:46:13.0527 6052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:46:13.0527 6052 Modem - ok
06:46:13.0543 6052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:46:13.0543 6052 monitor - ok
06:46:13.0558 6052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
06:46:13.0558 6052 mouclass - ok
06:46:13.0574 6052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:46:13.0574 6052 mouhid - ok
06:46:13.0590 6052 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
06:46:13.0590 6052 mountmgr - ok
06:46:13.0621 6052 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
06:46:13.0621 6052 mpio - ok
06:46:13.0636 6052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:46:13.0636 6052 mpsdrv - ok
06:46:13.0668 6052 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
06:46:13.0668 6052 MRxDAV - ok
06:46:13.0714 6052 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:46:13.0714 6052 mrxsmb - ok
06:46:13.0761 6052 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:46:13.0761 6052 mrxsmb10 - ok
06:46:13.0808 6052 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:46:13.0808 6052 mrxsmb20 - ok
06:46:13.0839 6052 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
06:46:13.0839 6052 msahci - ok
06:46:13.0855 6052 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
06:46:13.0855 6052 msdsm - ok
06:46:13.0886 6052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:46:13.0886 6052 Msfs - ok
06:46:13.0902 6052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:46:13.0902 6052 mshidkmdf - ok
06:46:13.0933 6052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
06:46:13.0933 6052 msisadrv - ok
06:46:13.0980 6052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:46:13.0980 6052 MSKSSRV - ok
06:46:14.0011 6052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:46:14.0011 6052 MSPCLOCK - ok
06:46:14.0026 6052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:46:14.0026 6052 MSPQM - ok
06:46:14.0058 6052 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
06:46:14.0058 6052 MsRPC - ok
06:46:14.0073 6052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
06:46:14.0073 6052 mssmbios - ok
06:46:14.0089 6052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:46:14.0089 6052 MSTEE - ok
06:46:14.0104 6052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:46:14.0104 6052 MTConfig - ok
06:46:14.0120 6052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:46:14.0120 6052 Mup - ok
06:46:14.0136 6052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:46:14.0136 6052 NativeWifiP - ok
06:46:14.0260 6052 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111128.036\ENG64.SYS
06:46:14.0260 6052 NAVENG - ok
06:46:14.0323 6052 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111128.036\EX64.SYS
06:46:14.0338 6052 NAVEX15 - ok
06:46:14.0370 6052 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
06:46:14.0385 6052 NDIS - ok
06:46:14.0401 6052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:46:14.0416 6052 NdisCap - ok
06:46:14.0416 6052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:46:14.0416 6052 NdisTapi - ok
06:46:14.0432 6052 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
06:46:14.0432 6052 Ndisuio - ok
06:46:14.0448 6052 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
06:46:14.0448 6052 NdisWan - ok
06:46:14.0479 6052 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
06:46:14.0479 6052 NDProxy - ok
06:46:14.0541 6052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:46:14.0541 6052 NetBIOS - ok
06:46:14.0557 6052 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
06:46:14.0557 6052 NetBT - ok
06:46:14.0604 6052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:46:14.0604 6052 nfrd960 - ok
06:46:14.0619 6052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:46:14.0619 6052 Npfs - ok
06:46:14.0635 6052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:46:14.0635 6052 nsiproxy - ok
06:46:14.0697 6052 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
06:46:14.0744 6052 Ntfs - ok
06:46:14.0744 6052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:46:14.0744 6052 Null - ok
06:46:14.0775 6052 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
06:46:14.0775 6052 NVHDA - ok
06:46:14.0962 6052 nvlddmkm (56eca691bd4ef5cbf07b6d08b32f12ae) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:46:15.0009 6052 nvlddmkm - ok
06:46:15.0118 6052 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
06:46:15.0150 6052 nvraid - ok
06:46:15.0243 6052 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
06:46:15.0259 6052 nvstor - ok
06:46:15.0384 6052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
06:46:15.0430 6052 nv_agp - ok
06:46:15.0508 6052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
06:46:15.0524 6052 ohci1394 - ok
06:46:15.0540 6052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:46:15.0540 6052 Parport - ok
06:46:15.0571 6052 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
06:46:15.0571 6052 partmgr - ok
06:46:15.0586 6052 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
06:46:15.0586 6052 pci - ok
06:46:15.0602 6052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
06:46:15.0602 6052 pciide - ok
06:46:15.0711 6052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:46:15.0727 6052 pcmcia - ok
06:46:15.0758 6052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:46:15.0758 6052 pcw - ok
06:46:15.0961 6052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:46:15.0961 6052 PEAUTH - ok
06:46:16.0039 6052 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
06:46:16.0054 6052 PptpMiniport - ok
06:46:16.0070 6052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:46:16.0086 6052 Processor - ok
06:46:16.0101 6052 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
06:46:16.0101 6052 Psched - ok
06:46:16.0148 6052 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
06:46:16.0148 6052 PxHlpa64 - ok
06:46:16.0195 6052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:46:16.0226 6052 ql2300 - ok
06:46:16.0242 6052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:46:16.0242 6052 ql40xx - ok
06:46:16.0257 6052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:46:16.0257 6052 QWAVEdrv - ok
06:46:16.0288 6052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:46:16.0288 6052 RasAcd - ok
06:46:16.0304 6052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:46:16.0304 6052 RasAgileVpn - ok
06:46:16.0335 6052 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:46:16.0335 6052 Rasl2tp - ok
06:46:16.0351 6052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:46:16.0351 6052 RasPppoe - ok
06:46:16.0382 6052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:46:16.0382 6052 RasSstp - ok
06:46:16.0398 6052 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
06:46:16.0398 6052 rdbss - ok
06:46:16.0413 6052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:46:16.0413 6052 rdpbus - ok
06:46:16.0429 6052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:46:16.0429 6052 RDPCDD - ok
06:46:16.0476 6052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:46:16.0476 6052 RDPENCDD - ok
06:46:16.0491 6052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:46:16.0491 6052 RDPREFMP - ok
06:46:16.0522 6052 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
06:46:16.0522 6052 RDPWD - ok
06:46:16.0554 6052 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
06:46:16.0554 6052 rdyboost - ok
06:46:16.0616 6052 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
06:46:16.0616 6052 RimUsb - ok
06:46:16.0663 6052 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
06:46:16.0663 6052 RimVSerPort - ok
06:46:16.0694 6052 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
06:46:16.0694 6052 ROOTMODEM - ok
06:46:16.0710 6052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:46:16.0710 6052 rspndr - ok
06:46:16.0725 6052 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
06:46:16.0741 6052 sbp2port - ok
06:46:16.0741 6052 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
06:46:16.0756 6052 scfilter - ok
06:46:16.0772 6052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:46:16.0772 6052 secdrv - ok
06:46:16.0788 6052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:46:16.0803 6052 Serenum - ok
06:46:16.0819 6052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:46:16.0819 6052 Serial - ok
06:46:16.0834 6052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:46:16.0834 6052 sermouse - ok
06:46:16.0866 6052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
06:46:16.0866 6052 sffdisk - ok
06:46:16.0866 6052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:46:16.0866 6052 sffp_mmc - ok
06:46:16.0881 6052 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
06:46:16.0881 6052 sffp_sd - ok
06:46:16.0897 6052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:46:16.0897 6052 sfloppy - ok
06:46:16.0928 6052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:46:16.0928 6052 SiSRaid2 - ok
06:46:16.0959 6052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:46:16.0959 6052 SiSRaid4 - ok
06:46:16.0990 6052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:46:16.0990 6052 Smb - ok
06:46:17.0022 6052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:46:17.0022 6052 spldr - ok
06:46:17.0146 6052 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
06:46:17.0146 6052 SRTSP - ok
06:46:17.0162 6052 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
06:46:17.0162 6052 SRTSPX - ok
06:46:17.0224 6052 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
06:46:17.0224 6052 srv - ok
06:46:17.0240 6052 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
06:46:17.0256 6052 srv2 - ok
06:46:17.0302 6052 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
06:46:17.0302 6052 srvnet - ok
06:46:17.0334 6052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:46:17.0334 6052 stexstor - ok
06:46:17.0396 6052 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
06:46:17.0396 6052 StillCam - ok
06:46:17.0412 6052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
06:46:17.0412 6052 swenum - ok
06:46:17.0427 6052 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
06:46:17.0443 6052 SymDS - ok
06:46:17.0474 6052 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
06:46:17.0474 6052 SymEFA - ok
06:46:17.0521 6052 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
06:46:17.0536 6052 SymEvent - ok
06:46:17.0552 6052 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
06:46:17.0552 6052 SymIRON - ok
06:46:17.0583 6052 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
06:46:17.0583 6052 SYMTDIv - ok
06:46:17.0661 6052 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
06:46:17.0677 6052 Tcpip - ok
06:46:17.0739 6052 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
06:46:17.0755 6052 TCPIP6 - ok
06:46:17.0786 6052 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
06:46:17.0786 6052 tcpipreg - ok
06:46:17.0786 6052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:46:17.0786 6052 TDPIPE - ok
06:46:17.0802 6052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
06:46:17.0802 6052 TDTCP - ok
06:46:17.0833 6052 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
06:46:17.0833 6052 tdx - ok
06:46:17.0848 6052 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
06:46:17.0848 6052 TermDD - ok
06:46:17.0895 6052 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:46:17.0895 6052 tssecsrv - ok
06:46:17.0911 6052 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
06:46:17.0911 6052 tunnel - ok
06:46:17.0942 6052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:46:17.0942 6052 uagp35 - ok
06:46:17.0973 6052 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
06:46:17.0989 6052 udfs - ok
06:46:18.0036 6052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
06:46:18.0036 6052 uliagpkx - ok
06:46:18.0051 6052 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
06:46:18.0067 6052 umbus - ok
06:46:18.0067 6052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:46:18.0082 6052 UmPass - ok
06:46:18.0114 6052 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
06:46:18.0114 6052 usbccgp - ok
06:46:18.0160 6052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
06:46:18.0160 6052 usbcir - ok
06:46:18.0192 6052 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
06:46:18.0192 6052 usbehci - ok
06:46:18.0207 6052 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
06:46:18.0223 6052 usbhub - ok
06:46:18.0254 6052 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
06:46:18.0254 6052 usbohci - ok
06:46:18.0270 6052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:46:18.0270 6052 usbprint - ok
06:46:18.0301 6052 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:46:18.0301 6052 USBSTOR - ok
06:46:18.0348 6052 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
06:46:18.0348 6052 usbuhci - ok
06:46:18.0363 6052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
06:46:18.0379 6052 vdrvroot - ok
06:46:18.0394 6052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:46:18.0394 6052 vga - ok
06:46:18.0426 6052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:46:18.0426 6052 VgaSave - ok
06:46:18.0457 6052 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
06:46:18.0472 6052 vhdmp - ok
06:46:18.0504 6052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
06:46:18.0504 6052 viaide - ok
06:46:18.0519 6052 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
06:46:18.0519 6052 volmgr - ok
06:46:18.0550 6052 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
06:46:18.0550 6052 volmgrx - ok
06:46:18.0582 6052 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
06:46:18.0582 6052 volsnap - ok
06:46:18.0597 6052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:46:18.0613 6052 vsmraid - ok
06:46:18.0628 6052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:46:18.0644 6052 vwifibus - ok
06:46:18.0675 6052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:46:18.0675 6052 vwififlt - ok
06:46:18.0722 6052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
06:46:18.0738 6052 vwifimp - ok
06:46:18.0753 6052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:46:18.0753 6052 WacomPen - ok
06:46:18.0784 6052 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
06:46:18.0784 6052 WANARP - ok
06:46:18.0784 6052 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
06:46:18.0784 6052 Wanarpv6 - ok
06:46:18.0816 6052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:46:18.0816 6052 Wd - ok
06:46:18.0862 6052 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
06:46:18.0862 6052 WDC_SAM - ok
06:46:18.0894 6052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:46:18.0909 6052 Wdf01000 - ok
06:46:18.0956 6052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:46:18.0956 6052 WfpLwf - ok
06:46:18.0972 6052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:46:18.0972 6052 WIMMount - ok
06:46:19.0018 6052 winusb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.SYS
06:46:19.0018 6052 winusb - ok
06:46:19.0065 6052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:46:19.0065 6052 WmiAcpi - ok
06:46:19.0112 6052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:46:19.0112 6052 ws2ifsl - ok
06:46:19.0143 6052 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
06:46:19.0159 6052 WudfPf - ok
06:46:19.0159 6052 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:46:19.0174 6052 WUDFRd - ok
06:46:19.0237 6052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:46:19.0299 6052 \Device\Harddisk0\DR0 - ok
06:46:19.0299 6052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
06:46:19.0315 6052 \Device\Harddisk1\DR1 - ok
06:46:19.0330 6052 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk5\DR5
06:46:19.0736 6052 \Device\Harddisk5\DR5 - ok
06:46:19.0736 6052 Boot (0x1200) (305734df2180ab80eb338221016af70a) \Device\Harddisk0\DR0\Partition0
06:46:19.0736 6052 \Device\Harddisk0\DR0\Partition0 - ok
06:46:19.0752 6052 Boot (0x1200) (a666265f0b142fce4427f467fd98968d) \Device\Harddisk0\DR0\Partition1
06:46:19.0752 6052 \Device\Harddisk0\DR0\Partition1 - ok
06:46:19.0767 6052 Boot (0x1200) (ae0d90f043a9b3b70aeb1b7ee0ada813) \Device\Harddisk1\DR1\Partition0
06:46:19.0767 6052 \Device\Harddisk1\DR1\Partition0 - ok
06:46:19.0767 6052 Boot (0x1200) (330690f933555648dcf9077052ec603b) \Device\Harddisk5\DR5\Partition0
06:46:19.0767 6052 \Device\Harddisk5\DR5\Partition0 - ok
06:46:19.0767 6052 ============================================================
06:46:19.0767 6052 Scan finished
06:46:19.0767 6052 ============================================================
06:46:19.0783 6136 Detected object count: 0
06:46:19.0783 6136 Actual detected object count: 0

[smwheel]

aswmbr log

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-23 06:49:26
-----------------------------
06:49:26.172 OS Version: Windows x64 6.1.7600
06:49:26.172 Number of processors: 4 586 0x2502
06:49:26.187 ComputerName: wDESKTOP UserName:
06:49:28.512 Initialize success
06:49:28.543 AVAST engine defs: 11122300
06:50:07.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:50:07.246 Disk 0 Vendor: ST31000528AS CC45 Size: 953869MB BusType: 3
06:50:09.274 Disk 0 MBR read successfully
06:50:09.274 Disk 0 MBR scan
06:50:09.274 Disk 0 Windows 7 default MBR code
06:50:09.274 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
06:50:09.290 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8818 MB offset 161792
06:50:09.306 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 944971 MB offset 18221056
06:50:09.306 Service scanning
06:50:10.460 Modules scanning
06:50:10.460 Scan finished successfully
06:50:32.550 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
06:50:32.550 The log file has been saved successfully to "C:\aswMBR.txt"

[smwheel]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122306

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/23/2011 7:02:48 AM
mbam-log-2011-12-23 (07-02-48).txt

Scan type: Quick scan
Objects scanned: 184813
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

[smwheel]

OTl Log

OTL logfile created on: 12/23/2011 7:07:17 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\w Desktop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 78.47% Memory free
15.73 Gb Paging File | 13.97 Gb Available in Paging File | 88.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.82 Gb Total Space | 629.96 Gb Free Space | 68.26% Space Free | Partition Type: NTFS
Drive D: | 587.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.39 Gb Total Space | 2.29 Gb Free Space | 30.96% Space Free | Partition Type: FAT32
Drive I: | 62.53 Mb Total Space | 60.63 Mb Free Space | 96.97% Space Free | Partition Type: FAT

Computer Name: wDESKTOP | User Name: w Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 20:38:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\w Desktop\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/03 19:21:30 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/12 14:58:50 | 002,697,656 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/10/08 11:46:48 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/08/30 10:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/17 10:47:46 | 000,776,704 | ---- | M] (BodyMedia, Inc.) -- C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
PRC - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\concentr.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/12/29 15:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 02:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/10 15:53:52 | 000,372,736 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
PRC - [2009/07/10 15:50:36 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:35:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/12 02:35:08 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/12 02:35:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/07/09 06:22:14 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2009/10/15 02:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 02:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/27 23:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2009/07/10 15:50:24 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/17 01:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/08/30 10:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/03 22:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/13 13:39:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/21 20:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 20:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 22:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/04/30 05:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 05:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/01 21:18:38 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/04/28 23:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 20:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/16 05:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/14 21:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/27 06:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 17:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/15 13:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 13:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/11/14 13:28:01 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111114.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 03:11:39 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 03:11:39 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111128.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/03 22:12:59 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111128.036\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 22:12:59 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111128.036\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/31 12:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/11 02:25:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/12/23 06:54:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 03:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files (x86)\Virtual Account Numbers [2011/04/04 19:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/03 19:22:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/31 12:24:36 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\w Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\

O1 HOSTS File: ([2011/12/23 06:27:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6180F3B-3E9C-4BBD-A620-B5D6EDEFC674}: DhcpNameServer = 163.244.194.254 163.244.212.254 163.244.194.42 163.244.199.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B474B7DD-81DB-4916-BD7E-1F9FBACC7AE1}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\w Desktop\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~4\GoogleDesktopNetwork3.dll) -C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/28 08:29:17 | 000,000,055 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 07:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 06:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/23 06:58:35 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\w Desktop\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/23 06:48:49 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\w Desktop\Desktop\aswMBR.exe
[2011/12/23 06:44:35 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\w Desktop\Desktop\tdsskiller.exe
[2011/12/23 06:30:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/23 06:28:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/23 05:54:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/23 05:54:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/23 05:54:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/23 05:54:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/23 05:54:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 05:52:15 | 004,350,311 | R--- | C] (Swearware) -- C:\Users\w Desktop\Desktop\ComboFix.exe
[2011/12/22 20:38:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\w Desktop\Desktop\OTL.exe
[2011/12/22 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{91789515-9C62-4FAB-95FD-3468991C75D6}
[2011/12/22 07:31:28 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{93A63ADF-8B91-480F-AC58-A0257B430247}
[2011/12/22 07:30:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{A960758C-0B0E-4246-9B2B-7238A98756EF}
[2011/12/21 07:21:34 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/21 07:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/21 07:21:33 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/21 07:21:30 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/21 07:21:29 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/21 07:21:27 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/21 07:21:20 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/21 07:21:19 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/21 07:19:41 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/21 07:19:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/21 07:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/21 07:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/19 20:12:36 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{7FD13830-6538-4FD8-9D8C-F7A8E40515DD}
[2011/12/19 08:11:54 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{194A071D-006F-466C-9FFF-0912DE5D3DD8}
[2011/12/18 20:11:19 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{D4F80CC6-469D-4222-8DF1-F00B77867372}
[2011/12/18 08:10:43 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{A05147AD-8FF0-41F1-AB7E-7A35E774C76D}
[2011/12/17 20:04:44 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{F7465644-3D9B-4C3A-8FE6-DC1482D8020A}
[2011/12/17 08:04:08 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{EBDF7378-162A-4931-A1F5-AC4ED15CE47A}
[2011/12/16 20:03:33 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{0DC1B842-CF62-4D02-9A1F-248CCB37252D}
[2011/12/16 08:02:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{AB088650-1C3C-45C9-8950-E9E71DA04213}
[2011/12/15 20:02:23 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{6EFB4ED5-E041-4FBD-B3D6-4062126512F3}
[2011/12/15 08:01:48 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{04B85652-8178-4212-8BEC-CA8283CA45ED}
[2011/12/14 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{779DBC70-4820-4A08-AA41-C44F714A4980}
[2011/12/14 08:00:39 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{79CF5482-EA61-4D5D-8477-DEB22FB0F527}
[2011/12/14 08:00:16 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{4445CD31-CEBC-4A28-BF1A-53FAF32FF01E}
[2011/12/13 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Roaming\Malwarebytes
[2011/12/13 21:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/13 21:07:15 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/13 20:48:53 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{BF543E5C-5989-4C5C-97BD-B2A9566665C4}
[2011/12/13 20:48:26 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{62EF343B-9CB0-42CB-A4CA-1618D88C12ED}
[2011/12/13 20:13:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/13 20:13:19 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/13 20:13:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/13 20:13:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/13 20:13:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/13 20:13:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/13 20:13:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/13 20:13:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/13 20:13:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/13 20:13:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/13 20:13:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/13 20:13:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/13 20:13:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/13 20:13:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/13 20:13:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/13 20:13:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/13 20:12:47 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/13 20:12:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 19:59:51 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{37DE7AFD-E0DF-4467-BAD2-7BB30AE2B9F1}
[2011/12/13 06:44:42 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{4E1F2B8A-373F-47C1-BC3F-C5135DBF318A}
[2011/12/13 06:44:15 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{74569BB2-B798-46E3-9952-562AFA0F49AA}
[2011/12/12 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{682CB2AF-3581-4767-8CAE-868FD15E147F}
[2011/12/11 23:02:43 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{441D5172-747A-48FA-A3F0-E0B061CCCEF1}
[2011/12/11 11:02:19 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{3319A4D7-FA31-41BE-87A0-A8F7D8B69A25}
[2011/12/10 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{AFF9F65C-4E1C-43C6-9859-8B9A9F038CFE}
[2011/12/10 10:10:16 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{220C6312-504A-4C06-92A1-4DA8C3C54DFE}
[2011/12/09 22:09:41 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{AB40D4A8-53E1-4CFB-AF18-A70D1ADE0FC4}
[2011/12/09 06:10:16 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{97C14A80-1B84-45F4-BAFA-AD622902C338}
[2011/12/08 17:30:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{6FB196C2-8EE2-4EE0-BA09-05A36ADAEE35}
[2011/12/07 20:21:30 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8AF1934B-6E81-4BF8-BE61-42CDCE70B0FE}
[2011/12/07 07:26:54 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{5B58FA44-7B80-496A-B1B1-E9A11E6D9F64}
[2011/12/06 19:26:19 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{7AE836E9-993C-478B-9864-5DDF878870E1}
[2011/12/05 21:36:36 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{9AB290CC-3B2E-48CB-B180-65744E717BEE}
[2011/12/05 07:58:10 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{2BE84676-65CE-466F-82A4-BE3CCCF2566C}
[2011/12/04 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{3207E7E6-F42E-43D4-A533-F9139641A3FF}
[2011/12/03 18:32:32 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{90E55CC1-C77C-43AF-AE11-DDED54EB781D}
[2011/12/03 06:31:56 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{0C009143-3BDB-48C1-ABCB-0E1CE7A08490}
[2011/12/02 07:52:34 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{3919A5CB-6CEB-464C-9152-785D0A362B90}
[2011/12/01 19:51:58 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8FD2BBD8-1ECC-4C80-BB1B-755CCEF5E552}
[2011/11/30 19:08:18 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{9CEAA3AA-6D2C-40D5-BA9D-3B381F7EE750}
[2011/11/30 07:07:43 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8FEB1F6F-5659-49AE-BBFA-9CA54F177E37}
[2011/11/29 19:07:08 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{44A3786D-491F-4B8F-BA0B-02BD4C085C39}
[2011/11/29 06:21:14 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{C649C701-4B0D-4F74-9724-8E989865B8E3}
[2011/11/28 14:19:32 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{FE099520-C809-4BDF-8462-8DDDD6829300}
[2011/11/27 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{B0BE945C-4B5B-44B1-B216-19FB2BA6B637}
[2011/11/27 09:20:46 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{19A6D204-A269-4435-8BC2-0F0B9C865366}
[2011/11/26 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{0F598915-7B34-4210-900C-5D74A83202FD}
[2011/11/26 09:19:46 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{CF035B4C-E70D-44D5-A5C6-30CDD2D0FC04}
[2011/11/25 21:19:11 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{8CA626C5-9178-4719-9EDD-8B86CA1B23B6}
[2011/11/25 09:18:35 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{19177B91-DE37-4042-BF5F-EB0DA02A081C}
[2011/11/24 21:18:11 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{B08B6D9C-64A5-4B78-8892-E986ABD7B0F2}
[2011/11/23 09:55:07 | 000,000,000 | ---D | C] -- C:\Users\w Desktop\AppData\Local\{644011A3-659C-4B19-B615-6005DB81DE86}

========== Files - Modified Within 30 Days ==========

[2011/12/23 07:02:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 07:02:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 07:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 07:00:03 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 06:59:49 | 000,001,940 | ---- | M] () -- C:\Users\w Desktop\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/12/23 06:58:35 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\w Desktop\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/23 06:54:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 06:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 06:54:21 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 06:50:32 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/23 06:48:56 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Users\w Desktop\Desktop\aswMBR.exe
[2011/12/23 06:45:12 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\w Desktop\Desktop\tdsskiller.exe
[2011/12/23 06:27:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/23 05:53:06 | 3867,960,320 | ---- | M] () -- C:\Users\w Desktop\Desktop\Outlook.pst
[2011/12/23 05:52:27 | 004,350,311 | R--- | M] (Swearware) -- C:\Users\w Desktop\Desktop\ComboFix.exe
[2011/12/22 20:38:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\w Desktop\Desktop\OTL.exe
[2011/12/22 06:31:45 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/22 06:31:45 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/22 06:31:45 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/21 07:21:35 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/21 07:21:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/19 07:11:27 | 000,001,283 | ---- | M] () -- C:\Users\w Desktop\Desktop\MyPublisher.lnk
[2011/12/14 18:57:49 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/14 03:23:16 | 000,351,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 20:56:57 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/13 20:47:08 | 000,012,980 | -HS- | M] () -- C:\Users\w Desktop\AppData\Local\405635u2t127e105x827k4iov7g3
[2011/12/13 20:47:08 | 000,012,980 | -HS- | M] () -- C:\ProgramData\405635u2t127e105x827k4iov7g3
[2011/11/30 06:56:55 | 000,477,057 | ---- | M] () -- C:\Users\w Desktop\Desktop\www_radissonbignightgiveaway_com.mht
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 12:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/12/23 07:00:03 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 06:50:32 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/12/23 05:54:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/23 05:54:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/23 05:54:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/23 05:54:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/23 05:54:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/22 06:31:45 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/21 07:21:34 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/21 07:21:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/20 06:26:06 | 000,012,980 | -HS- | C] () -- C:\Users\w Desktop\AppData\Local\405635u2t127e105x827k4iov7g3
[2011/12/20 06:26:06 | 000,012,980 | -HS- | C] () -- C:\ProgramData\405635u2t127e105x827k4iov7g3
[2011/12/19 07:11:27 | 000,001,283 | ---- | C] () -- C:\Users\w Desktop\Desktop\MyPublisher.lnk
[2011/12/19 07:11:26 | 000,001,313 | ---- | C] () -- C:\Users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPublisher.lnk
[2011/11/30 06:56:53 | 000,477,057 | ---- | C] () -- C:\Users\w Desktop\Desktop\www_radissonbignightgiveaway_com.mht
[2011/05/18 18:01:40 | 000,001,940 | ---- | C] () -- C:\Users\w Desktop\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/02 20:47:26 | 000,221,393 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011/05/02 20:47:26 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/03/19 07:30:42 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/12/19 15:18:58 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll
[2010/07/31 12:20:43 | 000,220,556 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/07/31 12:20:43 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/05/18 20:30:25 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

[smwheel]

OTL Extras log

OTL Extras logfile created on: 12/23/2011 7:07:17 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\w Desktop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 78.47% Memory free
15.73 Gb Paging File | 13.97 Gb Available in Paging File | 88.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.82 Gb Total Space | 629.96 Gb Free Space | 68.26% Space Free | Partition Type: NTFS
Drive D: | 587.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.39 Gb Total Space | 2.29 Gb Free Space | 30.96% Space Free | Partition Type: FAT32
Drive I: | 62.53 Mb Total Space | 60.63 Mb Free Space | 96.97% Space Free | Partition Type: FAT

Computer Name: wDESKTOP | User Name: w Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CutePDF Writer Installation" = CutePDF Writer 2.7
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.30
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0847420B-9C5D-4880-B7D9-6312AC24C8F1}" = 7300
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{377739AE-00D9-4E80-8ECB-4C8A7EFFE526}" = 7300Trb
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99567851-B7F1-4692-A33A-0732E761220B}" = BodyMedia SYNC
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411DC9-B8B8-45F3-B688-073BF4B59094}" = Virtual Account Numbers
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B60A8880-ED81-4E5C-B678-3C4FE2DC2BB7}" = ApneaLink
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B617EF-2DBF-45A0-9359-774031FEA769}" = TurboTax 2010 wwiiper
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}" = CutePDF Professional 3.6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Aimersoft Video Converter Std_is1" = Aimersoft Video Converter Std(Build 4.0.2.0)
"Aimersoft Video Studio Express_is1" = Aimersoft Video Studio Express(Build 1.2.0.25)
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Dock" = Dell Dock
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}" = BodyMedia SYNC
"InstallShield_{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"N360" = Norton 360
"OUTLOOKR" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"TeamViewer 6" = TeamViewer 6
"TurboTax 2010" = TurboTax 2010
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2011 10:00:23 AM | Computer Name = wDesktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/17/2011 10:03:38 AM | Computer Name = wDesktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/17/2011 3:45:53 PM | Computer Name = wDesktop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/18/2011 10:11:20 AM | Computer Name = wDesktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2011 10:17:04 AM | Computer Name = wDesktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2011 3:51:11 PM | Computer Name = wDesktop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/19/2011 9:54:54 AM | Computer Name = wDesktop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/19/2011 10:19:51 AM | Computer Name = wDesktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/20/2011 8:38:18 AM | Computer Name = wDesktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/13/2011 8:43:33 AM | Computer Name = wDesktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 8/21/2011 9:39:17 AM | Computer Name = wDesktop | Source = bowser | ID = 8003
Description =

Error - 8/24/2011 7:13:46 PM | Computer Name = wDesktop | Source = bowser | ID = 8003
Description =

Error - 8/25/2011 6:50:04 PM | Computer Name = wDesktop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:48:15 PM on ?8/?25/?2011 was unexpected.

Error - 9/13/2011 8:36:14 AM | Computer Name = wDesktop | Source = BROWSER | ID = 8032
Description =

Error - 9/15/2011 4:02:54 AM | Computer Name = wDesktop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 9/15/2011 4:02:54 AM | Computer Name = wDesktop | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 9/16/2011 11:40:34 AM | Computer Name = wDesktop | Source = BROWSER | ID = 8032
Description =

Error - 9/19/2011 4:22:11 AM | Computer Name = wDesktop | Source = DCOM | ID = 10010
Description =

Error - 9/19/2011 4:30:26 AM | Computer Name = wDesktop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 9/19/2011 11:03:51 AM | Computer Name = wDesktop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:02:11 AM on ?9/?19/?2011 was unexpected.


< End of report >

[smwheel]

disk management

[RKinner]

Uninstall
Java™ 6 Update 17 (64-bit)
MarketResearch
Java™ 6 Update 26
Adobe Reader 9.3.3
Yahoo! Toolbar


Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Norton 360 (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)
Run the Norton Removal tool.
Reboot



Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - Startup: C:\Users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/12/21 07:21:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/20 06:26:06 | 000,012,980 | -HS- | C] () -- C:\Users\w Desktop\AppData\Local\405635u2t127e105x827k4iov7g3
[2011/12/20 06:26:06 | 000,012,980 | -HS- | C] () -- C:\ProgramData\405635u2t127e105x827k4iov7g3


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[CREATERESTOREPOINT]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

OTL will create a file on your desktop called winsock2.reg. Just leave it alone for now.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

netsh  winsock  reset  catalog

reboot.

If you have problems getting on line you can right click on the winsock2.reg and MERGE. IF that doesn't help then you will have to do a system restore to the newest restore point.

If you have no problems getting on line after rebooting then right click on winsock2.reg and DELETE.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)




1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Run OTL, Quickscan and post the log.


Ron

[smwheel]

MarketResearch does not show up to unistall.

[smwheel]

Ran OTL per instructions. But winsock2.reg not appearing on desktop. Below is the log that generated.
Thanks, Sue

Error: Unable to interpret < > in the current context!
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
File move failed. C:\Users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Windows\SysWOW64\config.nt moved successfully.
File C:\Users\w Desktop\AppData\Local\405635u2t127e105x827k4iov7g3 not found.
C:\ProgramData\405635u2t127e105x827k4iov7g3 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\w Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\w Desktop\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\w Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\w Desktop\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\w Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\w Desktop\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\w Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\w Desktop\Desktop\cmd.txt deleted successfully.
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c >
C:\Users\w Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\w Desktop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: w Desktop
->Flash cache emptied: 1187731 bytes

Total Flash Files Cleaned = 1.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: w Desktop
->Java cache emptied: 29573706 bytes

Total Java Files Cleaned = 28.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12242011_060136

Files\Folders moved on Reboot...
File\Folder C:\Users\w Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk not found!

Registry entries deleted on Reboot...

[smwheel]

Can I proceed with the rest of the instructions without winsock2.reg not appearing on desktop?

[RKinner]

Don't know why it didn't show up. Skip over the

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:

netsh winsock reset catalog

for now. Do the rest.

[smwheel]

Event Viewer Tool System

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/12/2011 5:36:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2011 11:19:48 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Log: 'System' Date/Time: 27/12/2011 11:19:41 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 27/12/2011 11:19:34 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 27/12/2011 11:19:33 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 27/12/2011 11:19:33 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2011 11:19:21 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 27/12/2011 11:18:45 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.