Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Having several issues, please help [Closed]


  • This topic is locked This topic is locked

#1
bradleys24

bradleys24

    Member

  • Member
  • PipPip
  • 10 posts
Among other things, my google is redirecting to random sites. All of my documents (pictures, word documents, etc.) is either hidden or deleted. My desktop screen shot is gone and my background is all black. The only files appearing on my desktop is Mozilla Firefox, Libraries Folder, and McAfee Security Center. I feel that I downloaded a rogue McAfee Security Center clone, which started all my computer's problems. Any help would be greatly appreciated. Thank you!

OTL logfile created on: 1/12/2012 12:03:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 59.69% Memory free
11.60 Gb Paging File | 8.79 Gb Available in Paging File | 75.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 488.06 Gb Free Space | 83.94% Space Free | Partition Type: NTFS

Computer Name: BRADLEY-PC | User Name: Bradley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/12 12:02:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/12/20 21:45:21 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/03 10:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/10/25 06:59:16 | 000,244,960 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/09/27 06:22:28 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/08/04 11:25:02 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/13 11:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 11:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 17:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 23:37:53 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/20 21:45:22 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/10/14 02:35:38 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/14 02:30:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 02:30:07 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/14 02:29:55 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:29:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/14 02:29:48 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/14 02:29:39 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/14 02:29:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 02:29:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 02:29:31 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 02:29:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 11:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/13 11:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 11:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 11:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 11:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 11:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 11:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 11:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 11:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | -H-- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | -H-- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/11/03 10:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/10/25 06:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/08/04 11:25:02 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/11/13 05:14:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/13 17:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/12 10:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 02:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/01 06:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 21:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/02/03 05:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 14:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111213
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.orangecounty.cox.net/"
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.7.1
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.05
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111213&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bradley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bradley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bradley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bradley\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bradley\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Bradley\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\ProgramDataMozilla\Extensions\superfish@superfish.com [2011/07/23 15:46:40 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 21:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 21:45:25 | 000,000,000 | ---D | M]

[2010/11/18 12:13:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Extensions
[2012/01/12 10:56:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions
[2011/07/23 14:11:54 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/15 20:01:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/12 16:09:55 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/12/15 20:01:15 | 000,000,000 | -H-D | M] (Google Shortcuts) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2011/12/15 20:01:15 | 000,000,000 | -H-D | M] (googlebar) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2011/11/23 14:56:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\oo0bgunj.default\extensions
[2011/07/23 15:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/23 15:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/23 15:46:40 | 000,000,000 | -H-D | M] (Window Shopper - Powered by Superfish) -- C:\PROGRAMDATAMOZILLA\EXTENSIONS\SUPERFISH@SUPERFISH.COM
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/23 15:32:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111229013108.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229013108.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [uiuKBUNRte.exe] C:\ProgramData\uiuKBUNRte.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.161.252.91 10.161.252.92 10.161.252.95 10.161.252.96
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B0E6E9D-80FA-4F82-B63C-968C73A67064}: DhcpNameServer = 10.161.252.91 10.161.252.92 10.161.252.95 10.161.252.96
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1068C312-0372-4CA3-B7CF-8F5D2706CEAB}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.members.c...r/Images/bg.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 12:02:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/01/09 19:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/03 00:29:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/01/03 00:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/01/01 14:09:23 | 000,000,000 | -HSD | C] -- C:\Users\Bradley\UserData
[2011/12/15 19:56:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 12:06:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 12:05:01 | 000,000,916 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/12 12:03:05 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/12 12:02:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/01/12 11:35:01 | 000,000,936 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/12 11:10:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 11:05:01 | 000,000,864 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/12 10:58:46 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/12 10:58:46 | 000,624,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 10:58:46 | 000,106,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 10:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 23:35:01 | 000,000,914 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/09 19:15:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 19:15:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 19:09:29 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/01/09 19:05:36 | 376,831,999 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 14:23:34 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/03 11:54:00 | 000,001,352 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/03 11:54:00 | 000,001,352 | -HS- | M] () -- C:\ProgramData\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/01 15:49:32 | 000,008,078 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\qdc6io7rx11746o6u722u7
[2012/01/01 15:49:32 | 000,008,078 | -HS- | M] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
[2012/01/01 14:04:55 | 000,001,976 | -H-- | M] () -- C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/01/01 14:04:19 | 000,001,232 | -H-- | M] () -- C:\Users\Bradley\Desktop\Notepad.lnk
[2011/12/15 03:20:18 | 000,271,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/09 19:09:29 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/01/03 11:53:46 | 000,001,352 | -HS- | C] () -- C:\Users\Bradley\AppData\Local\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/03 11:53:46 | 000,001,352 | -HS- | C] () -- C:\ProgramData\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/03 00:29:34 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/03 00:29:32 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/01 15:47:52 | 000,008,078 | -HS- | C] () -- C:\Users\Bradley\AppData\Local\qdc6io7rx11746o6u722u7
[2012/01/01 15:47:52 | 000,008,078 | -HS- | C] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
[2011/11/23 15:22:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 15:22:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 15:22:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 15:22:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 15:22:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 12:31:12 | 000,001,213 | -H-- | C] () -- C:\Users\Bradley\AppData\Roaming\ahst.lni
[2011/10/04 14:32:49 | 000,003,584 | -H-- | C] () -- C:\Users\Bradley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 23:09:03 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/11/29 15:07:30 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/18 13:21:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/13 06:39:53 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/13 06:39:53 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/13 06:39:53 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/13 06:39:53 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/13 06:39:51 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/13 05:32:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/23 20:15:54 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\799A8
[2011/11/23 15:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\A1ivD3onFaHsJdL
[2011/06/09 18:52:10 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\acccore
[2011/11/23 18:18:40 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\aF4pmG5sQ6E8R
[2011/11/23 12:31:04 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\alllOOBtzP0yA1v
[2011/11/23 12:31:11 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\BlllIBBrzPNyA1v
[2011/11/23 12:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\d22oobF33pG5aJ6
[2011/08/31 23:15:08 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Eclipse
[2011/11/23 18:18:40 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\FjUVelIBtPyAuDo
[2011/11/23 14:31:27 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\HZqjYCwkIrNx0c1
[2011/11/23 15:04:09 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\J3pmG5aQJ
[2011/11/23 20:15:55 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\jNyxA0uvSiFpG
[2011/11/23 14:59:44 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\OIVrlONtx0c1b3n
[2011/05/24 16:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\PCDr
[2011/11/23 15:04:17 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\pEL8gRZqhXkVlBz
[2011/10/04 14:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Research In Motion
[2011/11/23 15:04:02 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\RlOBtxP0ySioFaH
[2011/11/23 12:31:03 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\S000uccS1ib3o
[2012/01/09 19:04:51 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\SoftGrid Client
[2011/11/23 14:59:45 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\t4amH6sWJfLgZhC
[2010/11/29 15:08:07 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\TP
[2011/11/23 18:21:19 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\uS2obF3pm5Q6W8R
[2011/11/23 15:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\uwkUVrlOBx0c
[2011/11/23 15:04:11 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\VZqjYCwkIrOt
[2011/11/23 18:21:19 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\WCelIBrzPyAu
[2011/11/23 14:31:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\xbD3pnG4aHsKfLg
[2011/11/23 15:04:18 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Y0ycA1ivDoFpH
[2011/12/08 18:51:28 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\zgggTZZqhYCwU
[2012/01/09 23:35:01 | 000,000,914 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/12 11:35:01 | 000,000,936 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/03 14:23:34 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/17 20:02:57 | 000,030,766 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/12 12:03:05 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >



EXTRAS.Txt
OTL logfile created on: 1/12/2012 12:03:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 59.69% Memory free
11.60 Gb Paging File | 8.79 Gb Available in Paging File | 75.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 488.06 Gb Free Space | 83.94% Space Free | Partition Type: NTFS

Computer Name: BRADLEY-PC | User Name: Bradley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/12 12:02:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/12/20 21:45:21 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/03 10:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/10/25 06:59:16 | 000,244,960 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/09/27 06:22:28 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/08/04 11:25:02 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/13 11:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 11:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 17:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 23:37:53 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/20 21:45:22 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/10/14 02:35:38 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/14 02:30:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 02:30:07 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/14 02:29:55 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:29:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/14 02:29:48 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/14 02:29:39 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/14 02:29:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 02:29:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 02:29:31 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 02:29:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 11:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/13 11:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 11:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 11:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 11:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 11:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 11:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 11:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 11:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | -H-- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | -H-- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/11/03 10:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/10/25 06:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/08/04 11:25:02 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/11/13 05:14:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/13 17:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/12 10:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 02:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/01 06:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 21:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/02/03 05:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 14:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111213
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.orangecounty.cox.net/"
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.7.1
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.05
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111213&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bradley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bradley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bradley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bradley\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bradley\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Bradley\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\ProgramDataMozilla\Extensions\superfish@superfish.com [2011/07/23 15:46:40 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 21:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 21:45:25 | 000,000,000 | ---D | M]

[2010/11/18 12:13:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Extensions
[2012/01/12 10:56:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions
[2011/07/23 14:11:54 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/15 20:01:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/12 16:09:55 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/12/15 20:01:15 | 000,000,000 | -H-D | M] (Google Shortcuts) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2011/12/15 20:01:15 | 000,000,000 | -H-D | M] (googlebar) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2011/11/23 14:56:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\oo0bgunj.default\extensions
[2011/07/23 15:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/23 15:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/23 15:46:40 | 000,000,000 | -H-D | M] (Window Shopper - Powered by Superfish) -- C:\PROGRAMDATAMOZILLA\EXTENSIONS\SUPERFISH@SUPERFISH.COM
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/23 15:32:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111229013108.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229013108.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [uiuKBUNRte.exe] C:\ProgramData\uiuKBUNRte.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.161.252.91 10.161.252.92 10.161.252.95 10.161.252.96
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B0E6E9D-80FA-4F82-B63C-968C73A67064}: DhcpNameServer = 10.161.252.91 10.161.252.92 10.161.252.95 10.161.252.96
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1068C312-0372-4CA3-B7CF-8F5D2706CEAB}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.members.c...r/Images/bg.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 12:02:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/01/09 19:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/03 00:29:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/01/03 00:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/01/01 14:09:23 | 000,000,000 | -HSD | C] -- C:\Users\Bradley\UserData
[2011/12/15 19:56:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 12:06:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 12:05:01 | 000,000,916 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/12 12:03:05 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/12 12:02:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/01/12 11:35:01 | 000,000,936 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/12 11:10:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 11:05:01 | 000,000,864 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/12 10:58:46 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/12 10:58:46 | 000,624,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 10:58:46 | 000,106,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 10:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 23:35:01 | 000,000,914 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/09 19:15:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 19:15:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 19:09:29 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/01/09 19:05:36 | 376,831,999 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 14:23:34 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/03 11:54:00 | 000,001,352 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/03 11:54:00 | 000,001,352 | -HS- | M] () -- C:\ProgramData\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/01 15:49:32 | 000,008,078 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\qdc6io7rx11746o6u722u7
[2012/01/01 15:49:32 | 000,008,078 | -HS- | M] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
[2012/01/01 14:04:55 | 000,001,976 | -H-- | M] () -- C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/01/01 14:04:19 | 000,001,232 | -H-- | M] () -- C:\Users\Bradley\Desktop\Notepad.lnk
[2011/12/15 03:20:18 | 000,271,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/09 19:09:29 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/01/03 11:53:46 | 000,001,352 | -HS- | C] () -- C:\Users\Bradley\AppData\Local\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/03 11:53:46 | 000,001,352 | -HS- | C] () -- C:\ProgramData\467ikm37d547as18m6dfm8m356440i80f6450
[2012/01/03 00:29:34 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/03 00:29:32 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/01 15:47:52 | 000,008,078 | -HS- | C] () -- C:\Users\Bradley\AppData\Local\qdc6io7rx11746o6u722u7
[2012/01/01 15:47:52 | 000,008,078 | -HS- | C] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
[2011/11/23 15:22:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 15:22:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 15:22:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 15:22:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 15:22:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 12:31:12 | 000,001,213 | -H-- | C] () -- C:\Users\Bradley\AppData\Roaming\ahst.lni
[2011/10/04 14:32:49 | 000,003,584 | -H-- | C] () -- C:\Users\Bradley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 23:09:03 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/11/29 15:07:30 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/18 13:21:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/13 06:39:53 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/13 06:39:53 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/13 06:39:53 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/13 06:39:53 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/13 06:39:51 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/13 05:32:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/23 20:15:54 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\799A8
[2011/11/23 15:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\A1ivD3onFaHsJdL
[2011/06/09 18:52:10 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\acccore
[2011/11/23 18:18:40 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\aF4pmG5sQ6E8R
[2011/11/23 12:31:04 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\alllOOBtzP0yA1v
[2011/11/23 12:31:11 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\BlllIBBrzPNyA1v
[2011/11/23 12:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\d22oobF33pG5aJ6
[2011/08/31 23:15:08 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Eclipse
[2011/11/23 18:18:40 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\FjUVelIBtPyAuDo
[2011/11/23 14:31:27 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\HZqjYCwkIrNx0c1
[2011/11/23 15:04:09 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\J3pmG5aQJ
[2011/11/23 20:15:55 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\jNyxA0uvSiFpG
[2011/11/23 14:59:44 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\OIVrlONtx0c1b3n
[2011/05/24 16:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\PCDr
[2011/11/23 15:04:17 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\pEL8gRZqhXkVlBz
[2011/10/04 14:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Research In Motion
[2011/11/23 15:04:02 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\RlOBtxP0ySioFaH
[2011/11/23 12:31:03 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\S000uccS1ib3o
[2012/01/09 19:04:51 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\SoftGrid Client
[2011/11/23 14:59:45 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\t4amH6sWJfLgZhC
[2010/11/29 15:08:07 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\TP
[2011/11/23 18:21:19 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\uS2obF3pm5Q6W8R
[2011/11/23 15:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\uwkUVrlOBx0c
[2011/11/23 15:04:11 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\VZqjYCwkIrOt
[2011/11/23 18:21:19 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\WCelIBrzPyAu
[2011/11/23 14:31:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\xbD3pnG4aHsKfLg
[2011/11/23 15:04:18 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Y0ycA1ivDoFpH
[2011/12/08 18:51:28 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\zgggTZZqhYCwU
[2012/01/09 23:35:01 | 000,000,914 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/12 11:35:01 | 000,000,936 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/03 14:23:34 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/17 20:02:57 | 000,030,766 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/12 12:03:05 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, bradlets24! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

I am currently reviewing your log and will return with the first step to clean your computer later today.

CompCav
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, bradlets24! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

I am currently reviewing your log and will return with the first step to clean your computer later today.

CompCav
  • 0

#4
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for the reply, I look forward to receiving your response.
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
TeaTimer can sometimes prevent OTL from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 3.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :processes
    killallprocesses
    
    :OTL
    PRC - [2011/10/25 06:59:16 | 000,244,960 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    SRV - [2011/10/25 06:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z127&form=ZGAADF&install_date=20111213&q="
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    [2011/12/12 16:09:55 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    [2011/07/23 15:47:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
    O2 - BHO: (no name) - {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll ()
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKCU..\Run: [uiuKBUNRte.exe] C:\ProgramData\uiuKBUNRte.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2012/01/03 11:54:00 | 000,001,352 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\467ikm37d547as18m6dfm8m356440i80f6450
    [2012/01/03 11:54:00 | 000,001,352 | -HS- | M] () -- C:\ProgramData\467ikm37d547as18m6dfm8m356440i80f6450
    [2012/01/01 15:49:32 | 000,008,078 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\qdc6io7rx11746o6u722u7
    [2012/01/01 15:49:32 | 000,008,078 | -HS- | M] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
    [2011/11/23 20:15:54 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\799A8
    [2011/11/23 15:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\A1ivD3onFaHsJdL
    [2011/11/23 18:18:40 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\aF4pmG5sQ6E8R
    [2011/11/23 12:31:04 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\alllOOBtzP0yA1v
    [2011/11/23 12:31:11 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\BlllIBBrzPNyA1v
    [2011/11/23 12:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\d22oobF33pG5aJ6
    [2011/11/23 18:18:40 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\FjUVelIBtPyAuDo
    [2011/11/23 14:31:27 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\HZqjYCwkIrNx0c1
    [2011/11/23 15:04:09 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\J3pmG5aQJ
    [2011/11/23 20:15:55 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\jNyxA0uvSiFpG
    [2011/11/23 14:59:44 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\OIVrlONtx0c1b3n
    [2011/11/23 15:04:17 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\pEL8gRZqhXkVlBz
    [2011/10/04 14:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Research In Motion
    [2011/11/23 15:04:02 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\RlOBtxP0ySioFaH
    [2011/11/23 12:31:03 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\S000uccS1ib3o
    [2011/11/23 14:59:45 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\t4amH6sWJfLgZhC
    [2011/11/23 18:21:19 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\uS2obF3pm5Q6W8R
    [2011/11/23 15:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\uwkUVrlOBx0c
    [2011/11/23 15:04:11 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\VZqjYCwkIrOt
    [2011/11/23 18:21:19 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\WCelIBrzPyAu
    [2011/11/23 14:31:26 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\xbD3pnG4aHsKfLg
    [2011/11/23 15:04:18 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\Y0ycA1ivDoFpH
    [2011/12/08 18:51:28 | 000,000,000 | -H-D | M] -- C:\Users\Bradley\AppData\Roaming\zgggTZZqhYCwU
    
    
    
    
    :files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    
    
    
    
    
    :Commands
    [purity]
    [resethosts]
    [emptyflash]
    [emptyjava]
    [createrestorepoint]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Step 4.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 5.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 6.

Re-run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 7.

Please Post:

both RkReport.txt files
OTL fix log
aswMBR log
TDSSKiller log
OTL.txt
Extras.txt



How is your computer doing?
  • 0

#6
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

First off, I couldn't disable TeaTimer because I could not find it. I dont have a program called Spybot Search & Destroy installed.

Second, I was able to run RogueKiller and OTL again and here are the logs.

Third, when I try to run aswMBR.exe my computer just sits there and does nothing. I tried running as an administrator and still nothing.

Also, your link for TDSSKiller.exe sends me to a page to purchase Kaspersky products so I had to find the download else where. But also my computer does nothing when I try to run it as well.

My computer seems better but everything is still gone from my start menu and I am still getting redirected.

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Bradley [Admin rights]
Mode: Remove -- Date : 01/13/2012 12:43:15

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] FreemakeUtilsService.exe -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 14 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : uiuKBUNRte.exe (C:\ProgramData\uiuKBUNRte.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : winupd (C:\Users\Bradley\AppData\Local\Temp:winupd.exe) -> DELETED
[SUSP PATH] At1.job : C:\Users\Bradley\AppData\Roaming\firefox.exe -> DELETED
[SUSP PATH] winupd.job : C:\Users\Bradley\AppData\Local\Temp:winupd.exe -> DELETED
[SUSP PATH] Dell Dock.lnk : C:\Users\Bradley\AppData\Local\Temp\DellDock.exe -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\Bradley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg)
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 979705b77092b10a27a5231dd6d6d32e
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 106 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 208845 | Size: 15728 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 30928845 | Size: 624298 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 73e84789ae923f18d554e55a16622853
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 106 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 208845 | Size: 15728 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 30928845 | Size: 624298 Mo
3 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 1250261680 | Size: 1 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 73e84789ae923f18d554e55a16622853
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 106 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 208845 | Size: 15728 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 30928845 | Size: 624298 Mo
3 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 1250261680 | Size: 1 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt




RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Bradley [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/13/2012 12:44:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 70 / Fail 0
Quick launch: Success 14 / Fail 0
Programs: Success 7035 / Fail 0
Start menu: Success 32 / Fail 0
User folder: Success 13138 / Fail 0
My documents: Success 231 / Fail 0
My favorites: Success 101 / Fail 0
My pictures: Success 1363 / Fail 0
My music: Success 5068 / Fail 0
My videos: Success 8 / Fail 0
Local drives: Success 6378 / Fail 0
Backup: [FOUND] Success 133 / Fail 2

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




========== PROCESSES ==========
All processes killed
========== OTL ==========
Process ToolbarUpdaterService.exe killed successfully!
Service Updater Service for StartNow Toolbar stopped successfully!
Service Updater Service for StartNow Toolbar deleted successfully!
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: "http://www.bing.com/...te=20111213&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults\preferences folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C90DBB52-46E0-4E65-92BC-799ADEE54C86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90DBB52-46E0-4E65-92BC-799ADEE54C86}\ deleted successfully.
C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uiuKBUNRte.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Bradley\AppData\Local\467ikm37d547as18m6dfm8m356440i80f6450 moved successfully.
C:\ProgramData\467ikm37d547as18m6dfm8m356440i80f6450 moved successfully.
C:\Users\Bradley\AppData\Local\qdc6io7rx11746o6u722u7 moved successfully.
C:\ProgramData\qdc6io7rx11746o6u722u7 moved successfully.
C:\Users\Bradley\AppData\Roaming\799A8 folder moved successfully.
C:\Users\Bradley\AppData\Roaming\A1ivD3onFaHsJdL folder moved successfully.
C:\Users\Bradley\AppData\Roaming\aF4pmG5sQ6E8R folder moved successfully.
C:\Users\Bradley\AppData\Roaming\alllOOBtzP0yA1v folder moved successfully.
C:\Users\Bradley\AppData\Roaming\BlllIBBrzPNyA1v folder moved successfully.
C:\Users\Bradley\AppData\Roaming\d22oobF33pG5aJ6 folder moved successfully.
C:\Users\Bradley\AppData\Roaming\FjUVelIBtPyAuDo folder moved successfully.
C:\Users\Bradley\AppData\Roaming\HZqjYCwkIrNx0c1 folder moved successfully.
C:\Users\Bradley\AppData\Roaming\J3pmG5aQJ folder moved successfully.
C:\Users\Bradley\AppData\Roaming\jNyxA0uvSiFpG folder moved successfully.
C:\Users\Bradley\AppData\Roaming\OIVrlONtx0c1b3n folder moved successfully.
C:\Users\Bradley\AppData\Roaming\pEL8gRZqhXkVlBz folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry Media Sync folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry Desktop\Devices\22A45524 folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry Desktop\Devices folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry Desktop\DeviceData folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry Desktop folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Loader XML folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Loader History folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Loader Cache\2ca3ce68012f426d5de2745f161d5771fc27654f\UMTS folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Loader Cache\2ca3ce68012f426d5de2745f161d5771fc27654f\Java folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Loader Cache\2ca3ce68012f426d5de2745f161d5771fc27654f folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Loader Cache folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Intellisync\22A45524 folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\Intellisync folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\AddinSync\22a45524 folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry\AddinSync folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion\BlackBerry folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Research In Motion folder moved successfully.
C:\Users\Bradley\AppData\Roaming\RlOBtxP0ySioFaH folder moved successfully.
C:\Users\Bradley\AppData\Roaming\S000uccS1ib3o folder moved successfully.
C:\Users\Bradley\AppData\Roaming\t4amH6sWJfLgZhC folder moved successfully.
C:\Users\Bradley\AppData\Roaming\uS2obF3pm5Q6W8R folder moved successfully.
C:\Users\Bradley\AppData\Roaming\uwkUVrlOBx0c folder moved successfully.
C:\Users\Bradley\AppData\Roaming\VZqjYCwkIrOt folder moved successfully.
C:\Users\Bradley\AppData\Roaming\WCelIBrzPyAu folder moved successfully.
C:\Users\Bradley\AppData\Roaming\xbD3pnG4aHsKfLg folder moved successfully.
C:\Users\Bradley\AppData\Roaming\Y0ycA1ivDoFpH folder moved successfully.
C:\Users\Bradley\AppData\Roaming\zgggTZZqhYCwU folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bradley\Desktop\cmd.bat deleted successfully.
C:\Users\Bradley\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bradley\Desktop\cmd.bat deleted successfully.
C:\Users\Bradley\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bradley\Desktop\cmd.bat deleted successfully.
C:\Users\Bradley\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bradley\Desktop\cmd.bat deleted successfully.
C:\Users\Bradley\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bradley\Desktop\cmd.bat deleted successfully.
C:\Users\Bradley\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Bradley
->Flash cache emptied: 161169 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Bradley
->Java cache emptied: 3238827 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 3.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01132012_124947

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by bradleys24, 13 January 2012 - 03:50 PM.

  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please read the following two or three times to ensure that you get it right

Step 1.

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)


Create a bootable CD, 1 for Gparted from the ISO image. You can use ImgBurn do this.

Once it is completed please label it Bootable Gparted.


Step 2.

We need one of the following:

If you have already made a Windows 7 Recovery Environment CD, please get it ready for use.


If you have not made one, please follow these directions to make one:

Click Start > All Programs > Maintenance > Create a System Repair Disc

Insert a CD/DVD into the drive and press Create disc
Posted Image
Once it completes remove it and label it Windows 7 64bit System Repair Disk.


Step 3.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image

According to your logs, the partition that you want to delete is the smallest 1 MiB
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Step 4.

Now try to reboot into Windows Normally. If the computer does then go on to step 5.

If it does not then follow these steps:

Now reboot from the Windows 7 Recovery Environment CD:

The first screen may ask you to select a reovery wizard or System Recovery Options. Select System Recovery Options and click Next

Select US keyboard and click Next

Then this comes up:
Posted Image
Select Use recovery tools and click Next

Then this screen appears:
Posted Image

Select Command Prompt

Type in each line below individually and press Enter (Please note there is a single space between bootrec and /

bootrec /FixMbr
bootrec /FixBoot
exit



Step 5.

Once back in Windows.

Download MBRCheck.exe to your desktop.

  • Be sure to disable your security programs
  • Double click on the file to run it (Confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Post that file.


Step 6.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.



How is the computer performing?
  • 0

#8
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I followed the instructions but now it keeps saying "BOOTMGR is missing" and I cant boot into Windows. I tried all of the steps and also tried the Startup Repair with no luck.
  • 0

#9
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Finally was able to boot. Everything is still gone from my start menu and and I am still getting redirected.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Basic Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N7010
Logical Drives Mask: 0x0101000c

Kernel Drivers (total 154):
0x03205000 \SystemRoot\system32\ntoskrnl.exe
0x037D9000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C83000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CC7000 \SystemRoot\system32\PSHED.dll
0x00CDB000 \SystemRoot\system32\CLFS.SYS
0x00D39000 \SystemRoot\system32\CI.dll
0x00EB2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F56000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F65000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FBC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x0104A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01254000 \SystemRoot\system32\drivers\amdxata.sys
0x0125F000 \SystemRoot\system32\drivers\fltmgr.sys
0x012AB000 \SystemRoot\system32\drivers\fileinfo.sys
0x012BF000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01442000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012CC000 \SystemRoot\System32\Drivers\msrpc.sys
0x015E4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0132A000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01666000 \SystemRoot\system32\drivers\ndis.sys
0x01758000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\System32\Drivers\spldr.sys
0x0139D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01654000 \SystemRoot\System32\Drivers\mup.sys
0x017E3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0141B000 \SystemRoot\system32\DRIVERS\disk.sys
0x00FCF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03E37000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03E61000 \SystemRoot\System32\Drivers\Null.SYS
0x03E6A000 \SystemRoot\System32\Drivers\Beep.SYS
0x03E71000 \SystemRoot\System32\drivers\vga.sys
0x03E7F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03EA4000 \SystemRoot\System32\drivers\watchdog.sys
0x03EB4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03EBD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03EC6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03ECF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03EDA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A00000 \SystemRoot\System32\drivers\tcpip.sys
0x03EEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03F35000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03F53000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03F60000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040A2000 \SystemRoot\system32\drivers\afd.sys
0x0412B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04134000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0415A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04170000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0417F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0419A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x041AE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04000000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0400C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04017000 \SystemRoot\System32\drivers\discache.sys
0x04026000 \SystemRoot\System32\Drivers\dfsc.sys
0x04044000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04055000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04609000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04275000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04369000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043AF000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x043C0000 \SystemRoot\system32\drivers\usbehci.sys
0x04200000 \SystemRoot\system32\drivers\USBPORT.SYS
0x043D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05440000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0572F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0573C000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x05751000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0576F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0577E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x057D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x057D3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x057E2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05400000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05427000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x057EF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x057F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04256000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04266000 \SystemRoot\System32\Drivers\RootMdm.sys
0x04FE2000 \SystemRoot\system32\drivers\modem.sys
0x0407B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FA5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04FF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03FC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x013D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00C5C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043F5000 \SystemRoot\system32\DRIVERS\bcmvwl64.sys
0x04600000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x057FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0509F000 \SystemRoot\system32\DRIVERS\ks.sys
0x050E2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x050F4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0514E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x062BE000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x064FA000 \SystemRoot\system32\drivers\portcls.sys
0x06537000 \SystemRoot\system32\drivers\drmk.sys
0x06559000 \SystemRoot\system32\drivers\ksthunk.sys
0x0655F000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x065A6000 \SystemRoot\system32\DRIVERS\udfs.sys
0x06200000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0621D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0624B000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x06276000 \SystemRoot\System32\drivers\Dxapi.sys
0x06282000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x00750000 \SystemRoot\System32\cdd.dll
0x06290000 \SystemRoot\system32\drivers\luafv.sys
0x062B3000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x05163000 \SystemRoot\system32\drivers\WudfPf.sys
0x05184000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C1A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05192000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x051A5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05000000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05053000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05066000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0507E000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x0269B000 \SystemRoot\system32\drivers\HTTP.sys
0x02763000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02790000 \SystemRoot\system32\DRIVERS\bowser.sys
0x027AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0264E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03611000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03678000 \SystemRoot\System32\DRIVERS\srv.sys
0x0370D000 \SystemRoot\system32\drivers\peauth.sys
0x037B3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04401000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x044C2000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x0450F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04521000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x0452C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77870000 \Windows\System32\ntdll.dll
0x47FC0000 \Windows\System32\smss.exe
0xFFB90000 \Windows\System32\apisetschema.dll
0xFF850000 \Windows\System32\autochk.exe
0x77A40000 \Windows\System32\normaliz.dll

Processes (total 71):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
444 csrss.exe
504 C:\Windows\System32\wininit.exe
528 csrss.exe
564 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
704 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\audiodg.exe
1012 C:\Windows\System32\winlogon.exe
420 C:\Windows\System32\svchost.exe
796 C:\Program Files\Dell\DellDock\DockLogin.exe
1028 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\wlanext.exe
1216 C:\Windows\System32\conhost.exe
1352 C:\Windows\System32\spoolsv.exe
1504 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1532 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1556 C:\Program Files\Bonjour\mDNSResponder.exe
1580 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\svchost.exe
1652 C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
1796 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1828 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2060 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2088 C:\Windows\System32\svchost.exe
2132 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2240 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2408 C:\Windows\System32\taskhost.exe
2488 C:\Windows\System32\dwm.exe
2528 C:\Windows\explorer.exe
2592 C:\Windows\System32\taskeng.exe
2664 C:\Windows\System32\taskeng.exe
2696 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2984 WmiPrvSE.exe
2120 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
1744 C:\Windows\System32\vds.exe
3156 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3188 WmiPrvSE.exe
3404 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3564 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3572 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3580 C:\Windows\System32\igfxtray.exe
3588 C:\Windows\System32\hkcmd.exe
3604 C:\Windows\System32\igfxpers.exe
3620 C:\Program Files\Windows Sidebar\sidebar.exe
3924 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3980 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3988 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
4008 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
4016 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4028 C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
4076 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3140 C:\Program Files\iPod\bin\iPodService.exe
3116 C:\Windows\System32\SearchIndexer.exe
2788 C:\Program Files\Windows Media Player\wmpnetwk.exe
4172 C:\Windows\System32\SearchProtocolHost.exe
4192 C:\Windows\System32\SearchFilterHost.exe
4348 C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe
3932 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4848 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3500 dllhost.exe
1776 dllhost.exe
2424 C:\Users\Bradley\Desktop\MBRCheck.exe
4668 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afdf9a00 (NTFS)
\\.\Q: --> error 5
\\.\Y: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)

PhysicalDrive0 Model Number: ST9640320AS, Rev: 0001DEM1

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!





RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Bradley [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/13/2012 15:05:45

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] FreemakeUtilsService.exe -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 13 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 126 / Fail 0
Backup: [FOUND] Success 2 / Fail 133

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored
[Y:] \device\harddisk0\partition2 -- 0x3 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#10
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The 2 programs from earlier now run so here is one report, will post the other one when its done.

15:11:03.0176 4148 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
15:11:03.0731 4148 ============================================================
15:11:03.0731 4148 Current date / time: 2012/01/13 15:11:03.0731
15:11:03.0731 4148 SystemInfo:
15:11:03.0731 4148
15:11:03.0731 4148 OS Version: 6.1.7600 ServicePack: 0.0
15:11:03.0731 4148 Product type: Workstation
15:11:03.0731 4148 ComputerName: BRADLEY-PC
15:11:03.0731 4148 UserName: Bradley
15:11:03.0732 4148 Windows directory: C:\Windows
15:11:03.0732 4148 System windows directory: C:\Windows
15:11:03.0732 4148 Running under WOW64
15:11:03.0732 4148 Processor architecture: Intel x64
15:11:03.0732 4148 Number of processors: 4
15:11:03.0732 4148 Page size: 0x1000
15:11:03.0732 4148 Boot type: Normal boot
15:11:03.0732 4148 ============================================================
15:11:04.0456 4148 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000, SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
15:11:04.0543 4148 Initialize success
15:11:35.0417 3704 ============================================================
15:11:35.0417 3704 Scan started
15:11:35.0417 3704 Mode: Manual; SigCheck; TDLFS;
15:11:35.0417 3704 ============================================================
15:11:36.0072 3704 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
15:11:36.0162 3704 1394ohci - ok
15:11:36.0354 3704 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
15:11:36.0398 3704 ACPI - ok
15:11:36.0597 3704 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:11:36.0631 3704 AcpiPmi - ok
15:11:36.0835 3704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:11:36.0880 3704 adp94xx - ok
15:11:37.0064 3704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:11:37.0206 3704 adpahci - ok
15:11:37.0394 3704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:11:37.0418 3704 adpu320 - ok
15:11:37.0634 3704 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:11:37.0683 3704 AFD - ok
15:11:37.0876 3704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:11:37.0894 3704 agp440 - ok
15:11:38.0077 3704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:11:38.0097 3704 aliide - ok
15:11:38.0235 3704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:11:38.0251 3704 amdide - ok
15:11:38.0414 3704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:11:38.0439 3704 AmdK8 - ok
15:11:38.0597 3704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:11:38.0637 3704 AmdPPM - ok
15:11:38.0813 3704 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:11:38.0832 3704 amdsata - ok
15:11:39.0034 3704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:11:39.0056 3704 amdsbs - ok
15:11:39.0236 3704 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:11:39.0251 3704 amdxata - ok
15:11:39.0460 3704 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:11:39.0503 3704 AppID - ok
15:11:39.0769 3704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:11:39.0793 3704 arc - ok
15:11:39.0977 3704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:11:39.0996 3704 arcsas - ok
15:11:40.0163 3704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:11:40.0260 3704 AsyncMac - ok
15:11:40.0429 3704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:11:40.0451 3704 atapi - ok
15:11:40.0719 3704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:11:40.0762 3704 b06bdrv - ok
15:11:40.0975 3704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:11:41.0002 3704 b57nd60a - ok
15:11:41.0401 3704 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:11:41.0484 3704 BCM43XX - ok
15:11:41.0724 3704 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
15:11:41.0734 3704 BcmVWL - ok
15:11:41.0917 3704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:11:42.0013 3704 Beep - ok
15:11:42.0217 3704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:11:42.0242 3704 blbdrive - ok
15:11:42.0427 3704 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:11:42.0463 3704 bowser - ok
15:11:42.0656 3704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:11:42.0697 3704 BrFiltLo - ok
15:11:42.0838 3704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:11:42.0866 3704 BrFiltUp - ok
15:11:43.0081 3704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:11:43.0119 3704 Brserid - ok
15:11:43.0298 3704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:11:43.0332 3704 BrSerWdm - ok
15:11:43.0481 3704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:11:43.0511 3704 BrUsbMdm - ok
15:11:43.0645 3704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:11:43.0697 3704 BrUsbSer - ok
15:11:43.0848 3704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:11:43.0877 3704 BTHMODEM - ok
15:11:43.0982 3704 catchme - ok
15:11:44.0148 3704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:11:44.0230 3704 cdfs - ok
15:11:44.0388 3704 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:11:44.0429 3704 cdrom - ok
15:11:44.0660 3704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:11:44.0712 3704 circlass - ok
15:11:44.0897 3704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:11:44.0926 3704 CLFS - ok
15:11:45.0173 3704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:45.0214 3704 CmBatt - ok
15:11:45.0369 3704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:11:45.0386 3704 cmdide - ok
15:11:45.0653 3704 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:11:45.0703 3704 CNG - ok
15:11:45.0898 3704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:11:45.0913 3704 Compbatt - ok
15:11:46.0075 3704 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:11:46.0111 3704 CompositeBus - ok
15:11:46.0276 3704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:11:46.0300 3704 crcdisk - ok
15:11:46.0501 3704 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:11:46.0542 3704 CtClsFlt - ok
15:11:46.0826 3704 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:11:46.0852 3704 DfsC - ok
15:11:47.0059 3704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:11:47.0134 3704 discache - ok
15:11:47.0345 3704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:11:47.0364 3704 Disk - ok
15:11:47.0586 3704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:11:47.0629 3704 drmkaud - ok
15:11:47.0837 3704 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
15:11:47.0883 3704 DXGKrnl - ok
15:11:48.0337 3704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:11:48.0483 3704 ebdrv - ok
15:11:48.0680 3704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:11:48.0735 3704 elxstor - ok
15:11:48.0902 3704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:11:48.0936 3704 ErrDev - ok
15:11:49.0113 3704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:11:49.0208 3704 exfat - ok
15:11:49.0368 3704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:11:49.0444 3704 fastfat - ok
15:11:49.0656 3704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:11:49.0684 3704 fdc - ok
15:11:49.0883 3704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:11:49.0902 3704 FileInfo - ok
15:11:50.0072 3704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:11:50.0161 3704 Filetrace - ok
15:11:50.0340 3704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:50.0362 3704 flpydisk - ok
15:11:50.0482 3704 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:11:50.0508 3704 FltMgr - ok
15:11:50.0782 3704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:11:50.0800 3704 FsDepends - ok
15:11:50.0918 3704 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:11:50.0933 3704 Fs_Rec - ok
15:11:51.0069 3704 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:11:51.0095 3704 fvevol - ok
15:11:51.0264 3704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:11:51.0282 3704 gagp30kx - ok
15:11:51.0486 3704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:11:51.0496 3704 GEARAspiWDM - ok
15:11:51.0733 3704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:11:51.0772 3704 hcw85cir - ok
15:11:51.0988 3704 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:11:52.0040 3704 HDAudBus - ok
15:11:52.0242 3704 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:11:52.0255 3704 HECIx64 - ok
15:11:52.0395 3704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:11:52.0415 3704 HidBatt - ok
15:11:52.0567 3704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:11:52.0627 3704 HidBth - ok
15:11:52.0782 3704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:11:52.0831 3704 HidIr - ok
15:11:53.0063 3704 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:11:53.0091 3704 HidUsb - ok
15:11:53.0316 3704 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:11:53.0338 3704 HpSAMD - ok
15:11:53.0475 3704 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:11:53.0585 3704 HTTP - ok
15:11:53.0744 3704 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:11:53.0758 3704 hwpolicy - ok
15:11:53.0915 3704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:11:53.0936 3704 i8042prt - ok
15:11:54.0193 3704 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
15:11:54.0220 3704 iaStor - ok
15:11:54.0427 3704 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:11:54.0476 3704 iaStorV - ok
15:11:55.0550 3704 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:11:55.0848 3704 igfx - ok
15:11:56.0015 3704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:11:56.0040 3704 iirsp - ok
15:11:56.0213 3704 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:11:56.0233 3704 Impcd - ok
15:11:56.0623 3704 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
15:11:56.0693 3704 IntcAzAudAddService - ok
15:11:56.0975 3704 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:11:57.0014 3704 IntcDAud - ok
15:11:57.0178 3704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:11:57.0205 3704 intelide - ok
15:11:57.0319 3704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:11:57.0343 3704 intelppm - ok
15:11:57.0512 3704 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:57.0586 3704 IpFilterDriver - ok
15:11:57.0745 3704 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:11:57.0768 3704 IPMIDRV - ok
15:11:57.0942 3704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:11:58.0025 3704 IPNAT - ok
15:11:58.0249 3704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:11:58.0281 3704 IRENUM - ok
15:11:58.0428 3704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:11:58.0445 3704 isapnp - ok
15:11:58.0515 3704 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:11:58.0538 3704 iScsiPrt - ok
15:11:58.0612 3704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:58.0628 3704 kbdclass - ok
15:11:58.0769 3704 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:58.0811 3704 kbdhid - ok
15:11:58.0964 3704 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:11:58.0991 3704 KSecDD - ok
15:11:59.0149 3704 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:11:59.0172 3704 KSecPkg - ok
15:11:59.0367 3704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:11:59.0452 3704 ksthunk - ok
15:11:59.0655 3704 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:11:59.0668 3704 L1C - ok
15:11:59.0843 3704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:11:59.0916 3704 lltdio - ok
15:12:00.0118 3704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:12:00.0137 3704 LSI_FC - ok
15:12:00.0244 3704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:12:00.0266 3704 LSI_SAS - ok
15:12:00.0311 3704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:12:00.0331 3704 LSI_SAS2 - ok
15:12:00.0360 3704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:12:00.0378 3704 LSI_SCSI - ok
15:12:00.0421 3704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:12:00.0517 3704 luafv - ok
15:12:00.0705 3704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:12:00.0728 3704 megasas - ok
15:12:00.0803 3704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:12:00.0835 3704 MegaSR - ok
15:12:01.0075 3704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:12:01.0136 3704 Modem - ok
15:12:01.0266 3704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:12:01.0305 3704 monitor - ok
15:12:01.0541 3704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:12:01.0557 3704 mouclass - ok
15:12:01.0728 3704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:12:01.0749 3704 mouhid - ok
15:12:02.0028 3704 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:12:02.0048 3704 mountmgr - ok
15:12:02.0111 3704 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:12:02.0132 3704 mpio - ok
15:12:02.0181 3704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:12:02.0274 3704 mpsdrv - ok
15:12:02.0442 3704 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:12:02.0475 3704 MRxDAV - ok
15:12:02.0603 3704 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:12:02.0625 3704 mrxsmb - ok
15:12:02.0780 3704 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:12:02.0808 3704 mrxsmb10 - ok
15:12:02.0984 3704 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:12:03.0015 3704 mrxsmb20 - ok
15:12:03.0108 3704 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
15:12:03.0132 3704 msahci - ok
15:12:03.0199 3704 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:12:03.0219 3704 msdsm - ok
15:12:03.0366 3704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:12:03.0448 3704 Msfs - ok
15:12:03.0623 3704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:12:03.0702 3704 mshidkmdf - ok
15:12:03.0893 3704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:12:03.0907 3704 msisadrv - ok
15:12:04.0091 3704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:12:04.0162 3704 MSKSSRV - ok
15:12:04.0315 3704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:12:04.0403 3704 MSPCLOCK - ok
15:12:04.0574 3704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:12:04.0645 3704 MSPQM - ok
15:12:04.0836 3704 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:12:04.0864 3704 MsRPC - ok
15:12:05.0031 3704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:12:05.0046 3704 mssmbios - ok
15:12:05.0272 3704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:12:05.0365 3704 MSTEE - ok
15:12:05.0508 3704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:12:05.0547 3704 MTConfig - ok
15:12:05.0666 3704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:12:05.0681 3704 Mup - ok
15:12:05.0894 3704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:12:05.0949 3704 NativeWifiP - ok
15:12:06.0229 3704 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:12:06.0273 3704 NDIS - ok
15:12:06.0435 3704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:12:06.0512 3704 NdisCap - ok
15:12:06.0702 3704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:12:06.0777 3704 NdisTapi - ok
15:12:07.0003 3704 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:12:07.0079 3704 Ndisuio - ok
15:12:07.0336 3704 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:12:07.0430 3704 NdisWan - ok
15:12:07.0675 3704 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:12:07.0756 3704 NDProxy - ok
15:12:07.0981 3704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:12:08.0072 3704 NetBIOS - ok
15:12:08.0219 3704 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:12:08.0293 3704 NetBT - ok
15:12:08.0455 3704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:12:08.0479 3704 nfrd960 - ok
15:12:08.0579 3704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:12:08.0650 3704 Npfs - ok
15:12:08.0812 3704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:12:08.0889 3704 nsiproxy - ok
15:12:09.0224 3704 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:12:09.0328 3704 Ntfs - ok
15:12:09.0510 3704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:12:09.0588 3704 Null - ok
15:12:09.0759 3704 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:12:09.0779 3704 nvraid - ok
15:12:09.0887 3704 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:12:09.0907 3704 nvstor - ok
15:12:10.0059 3704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:12:10.0085 3704 nv_agp - ok
15:12:10.0258 3704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:12:10.0279 3704 ohci1394 - ok
15:12:10.0497 3704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:12:10.0518 3704 Parport - ok
15:12:10.0558 3704 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:12:10.0577 3704 partmgr - ok
15:12:10.0736 3704 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
15:12:10.0755 3704 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
15:12:10.0977 3704 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:12:11.0004 3704 pci - ok
15:12:11.0157 3704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:12:11.0176 3704 pciide - ok
15:12:11.0338 3704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:12:11.0361 3704 pcmcia - ok
15:12:11.0486 3704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:12:11.0502 3704 pcw - ok
15:12:11.0683 3704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:12:11.0778 3704 PEAUTH - ok
15:12:12.0017 3704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:12:12.0091 3704 PptpMiniport - ok
15:12:12.0237 3704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:12:12.0258 3704 Processor - ok
15:12:12.0424 3704 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:12:12.0511 3704 Psched - ok
15:12:12.0675 3704 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:12:12.0688 3704 PxHlpa64 - ok
15:12:12.0943 3704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:12:13.0044 3704 ql2300 - ok
15:12:13.0212 3704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:12:13.0231 3704 ql40xx - ok
15:12:13.0348 3704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:12:13.0394 3704 QWAVEdrv - ok
15:12:13.0539 3704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:12:13.0605 3704 RasAcd - ok
15:12:13.0803 3704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:12:13.0874 3704 RasAgileVpn - ok
15:12:14.0058 3704 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:12:14.0139 3704 Rasl2tp - ok
15:12:14.0307 3704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:12:14.0386 3704 RasPppoe - ok
15:12:14.0528 3704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:12:14.0640 3704 RasSstp - ok
15:12:14.0849 3704 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:12:14.0925 3704 rdbss - ok
15:12:15.0047 3704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:12:15.0082 3704 rdpbus - ok
15:12:15.0274 3704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:12:15.0346 3704 RDPCDD - ok
15:12:15.0535 3704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:12:15.0625 3704 RDPENCDD - ok
15:12:15.0802 3704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:12:15.0878 3704 RDPREFMP - ok
15:12:16.0069 3704 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:12:16.0142 3704 RDPWD - ok
15:12:16.0330 3704 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:12:16.0359 3704 rdyboost - ok
15:12:16.0560 3704 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:12:16.0584 3704 RimUsb - ok
15:12:16.0791 3704 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
15:12:16.0809 3704 RimVSerPort - ok
15:12:16.0875 3704 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
15:12:16.0947 3704 ROOTMODEM - ok
15:12:17.0101 3704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:12:17.0197 3704 rspndr - ok
15:12:17.0383 3704 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
15:12:17.0405 3704 RSUSBSTOR - ok
15:12:17.0546 3704 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:12:17.0570 3704 sbp2port - ok
15:12:17.0654 3704 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:12:17.0726 3704 scfilter - ok
15:12:17.0918 3704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:12:18.0003 3704 secdrv - ok
15:12:18.0187 3704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:12:18.0212 3704 Serenum - ok
15:12:18.0353 3704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:12:18.0398 3704 Serial - ok
15:12:18.0525 3704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:12:18.0562 3704 sermouse - ok
15:12:18.0707 3704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:12:18.0734 3704 sffdisk - ok
15:12:18.0867 3704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:12:18.0897 3704 sffp_mmc - ok
15:12:19.0026 3704 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:12:19.0049 3704 sffp_sd - ok
15:12:19.0216 3704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:12:19.0239 3704 sfloppy - ok
15:12:19.0520 3704 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:12:19.0555 3704 Sftfs - ok
15:12:19.0750 3704 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:12:19.0769 3704 Sftplay - ok
15:12:19.0923 3704 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:12:19.0934 3704 Sftredir - ok
15:12:20.0095 3704 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:12:20.0106 3704 Sftvol - ok
15:12:20.0264 3704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:12:20.0280 3704 SiSRaid2 - ok
15:12:20.0388 3704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:12:20.0406 3704 SiSRaid4 - ok
15:12:20.0564 3704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:12:20.0639 3704 Smb - ok
15:12:20.0833 3704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:12:20.0847 3704 spldr - ok
15:12:21.0045 3704 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:12:21.0093 3704 srv - ok
15:12:21.0307 3704 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:12:21.0367 3704 srv2 - ok
15:12:21.0530 3704 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:12:21.0562 3704 srvnet - ok
15:12:21.0717 3704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:12:21.0739 3704 stexstor - ok
15:12:21.0960 3704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:12:21.0974 3704 swenum - ok
15:12:22.0086 3704 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
15:12:22.0107 3704 SynTP - ok
15:12:22.0436 3704 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:12:22.0510 3704 Tcpip - ok
15:12:22.0842 3704 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:12:22.0906 3704 TCPIP6 - ok
15:12:23.0062 3704 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:12:23.0135 3704 tcpipreg - ok
15:12:23.0281 3704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:12:23.0368 3704 TDPIPE - ok
15:12:23.0406 3704 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:12:23.0442 3704 TDTCP - ok
15:12:23.0494 3704 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:12:23.0564 3704 tdx - ok
15:12:23.0769 3704 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:12:23.0786 3704 TermDD - ok
15:12:23.0933 3704 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:12:24.0010 3704 tssecsrv - ok
15:12:24.0188 3704 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:12:24.0283 3704 tunnel - ok
15:12:24.0455 3704 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
15:12:24.0468 3704 TurboB - ok
15:12:24.0609 3704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:12:24.0629 3704 uagp35 - ok
15:12:24.0773 3704 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
15:12:24.0799 3704 udfs - ok
15:12:24.0988 3704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:12:25.0004 3704 uliagpkx - ok
15:12:25.0168 3704 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:12:25.0221 3704 umbus - ok
15:12:25.0396 3704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:12:25.0422 3704 UmPass - ok
15:12:25.0649 3704 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:12:25.0687 3704 USBAAPL64 - ok
15:12:25.0871 3704 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
15:12:25.0908 3704 usbaudio - ok
15:12:26.0137 3704 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
15:12:26.0159 3704 usbccgp - ok
15:12:26.0285 3704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:12:26.0313 3704 usbcir - ok
15:12:26.0455 3704 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
15:12:26.0498 3704 usbehci - ok
15:12:26.0699 3704 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
15:12:26.0740 3704 usbhub - ok
15:12:26.0908 3704 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
15:12:26.0945 3704 usbohci - ok
15:12:27.0076 3704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:12:27.0104 3704 usbprint - ok
15:12:27.0249 3704 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:12:27.0279 3704 usbscan - ok
15:12:27.0388 3704 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:12:27.0412 3704 USBSTOR - ok
15:12:27.0631 3704 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
15:12:27.0655 3704 usbuhci - ok
15:12:27.0815 3704 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
15:12:27.0856 3704 usbvideo - ok
15:12:28.0032 3704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:12:28.0047 3704 vdrvroot - ok
15:12:28.0242 3704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:12:28.0272 3704 vga - ok
15:12:28.0470 3704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:12:28.0558 3704 VgaSave - ok
15:12:28.0736 3704 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:12:28.0760 3704 vhdmp - ok
15:12:28.0906 3704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:12:28.0926 3704 viaide - ok
15:12:28.0993 3704 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:12:29.0015 3704 volmgr - ok
15:12:29.0073 3704 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:12:29.0105 3704 volmgrx - ok
15:12:29.0289 3704 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:12:29.0350 3704 volsnap - ok
15:12:29.0504 3704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:12:29.0528 3704 vsmraid - ok
15:12:29.0657 3704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:12:29.0689 3704 vwifibus - ok
15:12:29.0734 3704 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:12:29.0767 3704 vwififlt - ok
15:12:29.0911 3704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:12:29.0941 3704 WacomPen - ok
15:12:30.0119 3704 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:30.0210 3704 WANARP - ok
15:12:30.0219 3704 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:30.0255 3704 Wanarpv6 - ok
15:12:30.0395 3704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:12:30.0411 3704 Wd - ok
15:12:30.0584 3704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:12:30.0654 3704 Wdf01000 - ok
15:12:30.0832 3704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:12:30.0905 3704 WfpLwf - ok
15:12:31.0117 3704 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:12:31.0137 3704 WimFltr - ok
15:12:31.0278 3704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:12:31.0295 3704 WIMMount - ok
15:12:31.0526 3704 winusb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.SYS
15:12:31.0556 3704 winusb - ok
15:12:31.0736 3704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:12:31.0771 3704 WmiAcpi - ok
15:12:31.0962 3704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:12:32.0047 3704 ws2ifsl - ok
15:12:32.0229 3704 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
15:12:32.0267 3704 WudfPf - ok
15:12:32.0486 3704 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:12:32.0530 3704 WUDFRd - ok
15:12:32.0596 3704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:12:32.0844 3704 \Device\Harddisk0\DR0 - ok
15:12:32.0899 3704 Boot (0x1200) (32191fab5f51222dbf317e32fa909990) \Device\Harddisk0\DR0\Partition0
15:12:32.0900 3704 \Device\Harddisk0\DR0\Partition0 - ok
15:12:32.0911 3704 Boot (0x1200) (7caed417cfed053e57ea71876d97ea3a) \Device\Harddisk0\DR0\Partition1
15:12:32.0912 3704 \Device\Harddisk0\DR0\Partition1 - ok
15:12:32.0913 3704 ============================================================
15:12:32.0913 3704 Scan finished
15:12:32.0913 3704 ============================================================
15:12:32.0930 4856 Detected object count: 0
15:12:32.0930 4856 Actual detected object count: 0
15:12:59.0286 3324 Deinitialize success
  • 0

Advertisements


#11
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the other log. No extra log was created.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-13 15:07:51
-----------------------------
15:07:51.901 OS Version: Windows x64 6.1.7600
15:07:51.902 Number of processors: 4 586 0x2505
15:07:51.903 ComputerName: BRADLEY-PC UserName: Bradley
15:07:56.322 Initialize success
15:08:41.033 AVAST engine defs: 12011301
15:08:44.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:08:44.160 Disk 0 Vendor: ST964032 0001 Size: 610480MB BusType: 3
15:08:44.172 Disk 0 MBR read successfully
15:08:44.177 Disk 0 MBR scan
15:08:44.182 Disk 0 Windows 7 default MBR code
15:08:44.187 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
15:08:44.197 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 208845
15:08:44.220 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595377 MB offset 30928845
15:08:44.228 Service scanning
15:08:46.046 Modules scanning
15:08:46.053 Disk 0 trace - called modules:
15:08:46.072 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:08:46.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800635d450]
15:08:46.089 3 CLASSPNP.SYS[fffff88000fd043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061ee050]
15:08:50.956 AVAST engine scan C:\Windows
15:09:12.113 AVAST engine scan C:\Windows\system32
15:11:06.178 AVAST engine scan C:\Windows\system32\drivers
15:11:18.408 AVAST engine scan C:\Users\Bradley
15:17:16.079 AVAST engine scan C:\ProgramData
15:18:52.354 Scan finished successfully
15:19:12.008 Disk 0 MBR has been saved successfully to "C:\Users\Bradley\Desktop\MBR.dat"
15:19:12.016 The log file has been saved successfully to "C:\Users\Bradley\Desktop\aswMBR.txt"




OTL logfile created on: 1/13/2012 03:20:37 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bradley\Desktop
64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 73.86% Memory free
11.60 Gb Paging File | 10.02 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 490.99 Gb Free Space | 84.45% Space Free | Partition Type: NTFS
Drive Y: | 14.65 Gb Total Space | 7.47 Gb Free Space | 50.98% Space Free | Partition Type: NTFS

Computer Name: BRADLEY-PC | User Name: Bradley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/13 12:46:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bradley\Desktop\OTL.exe
PRC - [2011/12/20 21:45:21 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/03 10:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/13 11:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 11:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/13 12:56:22 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/13 10:33:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/12/20 21:45:22 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/10/14 02:35:38 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/14 02:30:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 02:30:07 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/14 02:29:55 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:29:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/14 02:29:48 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/14 02:29:39 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/14 02:29:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 02:29:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 02:29:31 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 11:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/13 11:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 11:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 11:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 11:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 11:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 11:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 11:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 11:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/11/03 10:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/04 11:25:02 | 000,074,240 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/11/13 05:14:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/13 17:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/12 10:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 02:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/01 06:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 21:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/02/03 05:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 14:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111213
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.orangecounty.cox.net/"
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.7.1
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.05
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111213&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bradley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bradley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bradley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bradley\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bradley\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Bradley\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\ProgramDataMozilla\Extensions\superfish@superfish.com [2011/07/23 15:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 21:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 21:45:25 | 000,000,000 | ---D | M]

[2010/11/18 12:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Extensions
[2012/01/13 13:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions
[2011/07/23 14:11:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/15 20:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/15 20:01:15 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2011/12/15 20:01:15 | 000,000,000 | ---D | M] (googlebar) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2011/11/23 14:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\oo0bgunj.default\extensions
[2011/07/23 15:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/23 15:46:40 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\PROGRAMDATAMOZILLA\EXTENSIONS\SUPERFISH@SUPERFISH.COM
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/13 12:50:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000..\Run: [Facebook Update] C:\Users\Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1843237916-3423027124-1883977724-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.12 68.105.29.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B0E6E9D-80FA-4F82-B63C-968C73A67064}: DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.12 68.105.29.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1068C312-0372-4CA3-B7CF-8F5D2706CEAB}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.members.c...r/Images/bg.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | --S- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/13 15:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/13 13:51:38 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bradley\Desktop\tdsskiller.exe
[2012/01/13 13:51:22 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Bradley\Desktop\aswMBR.exe
[2012/01/13 12:57:00 | 000,000,000 | --SD | C] -- C:\Boot
[2012/01/13 12:49:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/13 12:46:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bradley\Desktop\OTL.exe
[2012/01/13 12:42:59 | 000,000,000 | ---D | C] -- C:\Users\Bradley\Desktop\RK_Quarantine
[2012/01/12 12:02:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/01/03 00:29:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/01/03 00:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/01/01 14:09:23 | 000,000,000 | --SD | C] -- C:\Users\Bradley\UserData
[2011/12/15 19:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/13 15:19:12 | 000,000,512 | ---- | M] () -- C:\Users\Bradley\Desktop\MBR.dat
[2012/01/13 15:09:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/13 15:09:04 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/13 15:06:49 | 000,744,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 15:06:49 | 000,637,488 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 15:06:49 | 000,111,346 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 15:06:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/13 15:05:00 | 000,000,916 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/13 15:03:40 | 000,080,384 | ---- | M] () -- C:\Users\Bradley\Desktop\MBRCheck.exe
[2012/01/13 15:01:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/13 15:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/13 15:01:14 | 376,848,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/13 13:51:41 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bradley\Desktop\tdsskiller.exe
[2012/01/13 13:51:26 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Bradley\Desktop\aswMBR.exe
[2012/01/13 12:52:41 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/13 12:50:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/01/13 12:46:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bradley\Desktop\OTL.exe
[2012/01/13 12:42:20 | 000,783,872 | ---- | M] () -- C:\Users\Bradley\Desktop\RogueKiller.exe
[2012/01/13 11:35:02 | 000,000,936 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/13 11:28:58 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 11:05:35 | 000,001,264 | ---- | M] () -- C:\Users\Bradley\Desktop\Notepad.lnk
[2012/01/13 11:05:04 | 000,000,864 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/13 03:10:12 | 000,000,914 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/12 12:02:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/01/03 14:23:34 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/15 03:20:18 | 000,271,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/13 15:19:12 | 000,000,512 | ---- | C] () -- C:\Users\Bradley\Desktop\MBR.dat
[2012/01/13 15:03:40 | 000,080,384 | ---- | C] () -- C:\Users\Bradley\Desktop\MBRCheck.exe
[2012/01/13 13:00:23 | 000,383,562 | R-S- | C] () -- C:\bootmgr
[2012/01/13 12:44:12 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2012/01/13 12:44:12 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/01/13 12:44:11 | 000,002,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2012/01/13 12:44:11 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/01/13 12:44:11 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/13 12:44:11 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/01/13 12:44:11 | 000,002,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/01/13 12:44:11 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/13 12:44:11 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/13 12:44:11 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/13 12:44:11 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/13 12:44:11 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/13 12:44:11 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/13 12:44:11 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/13 12:44:11 | 000,001,140 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2012/01/13 12:44:11 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2012/01/13 12:44:11 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/13 12:44:10 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012/01/13 12:44:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/13 12:44:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/13 12:44:09 | 000,001,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/01/13 12:44:09 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
[2012/01/13 12:42:19 | 000,783,872 | ---- | C] () -- C:\Users\Bradley\Desktop\RogueKiller.exe
[2012/01/13 11:28:58 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 00:29:34 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/03 00:29:32 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/23 15:22:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/23 15:22:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/23 15:22:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/23 15:22:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/23 15:22:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 12:31:12 | 000,001,213 | ---- | C] () -- C:\Users\Bradley\AppData\Roaming\ahst.lni
[2011/10/04 14:32:49 | 000,003,584 | -H-- | C] () -- C:\Users\Bradley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 23:09:03 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/11/29 15:07:30 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/18 13:21:18 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/13 06:39:53 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/13 06:39:53 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/13 06:39:53 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/13 06:39:53 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/13 06:39:51 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/13 05:32:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/09 18:52:10 | 000,000,000 | ---D | M] -- C:\Users\Bradley\AppData\Roaming\acccore
[2011/08/31 23:15:08 | 000,000,000 | ---D | M] -- C:\Users\Bradley\AppData\Roaming\Eclipse
[2011/05/24 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Bradley\AppData\Roaming\PCDr
[2012/01/13 03:22:25 | 000,000,000 | ---D | M] -- C:\Users\Bradley\AppData\Roaming\SoftGrid Client
[2010/11/29 15:08:07 | 000,000,000 | ---D | M] -- C:\Users\Bradley\AppData\Roaming\TP
[2012/01/13 03:10:12 | 000,000,914 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
[2012/01/13 11:35:02 | 000,000,936 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
[2012/01/03 14:23:34 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/17 20:02:57 | 000,032,270 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/13 12:52:41 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2012/01/12 12:02:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe


< MD5 for: EXPLORER.EXE >
[2010/11/13 06:49:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/13 06:49:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/13 06:49:20 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/11/13 06:49:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2012/01/13 11:05:48 | 000,270,848 | ---- | M] (Orb Networks) MD5=8AC84F646447CD11D57FD80EF4BA5DD2 -- C:\Users\Bradley\AppData\Local\Temp\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/13 06:49:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/13 06:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/13 06:49:25 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/13 06:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/13 06:49:25 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/11/13 06:49:20 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/13 06:49:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/11/13 06:49:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/13 06:49:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/13 06:49:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/13 06:49:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/11/13 06:49:25 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NetBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0B0E6E9D-80FA-4F82-B63C-968C73A67064}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1068C312-0372-4CA3-B7CF-8F5D2706CEAB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{240762B7-7B1D-4B56-A61E-CCDE498AAD53}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 03 01 01 01 05 01 09 01 00 01 0A 01 08 01 06 01 04 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2009/07/13 21:01:14 | 000,001,282 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/07/13 21:01:14 | 000,000,442 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\1\desktop.ini
[2009/07/13 20:49:40 | 000,001,266 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\1\Windows Update.lnk

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2011/10/04 14:31:02 | 000,002,193 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\BlackBerry Desktop Software.lnk
[2010/12/27 19:30:46 | 000,000,392 | -HS- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\desktop.ini
[2011/10/13 15:54:10 | 000,001,745 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\iTunes.lnk
[2011/11/23 15:17:17 | 000,001,075 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2012/01/08 20:46:06 | 000,001,830 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\McAfee Security Center.lnk
[2011/10/13 15:49:47 | 000,001,807 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk
[2011/10/13 15:55:00 | 000,002,491 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\Safari.lnk
[2011/11/23 15:07:36 | 000,001,128 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\TeamViewer 6.lnk
[2010/12/27 19:30:46 | 000,002,356 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\WildTangent Games App - dell.lnk
[2010/12/19 18:03:17 | 000,002,117 | ---- | M] () -- C:\Users\Bradley\AppData\Local\Temp\smtmp\4\Windows 7 Upgrade Advisor.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 269312 bytes -> C:\Users\Bradley\AppData\Local\Temp:winupd.exe

< End of report >
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Everything is still gone from my start menu and and I am still getting redirected.

Just few quick questions for clarification.

Are you having redirects with all browsers or just one?

If just one, which one?

Everything does this mean you have no administrative or default menu items?
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.


Step 2.

Restore Default Start Menu Items

Please follow this link for instructions on restoring your default menu items. Use option 2 for all users and if you have unique current users use option 1.

You have Home Basic so select that zip file for your machine.


Step 3.

Restore All Program Start Menu Items

Please follow this link for instructions on restoring all program menu items. Us option 2 for all users and if you have unique current user programs use option 1.


Step 4.

Please post:

ComboFix.txt


How is the computer performing?

Have the redirects stopped now? If not is it all browsers or just one? If only one, which one?
  • 0

#14
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I don't seem to be having the redirects anymore. At startup I noticed a pop-up window start-up while Combofix was preparing a log. It was the same pop-up that popped up like 20 consecutive times when I had a virus. Things seem to be running a lot better.

ComboFix 12-01-16.01 - Bradley 01/16/2012 0:18.2.4 - x64
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.1.1033.18.5941.4638 [GMT -8:00]
Running from: c:\users\Bradley\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012
c:\users\Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012\Cloud AV 2012.lnk
c:\users\Bradley\AppData\Roaming\Microsoft\Windows\Templates\467ikm37d547as18m6dfm8m356440i80f6450
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 08:23 . 2012-01-16 08:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-16 08:23 . 2012-01-16 08:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 20:57 . 2012-01-13 21:00 -------- d-----w- C:\Boot
2012-01-13 20:49 . 2012-01-13 20:49 -------- d-----w- C:\_OTL
2012-01-12 20:02 . 2012-01-12 20:02 584192 ----a-w- C:\OTL.exe
2012-01-12 19:09 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 19:09 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 19:09 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 19:09 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 19:09 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 19:09 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 19:09 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 19:09 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 08:29 . 2012-01-03 08:29 -------- d-----w- c:\program files\Dell Support Center
2012-01-01 22:09 . 2012-01-01 22:09 -------- d-s---w- c:\users\Bradley\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 20:56 . 2011-05-24 19:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00 . 2011-12-15 07:13 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:26 . 2011-12-15 07:13 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-15 07:13 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-15 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-15 07:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-15 07:13 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-15 07:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-15 07:13 482816 ----a-w- c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-15 07:13 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-15 07:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-15 07:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19 . 2011-12-15 07:14 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-23_23.32.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-14 10:05 . 2011-08-20 04:35 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-15 07:13 . 2011-11-05 04:34 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-15 07:13 . 2011-11-05 04:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-10-14 10:05 . 2011-08-20 04:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-10-14 10:05 . 2011-08-20 04:35 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-15 07:13 . 2011-11-05 04:34 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-15 07:13 . 2011-11-05 04:35 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-10-14 10:05 . 2011-08-20 04:38 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-10-14 10:05 . 2011-08-20 04:35 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-15 07:13 . 2011-11-05 04:34 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-11-23 23:31 . 2011-11-23 23:31 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-01-16 08:24 . 2012-01-16 08:24 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-11-23 23:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-16 08:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-16 08:24 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-23 23:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-16 08:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-13 13:04 . 2012-01-13 23:40 39140 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-13 23:40 28822 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-18 23:25 . 2012-01-13 23:40 11800 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1843237916-3423027124-1883977724-1000_UserData.bin
- 2011-10-14 10:05 . 2011-08-20 05:41 97280 c:\windows\system32\mshtmled.dll
+ 2011-12-15 07:13 . 2011-11-05 05:23 97280 c:\windows\system32\mshtmled.dll
- 2011-10-14 10:05 . 2011-08-20 05:37 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-15 07:13 . 2011-11-05 05:19 12288 c:\windows\system32\msfeedssync.exe
- 2011-10-14 10:05 . 2011-08-20 05:41 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-12-15 07:13 . 2011-11-05 05:23 82944 c:\windows\system32\msfeedsbs.dll
- 2011-10-14 10:05 . 2011-08-20 05:45 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-15 07:13 . 2011-11-05 05:26 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-01-13 21:00 . 2012-01-13 22:29 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-10-14 10:05 . 2011-08-20 05:41 64512 c:\windows\system32\jsproxy.dll
+ 2011-12-15 07:13 . 2011-11-05 05:22 64512 c:\windows\system32\jsproxy.dll
+ 2010-11-18 19:37 . 2012-01-14 00:06 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-18 19:37 . 2011-11-23 22:59 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-18 19:37 . 2012-01-14 00:06 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-23 22:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-14 00:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-18 21:08 . 2012-01-13 21:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-18 21:08 . 2011-04-25 06:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-13 18:34 63688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-11-18 21:08 . 2012-01-13 21:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-18 21:08 . 2011-04-25 06:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-18 21:08 . 2011-04-25 06:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-18 21:08 . 2012-01-13 21:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-18 21:08 . 2012-01-16 08:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-18 21:08 . 2011-11-23 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-18 21:08 . 2012-01-16 08:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-18 21:08 . 2011-11-23 23:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-12 19:02 . 2011-12-26 19:08 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-12 19:02 . 2011-12-26 19:13 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-10-14 10:03 . 2011-10-14 10:03 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-14 10:03 . 2011-10-14 10:03 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-15 11:01 . 2011-12-15 11:01 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-11-10 07:49 . 2011-11-10 07:49 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-01-13 19:11 . 2012-01-13 19:11 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\560a5f258f9379423dc037d734e3e937\System.Web.DynamicData.Design.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\785ebe96ed6ff7d2e1b0c9bc7c8b3d6a\System.Web.DynamicData.Design.ni.dll
+ 2011-12-08 20:34 . 2011-12-08 20:34 9560 c:\windows\system32\NetworkList\Icons\{E1D24D66-7349-4BBE-A1B7-4BA49C516C19}_48.bin
+ 2011-12-08 20:34 . 2011-12-08 20:34 4280 c:\windows\system32\NetworkList\Icons\{E1D24D66-7349-4BBE-A1B7-4BA49C516C19}_32.bin
+ 2011-12-08 20:34 . 2011-12-08 20:34 2456 c:\windows\system32\NetworkList\Icons\{E1D24D66-7349-4BBE-A1B7-4BA49C516C19}_24.bin
+ 2012-01-01 22:10 . 2012-01-01 22:10 9560 c:\windows\system32\NetworkList\Icons\{B3FEBA2D-A46E-4E2A-8928-459DC5BE9963}_48.bin
+ 2012-01-01 22:10 . 2012-01-01 22:10 4280 c:\windows\system32\NetworkList\Icons\{B3FEBA2D-A46E-4E2A-8928-459DC5BE9963}_32.bin
+ 2012-01-01 22:10 . 2012-01-01 22:10 2456 c:\windows\system32\NetworkList\Icons\{B3FEBA2D-A46E-4E2A-8928-459DC5BE9963}_24.bin
+ 2012-01-16 08:24 . 2012-01-16 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-23 23:32 . 2011-11-23 23:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-16 08:24 . 2012-01-16 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-23 23:32 . 2011-11-23 23:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-15 07:13 . 2011-11-05 04:35 132096 c:\windows\SysWOW64\url.dll
- 2011-10-14 10:05 . 2011-08-20 04:38 132096 c:\windows\SysWOW64\url.dll
- 2011-10-14 10:05 . 2011-08-20 04:36 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-12-15 07:13 . 2011-11-05 04:34 606208 c:\windows\SysWOW64\mstime.dll
- 2011-10-14 10:05 . 2011-08-20 04:35 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2011-12-15 07:13 . 2011-11-05 04:34 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2012-01-13 20:56 . 2012-01-13 20:56 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2012-01-02 07:37 . 2012-01-02 07:37 243872 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe
+ 2012-01-12 19:09 . 2011-10-14 04:42 716800 c:\windows\SysWOW64\jscript.dll
- 2011-04-14 10:04 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-12-15 07:13 . 2011-11-11 05:50 176640 c:\windows\SysWOW64\ieui.dll
- 2011-10-14 10:05 . 2011-08-20 04:35 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-12-15 07:13 . 2011-11-05 04:34 185856 c:\windows\SysWOW64\iepeers.dll
- 2011-10-14 10:05 . 2011-08-20 04:35 185856 c:\windows\SysWOW64\iepeers.dll
- 2011-10-14 10:05 . 2011-08-20 04:34 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-12-15 07:13 . 2011-11-05 04:33 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-12-15 07:13 . 2011-10-15 05:48 534528 c:\windows\SysWOW64\EncDec.dll
- 2011-03-09 00:11 . 2010-12-23 05:28 534528 c:\windows\SysWOW64\EncDec.dll
+ 2010-11-18 21:10 . 2012-01-16 04:03 242728 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-11-18 17:33 . 2012-01-16 08:10 268982 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-10-14 10:05 . 2011-08-20 05:44 134144 c:\windows\system32\url.dll
+ 2011-12-15 07:13 . 2011-11-05 05:26 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-01-16 08:12 637488 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-16 08:12 111346 c:\windows\system32\perfc009.dat
+ 2011-12-15 07:13 . 2011-11-05 05:23 703488 c:\windows\system32\msfeeds.dll
- 2011-10-14 10:05 . 2011-08-20 05:41 703488 c:\windows\system32\msfeeds.dll
- 2011-04-14 10:04 . 2011-02-18 06:36 852480 c:\windows\system32\jscript.dll
+ 2012-01-12 19:09 . 2011-10-14 05:21 852480 c:\windows\system32\jscript.dll
- 2011-10-14 10:05 . 2011-08-20 05:40 247808 c:\windows\system32\ieui.dll
+ 2011-12-15 07:13 . 2011-11-11 06:41 247808 c:\windows\system32\ieui.dll
+ 2011-12-15 07:13 . 2011-11-05 05:22 256000 c:\windows\system32\iepeers.dll
- 2011-10-14 10:05 . 2011-08-20 05:40 256000 c:\windows\system32\iepeers.dll
- 2011-10-14 10:05 . 2011-08-20 05:40 445952 c:\windows\system32\iedkcs32.dll
+ 2011-12-15 07:13 . 2011-11-05 05:22 445952 c:\windows\system32\iedkcs32.dll
+ 2009-07-14 04:45 . 2011-12-15 11:20 271640 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-11-10 19:01 271640 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-15 07:13 . 2011-10-15 06:25 723456 c:\windows\system32\EncDec.dll
+ 2009-07-14 05:12 . 2012-01-13 21:04 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-09-20 18:04 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-23 23:31 237028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-16 08:24 237028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 13:47 . 2011-12-26 13:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-12 19:02 . 2011-12-26 19:08 745232 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 12:39 . 2011-12-26 12:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-12 19:02 . 2011-12-26 19:13 437008 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-13 19:11 . 2012-01-13 19:11 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\29a1dca6f120f8f7c9c1085185837f0f\System.Web.Routing.ni.dll
+ 2012-01-13 19:11 . 2012-01-13 19:11 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\69fff3a84301bbb18a5cfec3e1fb1f06\System.Web.Entity.ni.dll
+ 2012-01-13 19:11 . 2012-01-13 19:11 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\113b39f995b8d85d7bf75619ba41a3cc\System.Web.Entity.Design.ni.dll
+ 2012-01-13 19:11 . 2012-01-13 19:11 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\4c0871b2b82d3235402d1e29acef0501\System.Web.DynamicData.ni.dll
+ 2012-01-13 19:10 . 2012-01-13 19:10 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\fc4b973cde762e64ad5fe6fd0798a231\System.Web.Abstractions.ni.dll
+ 2012-01-13 19:06 . 2012-01-13 19:06 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\bd8e4a318b3246b829d0dbc41aac82be\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-13 19:06 . 2012-01-13 19:06 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5b6907a49510801d63a7fb03c54e2398\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-13 19:06 . 2012-01-13 19:06 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2eae1637ec3eedbd78bfcda25a084f84\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-13 19:06 . 2012-01-13 19:06 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\27a62e1a117dfb376da6aa46819d62c0\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\53e9c29ed15faeb9361d2637d019393a\System.Web.Routing.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ff329960a82a1b38f555bccf1754b8ee\System.Web.Extensions.Design.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\84d55e88cb44fce5fe48c33965904c24\System.Web.Entity.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\17bebe3b714ccffe58e640f228fc55a0\System.Web.Entity.Design.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a647db245c74b3d5016c4e9ec7de0127\System.Web.DynamicData.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\807b00e3d3cbf6f6ccd6e8c020c8c146\System.Web.Abstractions.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\a30e8493180c747bc239ee13d1368f80\System.Data.Entity.Design.ni.dll
- 2011-10-14 10:04 . 2011-08-20 04:38 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-15 07:13 . 2011-11-05 04:35 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-15 07:14 . 2011-11-05 04:34 5997568 c:\windows\SysWOW64\mshtml.dll
+ 2011-05-24 20:22 . 2012-01-13 20:56 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2011-10-14 10:05 . 2011-08-20 04:35 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-15 07:13 . 2011-11-05 04:34 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-15 07:13 . 2011-11-05 05:26 1501184 c:\windows\system32\urlmon.dll
- 2011-10-14 10:04 . 2011-08-20 05:44 1501184 c:\windows\system32\urlmon.dll
- 2011-10-14 10:05 . 2011-08-20 05:42 1026560 c:\windows\system32\mstime.dll
+ 2011-12-15 07:13 . 2011-11-05 05:23 1026560 c:\windows\system32\mstime.dll
+ 2011-12-15 07:14 . 2011-11-05 05:23 9332736 c:\windows\system32\mshtml.dll
- 2011-10-14 10:05 . 2011-08-20 05:40 2458624 c:\windows\system32\iertutil.dll
+ 2011-12-15 07:13 . 2011-11-05 05:22 2458624 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2011-11-15 01:24 3376835 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-13 11:26 3376835 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-11-18 23:15 . 2011-11-23 22:58 2247384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-18 23:15 . 2012-01-16 08:24 2247384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-12 19:02 . 2011-12-26 19:08 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-12 19:02 . 2011-12-26 19:13 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-13 11:04 . 2012-01-13 11:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-14 10:03 . 2011-10-14 10:03 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-13 11:03 . 2012-01-13 11:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-14 10:02 . 2011-10-14 10:02 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-20 00:30 . 2011-12-20 00:30 7976448 c:\windows\Installer\94d1a9.msi
+ 2011-10-16 22:28 . 2011-10-16 22:28 1138688 c:\windows\Installer\6d980c27.msp
+ 2011-12-14 04:09 . 2011-12-14 04:09 2845696 c:\windows\Installer\1877d0d.msi
+ 2011-12-26 14:24 . 2011-12-26 14:24 8835072 c:\windows\Installer\11272b17.msp
+ 2012-01-13 19:12 . 2012-01-13 19:12 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\eeafa54dfa75bcbaf4f0b9299214ccd4\System.WorkflowServices.ni.dll
+ 2012-01-13 18:35 . 2012-01-13 18:35 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\7983c734b61318b4a631b580cef6a6f4\System.Workflow.Runtime.ni.dll
+ 2012-01-13 18:35 . 2012-01-13 18:35 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\a1634dad2d4ccbf162dfd112901143c2\System.Workflow.ComponentModel.ni.dll
+ 2012-01-13 18:35 . 2012-01-13 18:35 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\63781b0c3ce527db69ebea4e88523b76\System.Workflow.Activities.ni.dll
+ 2012-01-13 18:35 . 2012-01-13 18:35 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\98f1c5aa773fd5e80095cbbed80ee9ff\System.Web.Services.ni.dll
+ 2012-01-13 19:12 . 2012-01-13 19:12 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\f420e085db2ff21cf7040d967efd2f4a\System.Web.Mobile.ni.dll
+ 2012-01-13 19:11 . 2012-01-13 19:11 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\dc5764dd9ea9874b7411a024b1faf85c\System.Web.Extensions.Design.ni.dll
+ 2012-01-13 19:11 . 2012-01-13 19:11 3043840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\a7ccc8cc8f839b332ba9d1ba119f148b\System.Web.Extensions.ni.dll
+ 2012-01-13 19:10 . 2012-01-13 19:10 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\9ecf04b1d849d72f35c9c3b34d9bc592\System.ServiceModel.Web.ni.dll
+ 2012-01-13 18:34 . 2012-01-13 18:34 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\9cdbff6df17a3790bc56366bcce0080d\System.Runtime.Remoting.ni.dll
+ 2012-01-13 19:09 . 2012-01-13 19:09 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\0b0853b3db50c761992f5b850dabe054\System.IdentityModel.ni.dll
+ 2012-01-13 19:10 . 2012-01-13 19:10 1846272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\205e0b22b89b2b4267c1a978960b32c2\System.Data.Services.ni.dll
+ 2012-01-13 19:10 . 2012-01-13 19:10 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b6428e22adaade724201dbf4e27c266f\System.Data.Entity.Design.ni.dll
+ 2012-01-13 19:09 . 2012-01-13 19:09 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\241af06029a1a0cb7eb73c3c1d6bc4c7\MIGUIControls.ni.dll
+ 2012-01-13 19:09 . 2012-01-13 19:09 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\f72be4e65a73b421857bd6e62a13f043\Microsoft.VisualBasic.ni.dll
+ 2012-01-13 19:09 . 2012-01-13 19:09 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cfc8454b4fa0883ac71ce273f23b8278\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-13 19:06 . 2012-01-13 19:06 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\895beb9dd563ca08b8404c00166d58fe\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-13 19:06 . 2012-01-13 19:06 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\885492104299f52a31dca9149f6c48d2\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-13 19:08 . 2012-01-13 19:08 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\233bf54bdcfe71f4f6273f2aa90af531\System.WorkflowServices.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\a0bc805242390ae64c59532c0b0fcc7e\System.Workflow.Runtime.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\f5cb24170af545298777c9d373f9d6a8\System.Workflow.ComponentModel.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f87c9c0512681bb16f7698d48dc9e2ed\System.Workflow.Activities.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\82ca215f115529e1372218a8ca377ddb\System.Web.Services.ni.dll
+ 2012-01-13 19:08 . 2012-01-13 19:08 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\2a4e499aab5fa3f9292eea38326bebdd\System.Web.Mobile.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\fcececd77165fe778ffeb61ddf0a520f\System.Web.Extensions.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9a29ccc783b1305deb24c667ad79d287\System.ServiceModel.Web.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3be59fc152f841624066c269cc2fff62\System.IdentityModel.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\fd4ab5573fa8c2697fcdd802e9fb1b24\System.Data.Services.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\906d518d73b20534c0ecdb1d28368b75\MIGUIControls.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a72ed18d2df70f09c57cf914ce591306\Microsoft.VisualBasic.ni.dll
+ 2012-01-13 19:07 . 2012-01-13 19:07 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\557e06261f2f6f64a8fa31564ef3b067\Microsoft.PowerShell.Commands.Utility.ni.dll
- 2010-11-19 20:12 . 2010-09-23 22:31 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-12 19:02 . 2011-12-26 19:13 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-12 19:02 . 2011-12-26 19:08 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-12 19:02 . 2011-12-26 19:13 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-14 10:04 . 2011-08-20 04:35 10990080 c:\windows\SysWOW64\ieframe.dll
+ 2011-12-15 07:13 . 2011-11-11 05:50 10990080 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2011-11-11 20:42 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-13 21:00 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-20 08:29 . 2012-01-13 11:05 54008112 c:\windows\system32\MRT.exe
- 2011-10-14 10:04 . 2011-08-20 05:40 12370944 c:\windows\system32\ieframe.dll
+ 2011-12-15 07:13 . 2011-11-11 06:41 12370944 c:\windows\system32\ieframe.dll
+ 2012-01-13 18:35 . 2012-01-13 18:35 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\4930ca6795842697c80851f93c4ed331\System.Web.ni.dll
+ 2012-01-13 19:09 . 2012-01-13 19:09 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\bab25f57248cf28f5ecba342d9046d61\System.ServiceModel.ni.dll
+ 2012-01-13 18:35 . 2012-01-13 18:35 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\29b1954da22a2d1f33cfc389bcb9d8d8\System.Design.ni.dll
+ 2012-01-13 18:34 . 2012-01-13 18:34 15566848 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\89539913ae4a7cd0cb6ca733d6bf699e\mscorlib.ni.dll
- 2011-10-14 10:26 . 2011-10-14 10:26 15566848 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\89539913ae4a7cd0cb6ca733d6bf699e\mscorlib.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 11824128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b8ee7bf7d7ac34623238f731b05395a2\System.Web.ni.dll
+ 2012-01-13 19:06 . 2012-01-13 19:06 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5107d5be0963a2026d7c8be0796a5b1b\System.ServiceModel.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\0d77a2de1d33f6be5f944964d0f9ba45\System.Design.ni.dll
+ 2012-01-13 18:33 . 2012-01-13 18:33 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
- 2011-10-14 10:29 . 2011-10-14 10:29 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Facebook Update"="c:\users\Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-24 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FreemakeUtilsService;Freemake Service;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-08-04 74240]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
- c:\users\Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 06:30]
.
2012-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
- c:\users\Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 06:30]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 19:40]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 19:40]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000Core.job
- c:\users\Bradley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 21:46]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1843237916-3423027124-1883977724-1000UA.job
- c:\users\Bradley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 21:46]
.
2012-01-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.12 68.105.29.12
FF - ProfilePath - c:\users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\05v66gbn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.orangecounty.cox.net/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z127&form=ZGAADF&install_date=20111213&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - c:\programdatamozilla\Extensions\superfish@superfish.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: googlebar: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6} - %profile%\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2012-01-16 00:29:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-16 08:29
ComboFix2.txt 2011-11-23 23:36
.
Pre-Run: 525,841,117,184 bytes free
Post-Run: 525,524,664,320 bytes free
.
- - End Of File - - DF0C4D460013DDBC3584E41A67E82B55
  • 0

#15
bradleys24

bradleys24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
One thing to add, I think this infection did something to my sharing permissions. I can't enable file or printer sharing on my computer anymore. Whenever I enable it, it doesn't save and is still disabled when I go back and look.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP