Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE 8 and desktop icons locking up. [Solved]


  • This topic is locked This topic is locked

#46
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
The tssmanual rev 1 line 2 copied into adminstrator command prompt yields the same error message stating the syntax of the command is incorrect.

Please advise.
  • 0

Advertisements


#47
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We will find the files with OTL and fix them after this run.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your good laptop and copy it to the USB drive.
Then insert the USB drive in the bad laptop and copy aswMBR to the desktop.
Double click the aswMBR.exe to run it
Under AV Scan: Select None
Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.
Download scan.txt to your good laptop and copy it to the USB drive.Attached File  scan.txt   870bytes   51 downloads
Insert the USB drive in the bad laptop and copy scan.txt to the desktop.

  • Double click on the icon to run OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Open scan.txt with notepad. Edit select all, edit copy
  • Under the Custom Scan box paste it in.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Step 3.

Copy to the USB drive:

aswMBR log
OTL.txt
Extras.txt


Insert the USB drive in the good computer and copy paste all three in your next post.
  • 0

#48
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Just got an error message during the otl scan. Cannot create file c:\Users\Chris'laptop\desktop\cmd.bat.

There is an ok button, should I click it? Then what?
  • 0

#49
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please make sure all of the file scan.txt is copied and pasted into the Custom scan box and make sure you hit the Run Scan button not the Fix button.
  • 0

#50
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
All 3 logs as requested.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 14:32:54
-----------------------------
14:32:54.966 OS Version: Windows 6.1.7600
14:32:54.966 Number of processors: 4 586 0x2502
14:32:54.966 ComputerName: CHRISLAPTOP UserName:
14:32:55.840 Initialize success
14:34:15.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:34:15.363 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
14:34:15.378 Disk 0 MBR read successfully
14:34:15.378 Disk 0 MBR scan
14:34:15.378 Disk 0 Windows VISTA default MBR code
14:34:15.394 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:34:15.394 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12890 MB offset 81920
14:34:15.425 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225544 MB offset 26480640
14:34:15.425 Disk 0 scanning sectors +488394752
14:34:15.503 Disk 0 scanning C:\Windows\system32\drivers
14:34:20.791 Service scanning
14:34:26.095 Service MpKslcd5c2490 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F09B6E18-9A3C-4D0B-95B1-B2AE6641DA25}\MpKslcd5c2490.sys **LOCKED** 32
14:34:32.757 Modules scanning
14:34:39.667 Disk 0 trace - called modules:
14:34:39.699 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys
14:34:39.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8816f440]
14:34:39.699 3 CLASSPNP.SYS[8c7b359e] -> nt!IofCallDriver -> [0x8816f9e0]
14:34:39.714 5 stdfltn.sys[8c9ed70c] -> nt!IofCallDriver -> [0x865f7f08]
14:34:39.730 7 ACPI.sys[8c0903b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8665d028]
14:34:39.730 Scan finished successfully
14:34:57.420 Disk 0 MBR has been saved successfully to "C:\Users\Chris' laptop\Desktop\MBR.dat"
14:34:57.420 The log file has been saved successfully to "C:\Users\Chris' laptop\Desktop\aswMBR.txt"


OTL logfile created on: 4/28/2012 3:05:35 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chris' laptop\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 64.39% Memory free
6.85 Gb Paging File | 5.61 Gb Available in Paging File | 81.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.26 Gb Total Space | 127.05 Gb Free Space | 57.68% Space Free | Partition Type: NTFS

Computer Name: CHRISLAPTOP | User Name: Chris' laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris' laptop\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/13 00:33:44 | 000,288,112 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/04/05 12:56:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
PRC - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
PRC - [2010/03/23 17:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/17 19:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/14 17:53:48 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/14 15:47:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
PRC - [2010/01/08 16:55:16 | 002,823,456 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/01/08 16:55:16 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/01/08 16:55:16 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/12/10 14:44:26 | 001,327,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/24 16:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/11/02 12:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 08:27:55 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012/04/13 08:27:48 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/02/17 09:48:25 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/17 09:48:25 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll
MOD - [2012/02/17 09:13:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 09:12:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/17 09:12:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/17 09:12:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/17 09:12:32 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/19 12:24:38 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/07/24 08:51:39 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.401.18795__f25c74fcad379103\Status Lib.dll
MOD - [2010/07/24 08:51:39 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.401.18794__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/01/08 16:55:28 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/11/19 16:47:10 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/13 09:17:00 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/27 09:20:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/09 15:06:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/06 12:57:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe -- (STacSV)
SRV - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe -- (AESTFilters)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2010/01/08 16:55:16 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/11/18 17:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHRIS'~2\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CHRIS'~2\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/28 11:41:11 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F09B6E18-9A3C-4D0B-95B1-B2AE6641DA25}\MpKslcd5c2490.sys -- (MpKslcd5c2490)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/07/24 11:24:21 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/24 11:24:17 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/07/24 11:24:17 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/07/24 11:24:17 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/05/13 00:17:00 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/05 12:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/21 15:25:04 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/03/21 15:25:04 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2010/03/21 15:25:04 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2010/02/26 20:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 10:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/01/18 08:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/01/18 08:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdfltn.sys -- (stdflt)
DRV - [2010/01/14 15:47:22 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/12/10 13:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/12/01 13:49:51 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/03 17:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/10/14 12:29:54 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere MP(UVC)
DRV - [2009/10/07 09:48:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/16 17:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/09/15 12:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3E6CC3E9-4126-43F4-AB24-6D12C56E40B1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\SearchScopes\{67CEEB19-5AF4-49B4-A706-C54D92ADB6C7}: "URL" = http://www.ant.com/web/{searchTerms}/
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/04/27 18:25:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} http://64.215.188.180/pw/mpsPwLc7.CAB (mpsPwLc7.PMWebSiteLogin)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {36103610-3232-3610-3610-323236103610} https://www.jjpoet.c...tdavview361.cab (Livelink ECM - WebDAV 3.6.1)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} https://www.linkedin...nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://64.215.188.18...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69156C3A-99C7-4601-8C85-42781BBAF218}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DC907BC-E00E-4032-9196-41A29A9D4EEE}: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/27 11:55:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 14:32:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chris' laptop\Desktop\aswMBR.exe
[2012/04/27 19:10:53 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Settings
[2012/04/27 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/27 18:27:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/27 18:27:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/27 18:27:10 | 000,000,000 | ---D | C] -- C:\Users\Chris' laptop\AppData\Local\temp
[2012/04/27 15:27:24 | 004,478,092 | R--- | C] (Swearware) -- C:\Users\Chris' laptop\Desktop\ComboFix.exe
[2012/04/27 14:02:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Chris' laptop\Desktop\OTL.exe
[2012/04/27 13:55:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/27 13:45:35 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris' laptop\Desktop\tdsskiller.exe
[2012/04/27 12:57:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/27 12:57:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/27 12:57:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/27 12:56:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/27 12:56:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/27 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Chris' laptop\Desktop\RK_Quarantine
[2012/04/27 09:47:04 | 000,000,000 | ---D | C] -- C:\Users\Chris' laptop\AppData\Local\{E4B7E767-B0D5-415B-90B9-4FD3D2A7103F}
[2012/04/12 16:33:05 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 16:33:04 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/12 08:06:02 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/04/12 08:06:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/04/12 08:06:02 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/04/12 08:06:02 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/04/12 08:06:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 08:06:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 08:06:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/04/12 08:06:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 08:06:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/04/12 08:06:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 08:06:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/04/12 08:06:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/04/03 08:19:16 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/04/28 14:34:57 | 000,000,512 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\MBR.dat
[2012/04/28 14:29:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris' laptop\Desktop\aswMBR.exe
[2012/04/28 14:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/28 13:54:26 | 000,337,321 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\FSS.exe
[2012/04/28 12:02:56 | 000,664,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/28 12:02:56 | 000,122,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/28 11:47:51 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 11:47:51 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 11:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Chris' laptop\AppData\Local\WavXMapDrive.bat
[2012/04/28 11:40:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/28 11:40:25 | 2760,245,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/28 11:35:23 | 000,000,014 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\import.bat
[2012/04/28 09:39:08 | 000,154,624 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\TDSSQlook.exe
[2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris' laptop\Desktop\OTL.exe
[2012/04/27 21:22:36 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/27 18:41:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/27 18:25:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/27 15:27:32 | 004,478,092 | R--- | M] (Swearware) -- C:\Users\Chris' laptop\Desktop\ComboFix.exe
[2012/04/27 13:45:45 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris' laptop\Desktop\tdsskiller.exe
[2012/04/27 12:46:36 | 001,280,512 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\RogueKiller.exe
[2012/04/27 09:20:10 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/27 09:20:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/13 08:29:29 | 000,001,107 | ---- | M] () -- C:\Users\Chris' laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

========== Files Created - No Company Name ==========

[2012/04/28 14:34:57 | 000,000,512 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\MBR.dat
[2012/04/28 13:56:09 | 000,337,321 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\FSS.exe
[2012/04/28 11:33:39 | 000,000,014 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\import.bat
[2012/04/28 10:10:26 | 000,154,624 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\TDSSQlook.exe
[2012/04/27 18:40:58 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/27 12:57:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/27 12:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/27 12:57:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/27 12:57:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/27 12:57:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/27 12:46:30 | 001,280,512 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\RogueKiller.exe
[2012/04/03 08:19:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/29 12:35:42 | 000,009,372 | --S- | C] () -- C:\Users\Chris' laptop\AppData\Local\545mhm10i165fb14p5igv7o722375a57e2657
[2011/12/29 12:35:42 | 000,009,372 | --S- | C] () -- C:\ProgramData\545mhm10i165fb14p5igv7o722375a57e2657
[2011/05/19 16:33:47 | 000,000,136 | ---- | C] () -- C:\ProgramData\~26140408r
[2011/05/19 16:33:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\~26140408
[2011/05/19 16:33:42 | 000,000,344 | ---- | C] () -- C:\ProgramData\26140408
[2011/05/11 16:26:40 | 000,000,196 | -H-- | C] () -- C:\Windows\System32\tscct1.dll
[2011/04/27 17:18:18 | 000,703,959 | ---- | C] () -- C:\Windows\HPISExe.dat
[2011/03/20 10:23:13 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/06 13:59:40 | 000,000,000 | ---- | C] () -- C:\Users\Chris' laptop\AppData\Local\WavXMapDrive.bat
[2010/07/24 11:20:33 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/07/24 11:20:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/07/24 11:20:33 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/24 11:20:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/07/24 11:20:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/07/24 11:20:32 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/07/24 11:20:32 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/24 08:40:17 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2010/07/24 08:40:17 | 000,206,216 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2010/07/24 08:39:13 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll

========== LOP Check ==========

[2011/04/27 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Autodesk
[2010/08/06 13:59:52 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Broadcom
[2011/08/19 10:56:02 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Leadertech
[2010/08/06 13:59:52 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Wave Systems Corp
[2011/04/06 13:17:06 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\webex
[2012/01/12 15:43:28 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/07/24 11:24:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/07/24 11:24:15 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/07/24 11:24:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/07/24 11:24:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/07/24 11:24:15 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/07/24 11:24:08 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: HPZIPM12.DLL >
[2009/06/22 18:59:00 | 000,052,736 | ---- | M] (Hewlett-Packard) MD5=13FBE33E8AB8284C6A3C6CE86FA59EA0 -- C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_x86_neutral_cacb8bcaef076d27\I386\HPZIPM12.DLL
[2009/06/22 18:59:00 | 000,052,736 | ---- | M] (Hewlett-Packard) MD5=13FBE33E8AB8284C6A3C6CE86FA59EA0 -- C:\Windows\System32\HPZIPM12.DLL
[2009/06/22 18:59:00 | 000,052,736 | ---- | M] (Hewlett-Packard) MD5=13FBE33E8AB8284C6A3C6CE86FA59EA0 -- C:\Windows\System32\spool\drivers\w32x86\3\HPZIPM12.DLL
[2009/07/13 21:15:25 | 000,054,272 | ---- | M] (Hewlett-Packard) MD5=379F7A0EC9FBE07629FD3F244D3E3E44 -- C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_x86_neutral_e6daa9c39ac001a3\I386\HPZIPM12.DLL
[2009/07/13 21:15:25 | 000,054,272 | ---- | M] (Hewlett-Packard) MD5=379F7A0EC9FBE07629FD3F244D3E3E44 -- C:\Windows\winsxs\x86_prnhp002.inf_31bf3856ad364e35_6.1.7600.16385_none_d32fd3ee9b221e74\I386\HPZIPM12.DLL
[2006/09/23 01:28:00 | 000,052,736 | ---- | M] (Hewlett-Packard) MD5=9E1BEE544FA03ED7CBB0EA2F23FAA076 -- C:\Windows\System32\DriverStore\FileRepository\hphpabijvst4wu.inf_x86_neutral_2ee69a5514d15818\I386\HPZIPM12.DLL

< MD5 for: INSTALLFILTERSERVICE.EXE >
[2010/01/10 13:01:26 | 000,060,928 | ---- | M] () MD5=987A2CC8EC0E86CAA2D8068B1ED7B441 -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
[2012/04/27 13:55:19 | 000,060,928 | ---- | M] () MD5=987A2CC8EC0E86CAA2D8068B1ED7B441 -- C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\svc0000\InstallFilterService.exe

< MD5 for: SECURESTORAGESERVICE.EXE >
[2009/11/18 17:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) MD5=F6A6DBD275EC9EF7B573E48B3FD8D3DF -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCSD_WIN32.EXE >
[2008/11/12 14:25:48 | 001,273,856 | ---- | M] () MD5=69F1A38A6DBFE682491CB61A596662E3 -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/07/24 11:24:15 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/07/24 11:24:15 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/07/24 11:24:15 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/07/24 11:24:15 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{470456F0-913D-4694-A6B5-A41A055C6D76}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{537DEBEB-3E9F-46CB-A41C-34123CAE5484}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{69156C3A-99C7-4601-8C85-42781BBAF218}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8DC907BC-E00E-4032-9196-41A29A9D4EEE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0B 01 07 01 04 01 01 01 0A 01 00 01 0D 01 09 01 06 01 0C 01 08 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 13
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/02/28 01:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: CHRISLAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 12 GB Healthy System
Volume 2 C OS NTFS Partition 220 GB Healthy Boot

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL Extras logfile created on: 4/28/2012 3:05:35 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chris' laptop\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 64.39% Memory free
6.85 Gb Paging File | 5.61 Gb Available in Paging File | 81.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.26 Gb Total Space | 127.05 Gb Free Space | 57.68% Space Free | Partition Type: NTFS

Computer Name: CHRISLAPTOP | User Name: Chris' laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7D2FDE-B2DF-41A5-A3F1-8E542BD66C0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B0E29B2-48C6-4EBC-B39D-D013F5918FD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{132FA3C8-A45E-4E02-87AA-37A275F021C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{196060E4-D750-482B-863A-BB3F20022856}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1DF11EA7-4077-434B-BF86-9F4BC58790AB}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FF0C295-49AE-4A8E-A7C7-0B6B6A4D3868}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{2F9C5F7B-13B4-4B2B-A7F1-B53B57C3961C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34B07E4F-029B-4A71-9791-4F10FA398EC0}" = rport=139 | protocol=6 | dir=out | app=system |
"{357FC79A-244A-4C24-AE23-017BA15DED69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{385D8866-3C40-48FC-9217-9B5B7C077C03}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D721311-52B5-417B-8B7C-05CFF95760A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{4167DB96-E1C6-44D6-A505-50DA7F4FDBFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{431BCE21-D4BF-4DCD-9D76-7AFEFEB172A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{519BB1CC-59B8-473A-8B7F-FC0A5161C4FD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5392423D-B712-4A79-A104-51A4C158D34F}" = rport=137 | protocol=17 | dir=out | app=system |
"{5ADC6CEC-4986-4558-91BD-5DF273263B63}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{60E387D7-84B4-4040-87F5-177C226E1CDF}" = lport=137 | protocol=17 | dir=in | app=system |
"{642E604B-DC98-4723-A9D1-D59F1837B43A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66CB248D-FAC9-459A-A89E-E770C4CECE78}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{686D7856-376A-454F-94FF-FE72E3CD26A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71E1748E-ABBA-4FD1-B3F7-4FF7B2E9B284}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{783DC212-402A-48FC-984B-BD2953ABEA36}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7DFA255B-AAE3-4708-AF0D-9A1802388795}" = rport=138 | protocol=17 | dir=out | app=system |
"{86B5E013-F9C4-4B4B-80BC-6D8401DB7FF4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{94AA11E1-4213-48A3-8984-973B77607128}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9696AB16-33C1-44DB-BE1C-FB238FA793E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3F3DD76-CEE8-4F70-878A-21BF1ADBA894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8827378-7C4A-4B64-AD9C-6F9601DD249A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BC54575E-0843-4EBF-816A-3BAAC0382A15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC5E8CA4-34E1-4168-91E6-0B83A2C5B767}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3BFA234-FC97-4BCD-8175-5B70A6D011D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7DDF70C-2857-4F77-8EC0-5191876D2B3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3544989-473C-47DF-B7C4-E0D3C96220CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E451C9A9-8F4F-4E7F-8E41-6465B965C9BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7DAFF49-81B1-4EBE-8176-5FFC4C922DBF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F1BF84DC-935D-4193-9074-477C83B8FEAA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F77B423D-FF2C-437C-9C80-4330E0C646F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012BB5A2-BCD5-4F20-96F0-19C296109DB8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{07CDEF4D-7F0E-48E1-AF67-BCB1A62255F8}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{098C9F0A-02FF-4BE8-9953-D6CDFCC94600}" = protocol=58 | dir=out | [email protected],-28546 |
"{0DBD8126-1C51-4EC2-9820-8BA18B5387C9}" = protocol=58 | dir=in | [email protected],-28545 |
"{18CF900E-C93E-4C27-B7E8-9ABCFD6987F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3272C5B4-C16F-4084-8D8E-74C8F09EEFA6}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{3CA8DABD-C8FD-41B0-9B5D-A7B23C3C148C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{407AD56C-FC93-4530-B004-8083D3F729D9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4C964E82-3E86-4BAE-AB29-EC462654606C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52494CDD-9208-44E0-9254-A067B8C485EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{621179C8-E44C-4363-BB92-3B491AD8E76E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62786D36-2966-4985-A8A4-313B7EA6EC99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AF2BEDA-7B11-41A3-A20E-B1553F18B422}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{79A9D6B3-F5A2-4F0C-99DD-8DB57C8D5EC7}" = protocol=1 | dir=in | [email protected],-28543 |
"{79E20122-F578-4F41-972A-B979F3642A1E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BA01B41-530C-4891-A9A1-3D87CE8E6BC1}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{882629D7-5273-4ED8-9FD8-5C33FC208715}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89255244-2197-40FA-A8EF-F35B71D5C599}" = protocol=6 | dir=out | app=system |
"{8AEA70D3-966D-4F65-852E-DE3BC7DDDBFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BBC6818-D249-4B2F-81D5-9550E1C43DB2}" = protocol=1 | dir=out | [email protected],-28544 |
"{9BEE4781-1B65-4B68-8C10-290D888949A3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A7E1906E-43D0-4264-A3A7-23DAB70BE26C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A82089CC-70CC-418B-98E1-E82FCB822FB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB2EE4CC-386F-426C-B86A-B36B863607BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF2C9214-2E91-4B49-AC91-323F600DD273}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{AF71FFFB-88BA-4147-B88D-54FAB1426162}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C1948D81-5CC8-4237-A87A-32442F2CE714}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{C8286377-9D2E-4B91-A798-C4760C2E1040}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D9AC69F1-DB09-4714-B66C-9A56C5155F0C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E019948C-3605-4E75-8ADB-A9C15914314F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E970E1C0-2496-46C3-A982-015E19E00659}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8D91DF47-F7E6-4A12-8BBD-10A06F19C345}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9C6727A9-86B1-4DF3-80F1-E406147053E3}C:\program files\microsoft office\office14\winword.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\winword.exe |
"UDP Query User{84CAFA0B-0B3A-481D-A1F9-B34BF50D40E7}C:\program files\microsoft office\office14\winword.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\winword.exe |
"UDP Query User{A1C5E417-B2C5-4A38-96CB-E1D48B82ABB4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{057159C5-3B94-4E36-9271-11615618CACE}" = Dell ControlPoint System Manager
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EDB6E89-5EA7-4275-8BB3-54FB190A5052}" = HP Install Network Printer Wizard
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33F0BD6D-49B0-4030-8940-0FD0414DD9CB}" = Dell Control Point
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{49DFA1BB-F417-491C-9457-F483CC98678C}" = SO32MMWrapper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A7F4379-B2EE-444F-AC4A-C5379B1CF95E}" = Dell ControlVault Host Components Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5D035A-B5B8-41DC-8F00-C133BA21AD4E}" = DCP32MMWrapper
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC474F86-9A17-4BCB-8B15-11ABFD5B7F95}" = Dell Backup and Recovery Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B83E30A9-A744-4C55-BF55-33CA9FCB62C1}" = Wave Infrastructure Installer
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F10D8BEB-AF7C-45ED-9173-DF2B180E7265}" = Meridian Systems Prolog WebSite 7.5 Client
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Ant.com IE add-on" = Ant.com IE add-on
"Dell Webcam Central" = Dell Webcam Central
"DWG TrueView 2012" = DWG TrueView 2012
"FLV Player" = FLV Player 2.0 (build 25)
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Professional 2010
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 14.8.43.0
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1575077190-1894644422-2127405217-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2012 5:39:26 PM | Computer Name = ChrisLaptop | Source = VSS | ID = 8193
Description =

Error - 4/27/2012 5:39:26 PM | Computer Name = ChrisLaptop | Source = System Restore | ID = 8193
Description =

Error - 4/27/2012 5:40:38 PM | Computer Name = ChrisLaptop | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
on a computer running in safe mode. Your computer is currently running in safe
mode. To install Security Essentials, your computer must be running in normal mode.
Please restart your computer in normal mode, and then try to run the Security Essentials
Setup Wizard again. Error code:0x8004FF11.

Error - 4/27/2012 5:46:13 PM | Computer Name = ChrisLaptop | Source = VSS | ID = 18
Description =

Error - 4/27/2012 5:46:13 PM | Computer Name = ChrisLaptop | Source = VSS | ID = 8193
Description =

Error - 4/27/2012 5:46:13 PM | Computer Name = ChrisLaptop | Source = System Restore | ID = 8193
Description =

Error - 4/27/2012 9:20:22 PM | Computer Name = ChrisLaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16968 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d7c Start
Time: 01cd24cc00584e92 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 4/27/2012 9:37:52 PM | Computer Name = ChrisLaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16968 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1490 Start
Time: 01cd24de41431d58 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 4/27/2012 9:38:57 PM | Computer Name = ChrisLaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16968 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 11bc Start
Time: 01cd24df9840817b Termination Time: 15 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 4/28/2012 12:00:54 PM | Computer Name = ChrisLaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16968 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14c0 Start
Time: 01cd25555ccc7b62 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 4/27/2012 6:22:48 PM | Computer Name = ChrisLaptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/27/2012 6:25:46 PM | Computer Name = ChrisLaptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/27/2012 6:41:31 PM | Computer Name = ChrisLaptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80096001 Error description:
A system-level error occurred while verifying trust.

Error - 4/27/2012 6:41:57 PM | Computer Name = ChrisLaptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80096001 Error description:
A system-level error occurred while verifying trust.

Error - 4/27/2012 7:10:53 PM | Computer Name = ChrisLaptop | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 4/27/2012 9:22:24 PM | Computer Name = ChrisLaptop | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 4/27/2012 9:27:36 PM | Computer Name = ChrisLaptop | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 4/28/2012 10:08:54 AM | Computer Name = ChrisLaptop | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 4/28/2012 11:40:38 AM | Computer Name = ChrisLaptop | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 4/28/2012 11:40:53 AM | Computer Name = ChrisLaptop | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.


< End of report >
  • 0

#51
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Good news all the files that were quarantined are back in place!

Step 1.

Download fix.txt to your good laptop.Attached File  fix.txt   1.76KB   48 downloads
Copy it onto the USB drive.
Remove the drive and insert it in the bad laptop.


Step 2.

Copy fix.txt from the USB drive to the desktop of the bad laptop.

  • Please reopen Posted Image on your desktop.
  • Open fix.txt with notepad and edit select all, edit copy the entire file.
  • Paste the code into the Posted Image textbox.


  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Copy the log onto the USB drive from the bad laptop.
Put the USB drive in the good laptop and open the file with notepad and post it in your next reply.


Please give me an update on how the computer is performing including the internet.
  • 0

#52
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Here is the log. Please not, I am getting error messages now on the bad laptop. Unathorized changes have been made and you may be a victim of software counterfeiting. This all happened after the system rebooted.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1575077190-1894644422-2127405217-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
C:\Windows\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Users\Chris' laptop\AppData\Local\545mhm10i165fb14p5igv7o722375a57e2657 moved successfully.
C:\ProgramData\545mhm10i165fb14p5igv7o722375a57e2657 moved successfully.
C:\ProgramData\~26140408r moved successfully.
C:\ProgramData\~26140408 moved successfully.
C:\ProgramData\26140408 moved successfully.
C:\Windows\System32\tscct1.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris' laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Chris' laptop\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris' laptop
->Temp folder emptied: 459734 bytes
->Temporary Internet Files folder emptied: 564059741 bytes
->Java cache emptied: 4070466 bytes
->Flash cache emptied: 632 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145928 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1648253 bytes

Total Files Cleaned = 544.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.1 log created on 04282012_161042

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#53
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Update, I just now received a message stating I need to reactivate my windows. Also, my desktop picture is gone, black background. Folders are still there, small message in bottom right of screen that says windows 7 build 7600, this copy of windows is not genuine.

Please advise, this does not look good. There was a brief message that popped up and went away that said I had to reenter my windows product key.
  • 0

#54
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Reboot again and see if it clears.
  • 0

#55
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
on startup, its asking me for my product key, which is at work. There is also an option that says ask me later.

I cant get the product key until Monday.

Please advise, unless you know a place where it may be stored on the computer.
  • 0

Advertisements


#56
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I am checking on this it may take a little while.

Please be patient.

Thanks,

CompCav
  • 0

#57
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Compcav, I'm being patient. Thanks for all of your help and sticking with this.

Chris
  • 0

#58
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
This will do a scan that will tell us where the file is to restore the validation.


Step 1.

Download the file scanmove.txt to your good laptop desktop and copy it to the USB drive.Attached File  scanmove.txt   41bytes   49 downloads
Remove the USB drive from the good laptop and insert it in the bad laptop.

Step 2.

Run OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Open scanmove.txt with notepad and edit select all, edit copy
  • Under the Custom Scan box paste scanmove.txt
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt
  • Copy the log to the USB drive
  • Remove the USB drive from the bad laptop and insert it in the good laptop
  • Copy the file and paste it in your next reply

  • 0

#59
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Log below. Going to grab something to eat. I'll be back in an hour.

OTL logfile created on: 4/28/2012 6:19:10 PM - Run 3
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Chris' laptop\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 67.56% Memory free
6.85 Gb Paging File | 5.63 Gb Available in Paging File | 82.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.26 Gb Total Space | 127.65 Gb Free Space | 57.96% Space Free | Partition Type: NTFS
Drive E: | 1002.01 Mb Total Space | 936.33 Mb Free Space | 93.45% Space Free | Partition Type: FAT32

Computer Name: CHRISLAPTOP | User Name: Chris' laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris' laptop\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/13 00:33:44 | 000,288,112 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/04/05 12:56:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
PRC - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
PRC - [2010/03/23 17:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/17 19:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/14 17:53:48 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/14 15:47:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
PRC - [2010/01/08 16:55:16 | 002,823,456 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/01/08 16:55:16 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/01/08 16:55:16 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/12/10 14:44:26 | 001,327,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/24 16:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/11/02 12:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 08:27:55 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012/04/13 08:27:48 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/02/17 09:48:25 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/17 09:48:25 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll
MOD - [2012/02/17 09:13:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 09:12:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/17 09:12:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/17 09:12:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/17 09:12:32 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/19 12:24:38 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/07/24 08:51:39 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.401.18795__f25c74fcad379103\Status Lib.dll
MOD - [2010/07/24 08:51:39 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.401.18794__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/01/08 16:55:28 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/11/19 16:47:10 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/13 09:17:00 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/27 09:20:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/09 15:06:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/06 12:57:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/05 12:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe -- (STacSV)
SRV - [2010/04/05 12:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe -- (AESTFilters)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2010/01/08 16:55:16 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/11/18 17:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CHRIS'~2\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/28 18:16:05 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F09B6E18-9A3C-4D0B-95B1-B2AE6641DA25}\MpKsl93f49a6b.sys -- (MpKsl93f49a6b)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/07/24 11:24:21 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/24 11:24:17 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/07/24 11:24:17 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/07/24 11:24:17 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/05/13 00:17:00 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/05 12:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/21 15:25:04 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/03/21 15:25:04 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2010/03/21 15:25:04 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2010/02/26 20:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 10:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/01/18 08:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/01/18 08:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdfltn.sys -- (stdflt)
DRV - [2010/01/14 15:47:22 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/12/10 13:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/12/01 13:49:51 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/03 17:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/10/14 12:29:54 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere MP(UVC)
DRV - [2009/10/07 09:48:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/16 17:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/09/15 12:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3E6CC3E9-4126-43F4-AB24-6D12C56E40B1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\SearchScopes\{67CEEB19-5AF4-49B4-A706-C54D92ADB6C7}: "URL" = http://www.ant.com/web/{searchTerms}/
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/04/28 16:10:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1575077190-1894644422-2127405217-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} http://64.215.188.180/pw/mpsPwLc7.CAB (mpsPwLc7.PMWebSiteLogin)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {36103610-3232-3610-3610-323236103610} https://www.jjpoet.c...tdavview361.cab (Livelink ECM - WebDAV 3.6.1)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} https://www.linkedin...nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://64.215.188.18...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69156C3A-99C7-4601-8C85-42781BBAF218}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DC907BC-E00E-4032-9196-41A29A9D4EEE}: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/27 11:55:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/04/28 09:38:02 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 16:10:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/28 14:32:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chris' laptop\Desktop\aswMBR.exe
[2012/04/27 19:10:53 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Settings
[2012/04/27 18:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/27 18:27:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/27 18:27:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/27 18:27:10 | 000,000,000 | ---D | C] -- C:\Users\Chris' laptop\AppData\Local\temp
[2012/04/27 15:27:24 | 004,478,092 | R--- | C] (Swearware) -- C:\Users\Chris' laptop\Desktop\ComboFix.exe
[2012/04/27 14:02:22 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Chris' laptop\Desktop\OTL.exe
[2012/04/27 13:55:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/27 13:45:35 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris' laptop\Desktop\tdsskiller.exe
[2012/04/27 12:57:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/27 12:57:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/27 12:57:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/27 12:56:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/27 12:56:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/27 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Chris' laptop\Desktop\RK_Quarantine
[2012/04/27 09:47:04 | 000,000,000 | ---D | C] -- C:\Users\Chris' laptop\AppData\Local\{E4B7E767-B0D5-415B-90B9-4FD3D2A7103F}

========== Files - Modified Within 30 Days ==========

[2012/04/28 18:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/28 18:16:08 | 000,000,000 | ---- | M] () -- C:\Users\Chris' laptop\AppData\Local\WavXMapDrive.bat
[2012/04/28 18:15:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/28 18:15:41 | 2760,245,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/28 16:37:06 | 000,001,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 16:37:06 | 000,001,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 16:10:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/28 14:34:57 | 000,000,512 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\MBR.dat
[2012/04/28 14:29:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris' laptop\Desktop\aswMBR.exe
[2012/04/28 13:54:26 | 000,337,321 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\FSS.exe
[2012/04/28 12:02:56 | 000,664,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/28 12:02:56 | 000,122,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/28 11:35:23 | 000,000,014 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\import.bat
[2012/04/28 09:39:08 | 000,154,624 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\TDSSQlook.exe
[2012/04/27 21:56:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris' laptop\Desktop\OTL.exe
[2012/04/27 21:22:36 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/27 18:41:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/27 15:27:32 | 004,478,092 | R--- | M] (Swearware) -- C:\Users\Chris' laptop\Desktop\ComboFix.exe
[2012/04/27 13:45:45 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris' laptop\Desktop\tdsskiller.exe
[2012/04/27 12:46:36 | 001,280,512 | ---- | M] () -- C:\Users\Chris' laptop\Desktop\RogueKiller.exe
[2012/04/13 08:29:29 | 000,001,107 | ---- | M] () -- C:\Users\Chris' laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

========== Files Created - No Company Name ==========

[2012/04/28 16:15:03 | 000,001,184 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 16:15:03 | 000,001,184 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 14:34:57 | 000,000,512 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\MBR.dat
[2012/04/28 13:56:09 | 000,337,321 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\FSS.exe
[2012/04/28 11:33:39 | 000,000,014 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\import.bat
[2012/04/28 10:10:26 | 000,154,624 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\TDSSQlook.exe
[2012/04/27 18:40:58 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/27 12:57:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/27 12:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/27 12:57:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/27 12:57:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/27 12:57:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/27 12:46:30 | 001,280,512 | ---- | C] () -- C:\Users\Chris' laptop\Desktop\RogueKiller.exe
[2012/04/03 08:19:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/04/27 17:18:18 | 000,703,959 | ---- | C] () -- C:\Windows\HPISExe.dat
[2011/03/20 10:23:13 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/06 13:59:40 | 000,000,000 | ---- | C] () -- C:\Users\Chris' laptop\AppData\Local\WavXMapDrive.bat
[2010/07/24 11:20:33 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/07/24 11:20:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/07/24 11:20:33 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/24 11:20:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/07/24 11:20:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/07/24 11:20:32 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/07/24 11:20:32 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/24 08:40:17 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2010/07/24 08:40:17 | 000,206,216 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2010/07/24 08:39:13 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll

========== LOP Check ==========

[2011/04/27 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Autodesk
[2010/08/06 13:59:52 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Broadcom
[2011/08/19 10:56:02 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Leadertech
[2010/08/06 13:59:52 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\Wave Systems Corp
[2011/04/06 13:17:06 | 000,000,000 | ---D | M] -- C:\Users\Chris' laptop\AppData\Roaming\webex
[2012/01/12 15:43:28 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< C:\_OTL\MovedFiles\04282012_161042\*.* /s >
[2011/05/19 16:33:42 | 000,000,344 | ---- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_ProgramData\26140408
[2011/12/29 12:44:07 | 000,009,372 | --S- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_ProgramData\545mhm10i165fb14p5igv7o722375a57e2657
[2011/05/19 16:33:47 | 000,000,112 | ---- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_ProgramData\~26140408
[2011/05/19 16:33:47 | 000,000,136 | ---- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_ProgramData\~26140408r
[2011/12/29 12:44:07 | 000,009,372 | --S- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_Users\Chris' laptop\AppData\Local\545mhm10i165fb14p5igv7o722375a57e2657
[2009/08/26 15:30:30 | 000,000,247 | ---- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_Windows\Downloaded Program Files\swflash.inf
[2012/04/28 11:47:51 | 000,014,256 | -H-- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 11:47:51 | 000,014,256 | -H-- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 16:26:40 | 000,000,196 | -H-- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_Windows\System32\tscct1.dll
[2012/04/27 18:25:44 | 000,000,027 | ---- | M] () -- C:\_OTL\MovedFiles\04282012_161042\C_Windows\System32\drivers\etc\hosts

< End of report >
  • 0

#60
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download fix3.txt to your good laptop.
Attached File  fix3.txt   393bytes   48 downloads
Copy it onto the USB drive.
Remove the drive and insert it in the bad laptop.


Step 2.


  • Please reopen Posted Image on your desktop.
  • Open fix3.txt with notepad and edit select all, edit copy the entire file.
  • Paste the code into the Posted Image textbox.

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Copy the log onto the USB drive from the bad laptop.
Put the USB drive in the good laptop and open the file with notepad and post it in your next reply.


Please give me an update on how the computer is performing including the internet.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP