Thank you for helping me! I'm sure with your help we will get this thing fixed!
Here are the OTL logs.
OTL.TXT LOG
OTL logfile created on: 5/23/2012 9:07:29 PM - Run 7
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Wayne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.93 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 76.66% Memory free
15.87 Gb Paging File | 13.74 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 436.01 Gb Free Space | 74.98% Space Free | Partition Type: NTFS
Computer Name: WAYNE-PC | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/05/19 17:40:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe
PRC - [2012/05/03 06:34:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Firefox\firefox.exe
PRC - [2012/05/03 06:34:38 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Firefox\plugin-container.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/01 14:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 04:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 04:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
PRC - [2010/11/22 15:19:45 | 002,201,936 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
PRC - [2010/11/01 21:40:30 | 002,006,664 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/11/01 21:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/11/01 21:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/10/18 12:08:40 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/09/28 02:45:18 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/08/12 11:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/06/30 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/06/30 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/26 22:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1295595686\ee\aolsoftware.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
========== Modules (No Company Name) ========== MOD - [2012/05/10 17:18:37 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012/05/10 05:22:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 05:22:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/10 05:22:27 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/10 05:22:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 05:22:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 05:22:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 05:22:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 05:22:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/03 06:34:39 | 001,952,696 | ---- | M] () -- C:\Firefox\mozjs.dll
MOD - [2012/04/20 22:11:41 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/02/01 14:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/13 04:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll
MOD - [2011/01/13 04:19:49 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\Tier2Svc.dll
MOD - [2011/01/13 04:19:49 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.6\components\DataSvcs.dll
MOD - [2010/11/01 21:40:34 | 000,087,176 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/11/01 21:40:30 | 000,057,480 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/11/01 21:40:24 | 000,248,968 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2010/07/29 18:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:
64bit: - [2010/01/19 16:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:
64bit: - [2010/01/19 16:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:
64bit: - [2010/01/19 16:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:
64bit: - [2009/11/17 02:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:
64bit: - [2009/11/02 11:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:
64bit: - [2009/09/15 20:59:44 | 000,907,264 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:
64bit: - [2009/09/15 20:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:
64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/04/20 22:11:41 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/01 14:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/14 08:19:00 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/14 08:11:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/01 21:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/09/28 16:45:14 | 000,254,448 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/08/12 11:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/30 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/06/30 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/09/18 03:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:
64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:
64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:
64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:
64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:
64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:
64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2010/09/26 23:13:16 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:
64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:
64bit: - [2010/08/19 15:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:
64bit: - [2010/08/12 09:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:
64bit: - [2010/07/19 02:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:
64bit: - [2010/07/19 02:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:
64bit: - [2010/07/19 02:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:
64bit: - [2010/07/14 21:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2010/07/12 19:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:
64bit: - [2010/07/12 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:
64bit: - [2010/06/23 02:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2010/06/21 13:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:
64bit: - [2010/06/10 18:14:00 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:
64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:
64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:
64bit: - [2010/03/03 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2010/03/01 02:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:
64bit: - [2010/01/12 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:
64bit: - [2009/12/18 13:13:02 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:
64bit: - [2009/12/18 13:13:00 | 000,257,536 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:
64bit: - [2009/12/18 13:12:58 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:
64bit: - [2009/12/18 13:12:58 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:
64bit: - [2009/12/18 13:12:58 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV:
64bit: - [2009/11/02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:
64bit: - [2009/09/16 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:
64bit: - [2009/09/15 06:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:
64bit: - [2009/09/15 06:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:
64bit: - [2009/09/15 06:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:
64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:
64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:
64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2009/05/08 11:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:
64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:
64bit: - [2006/11/29 15:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:
64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {DACAC2E2-1467-4CA1-B162-368490C0F4F5}
IE:
64bit: - HKLM\..\SearchScopes\{DACAC2E2-1467-4CA1-B162-368490C0F4F5}: "URL" =
http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" =
http://slirsredirect...hromesbox-en-usIE - HKLM\..\SearchScopes\{B577760B-2ED7-4AE1-9E78-0DB6D5C083EC}: "URL" =
http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/USCON/1IE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" =
http://slirsredirect...hromesbox-en-usIE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\..\SearchScopes\{B577760B-2ED7-4AE1-9E78-0DB6D5C083EC}: "URL" =
http://www.bing.com/...ferrer:source?}IE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "
http://www.bing.com/...FORM=VE3D01&q="FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.google.com/"FF - prefs.js..extensions.enabledItems:
[email protected]:1.12
FF - prefs.js..extensions.enabledItems:
[email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems:
[email protected]:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "
http://www.bing.com/...FORM=VE3D01&q=" FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/02/28 00:59:13 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\ITUNES\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/02/28 00:59:13 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\
[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/01/14 08:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/28 20:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Firefox\components [2012/05/03 06:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/28 20:10:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Firefox\components [2012/05/03 06:34:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Firefox\plugins
[2011/01/19 17:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions
[2012/05/01 21:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\g6zu94i8.default\extensions
[2012/03/07 19:16:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\g6zu94i8.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/04/12 06:38:32 | 000,002,352 | ---- | M] () -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\g6zu94i8.default\searchplugins\aol-search.xml
[2011/02/28 07:52:58 | 000,001,820 | ---- | M] () -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\g6zu94i8.default\searchplugins\bing.xml
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
O1 HOSTS File: ([2012/04/01 15:02:46 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:
64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:
64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:
64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:
64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:
64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:
64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:
64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1576188648-2490700061-4006994009-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16:
64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:
64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:
64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87537F2B-493E-4C2A-AF50-F085BAD55A9F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FC0CB8E-BBFB-417B-901E-C6493B3D134C}: DhcpNameServer = 13.36.0.1 13.36.0.2
O18:
64bit: - Protocol\Handler\cozi - No CLSID value found
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:
64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{084ee45e-6910-11e0-ae40-c0cb38acd005}\Shell - "" = AutoRun
O33 - MountPoints2\{084ee45e-6910-11e0-ae40-c0cb38acd005}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{923fafaa-bc9f-11e0-8f8d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{923fafaa-bc9f-11e0-8f8d-00038a000015}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{988a4627-3cfa-11e0-b86b-c0cb38acd005}\Shell - "" = AutoRun
O33 - MountPoints2\{988a4627-3cfa-11e0-b86b-c0cb38acd005}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{ce9bd028-3717-11e0-9361-c0cb38acd005}\Shell - "" = AutoRun
O33 - MountPoints2\{ce9bd028-3717-11e0-9361-c0cb38acd005}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{ce9bd047-3717-11e0-9361-c0cb38acd005}\Shell - "" = AutoRun
O33 - MountPoints2\{ce9bd047-3717-11e0-9361-c0cb38acd005}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2012/05/23 21:06:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Wayne\Desktop\aswMBR.exe
[2012/05/19 17:40:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe
[2012/05/13 12:22:05 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\c10 frame
[2012/05/12 23:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 23:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/12 23:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/09 20:29:26 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/09 20:29:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/09 20:29:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/09 20:29:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/06 18:50:02 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Motorola
[2012/05/06 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/05/06 18:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/05/06 08:57:01 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\May2012002
[2012/05/02 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\c10
[2012/04/30 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\ford truck
[2012/04/29 15:52:04 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\small s10 photos
[2012/04/29 15:22:32 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\s10 photos
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/05/23 21:07:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Wayne\Desktop\aswMBR.exe
[2012/05/23 21:00:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/23 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/23 16:59:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 16:59:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 16:58:28 | 012,503,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/23 16:58:28 | 004,298,764 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/23 16:58:28 | 000,005,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/23 16:52:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/23 16:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 16:52:04 | 2094,301,183 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 17:40:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe
[2012/05/18 18:05:24 | 000,365,590 | ---- | M] () -- C:\Users\Wayne\Desktop\app.pdf
[2012/05/12 09:08:21 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/10 05:17:14 | 000,294,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/06 08:57:01 | 005,030,237 | ---- | M] () -- C:\Users\Wayne\Desktop\May2012002.zip
[2012/04/24 06:50:44 | 010,565,758 | ---- | M] () -- C:\Users\Wayne\Desktop\80390.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/05/18 18:05:20 | 000,365,590 | ---- | C] () -- C:\Users\Wayne\Desktop\app.pdf
[2012/05/06 08:56:18 | 005,030,237 | ---- | C] () -- C:\Users\Wayne\Desktop\May2012002.zip
[2012/04/24 06:49:32 | 010,565,758 | ---- | C] () -- C:\Users\Wayne\Desktop\80390.pdf
[2012/03/30 19:24:58 | 000,000,040 | ---- | C] () -- C:\Users\Wayne\AppData\Roaming\datafile
[2011/06/14 23:06:07 | 000,000,000 | ---- | C] () -- C:\Users\Wayne\AppData\Local\{717C49C0-B0C0-4C8B-A635-895E9D78AB3C}
[2011/02/12 22:08:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/28 20:03:03 | 000,202,437 | ---- | C] () -- C:\Windows\hpoins41.dat
[2011/01/27 20:12:58 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/19 19:37:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2010/11/24 10:05:36 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2010/11/24 10:05:36 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2010/11/24 10:05:36 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2010/11/24 10:05:36 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2010/11/24 10:05:36 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2010/11/24 10:05:36 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2010/11/24 10:05:36 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2010/11/24 10:05:36 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2010/11/01 21:40:34 | 000,087,176 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/11/01 21:40:30 | 000,057,480 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/11/01 21:40:24 | 000,248,968 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
========== LOP Check ========== [2011/01/19 19:59:56 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\acccore
[2012/05/23 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\BitTorrent
[2012/04/11 22:15:04 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Canneverbe Limited
[2012/04/11 21:33:22 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\COWON
[2011/10/10 20:50:34 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\HandBrake
[2012/05/06 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Motorola
[2011/01/22 16:12:33 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PCDr
[2011/02/04 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Rovio
[2012/03/22 10:49:42 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\SoftGrid Client
[2011/01/27 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\TP
[2012/05/12 09:08:21 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/12 19:05:25 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/10 03:59:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2011/01/14 09:28:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/01/14 09:29:13 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/01/14 09:28:52 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/01/14 09:29:00 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/01/14 09:29:13 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/01/14 09:29:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/01/14 09:29:13 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/01/14 09:29:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/01/14 09:29:13 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/01/14 09:28:52 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/01/14 09:29:00 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/01/14 09:28:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SVCHOST.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Temp\VIRUS STUFF\malewarebytes\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Temp\VIRUS STUFF\malewarebytes\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/01/14 09:29:13 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/01/14 09:29:13 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{84CBED2A-70DF-4187-86E2-72FF9C8F3D82}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{87537F2B-493E-4C2A-AF50-F085BAD55A9F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8B775026-D67C-43BB-A10A-DA9DCEE060EF}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9FC0CB8E-BBFB-417B-901E-C6493B3D134C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"DhcpNameServerList" = 13.36.0.113.36.0.2 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C885AE56-5C57-4233-B729-DC5CFA7E1036}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FEB57405-2A09-4336-B5AF-4B873275AC0C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0F 01 0D 01 09 01 06 01 04 01 01 01 13 01 08 01 10 01 0E 01 0A 01 07 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 19
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: \accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: \accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: \accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: \aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/03 06:34:38 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/03 06:34:38 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/03 06:34:38 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Firefox\firefox.exe [2012/05/03 06:34:39 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Firefox\firefox.exe" -preferences [2012/05/03 06:34:39 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Firefox\firefox.exe" -safe-mode [2012/05/03 06:34:39 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: \ACCDEF.EXE -RB
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: \ACCDEF.EXE -HB
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: \ACCDEF.EXE -SB
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: \AOL.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/05/03 06:34:38 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/05/03 06:34:38 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/05/03 06:34:38 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\FIREFOX\FIREFOX.EXE [2012/05/03 06:34:39 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/05/03 06:34:39 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/05/03 06:34:39 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/08 20:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
< %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < C:\Windows\assembly\tmp\U\*.* /s > < C:\Program Files\Common Files\ComObjects\*.* /s > ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HM640JJ
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41126400
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 581.00GB
Starting Offset: 15769766400
Hidden sectors: 0
< type c:\diskreport.txt /c >Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: WAYNE-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 14 GB Healthy System
Volume 2 C OS NTFS Partition 581 GB Healthy Boot
< End of report >
OTL
EXTRAS.TXTLOG
OTL Extras logfile created on: 5/23/2012 9:07:29 PM - Run 7
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Wayne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.93 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 76.66% Memory free
15.87 Gb Paging File | 13.74 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 436.01 Gb Free Space | 74.98% Space Free | Partition Type: NTFS
Computer Name: WAYNE-PC | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1576188648-2490700061-4006994009-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03775C03-5774-4490-8045-E6B71D3B126E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{048D0BDB-DFBE-4E06-9EEA-0E0C27E4D134}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DCB83CF-E7A6-4ECD-B15F-1EB1936F6480}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3134CE8F-E245-4280-A301-3FA030E4A793}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33923740-9336-43B2-8018-BC200304C3A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{42E1AB0B-BDE7-4A5A-9BCC-9AA62533EC79}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50F2387F-E9EB-404E-9BD5-B5CEA4EE565D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C43A70C-8403-4051-B0B9-BD6FA62BFE0A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6ECD4937-E993-4356-9FB2-ED992F76B9A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{888D3CA2-3B18-4F3D-A9A4-CB005D0F7FA5}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8CD486C8-DD80-44D7-A562-78A50ADD3713}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D95D00B-B378-4493-9443-BDBD42495229}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F74B0BF-D8CA-4241-81B6-05C1793A68D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{9500F086-2019-4E63-8BE6-95A28D9EA474}" = rport=138 | protocol=17 | dir=out | app=system |
"{B06D1333-B27B-4802-81E6-8F2583401D44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B69A6E6A-4FE5-4AE7-813E-577EE92F2B0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA87D6D8-D4EA-41DB-8C13-7B0C445E6AEA}" = lport=139 | protocol=6 | dir=in | app=system |
"{BD4797F1-4C6D-443C-88D1-8EA862785F47}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2E7B873-4A58-4E3D-9780-8E922E871054}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{C835BBBC-7972-4D7A-88C5-F1A44CF77C42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C98852CC-AE10-4CED-B1C0-A66CAD065FC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2F1C751-1DFA-47E7-97A0-678B17551A34}" = lport=138 | protocol=17 | dir=in | app=system |
"{DBB910B6-B39A-4CC6-89F4-4E5694C5FD9D}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7F3DA69-A917-4361-9445-1BCC0C2FCC31}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E2C5B-5F7D-473E-A6F2-777BF6BAFCAC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{043400B3-F40B-46A0-A330-10F12BF1DE82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{092E96BB-BA06-4DDC-9C8A-6BD75017A7FA}" = protocol=6 | dir=out | app=system |
"{0BF17F8D-B621-4CB9-B457-0F91630B31A0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1295492266\ee\aoldesktop.exe |
"{0D95D2ED-308C-4416-B003-DABCB1EE070D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0E5B96AD-C188-4565-B29A-77FDB269E222}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{0E863659-6C84-48A2-A5B9-94BE3768FF20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10DB8E59-5635-4522-88F5-571248A6EE57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1222346A-1FD6-4A90-8CD2-B7C7D55A6D50}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{126B6B46-88C7-4F44-B3F2-E1AA27D469B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17496865-2018-4AB4-8581-77EC8E336E56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{19A3187A-622F-4A90-A563-591AC90ACF54}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{1AA53D30-03CB-43D9-9223-BDED66B13B82}" = dir=in | app=d:\setup\hpznui40.exe |
"{1F29EB71-B2C8-42FC-B794-54248963E1B4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{203CCFEA-9362-469B-8666-E39BB2D25CAD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1295595686\ee\aolsoftware.exe |
"{2645B787-B7A9-44E8-BD36-595D121E917B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2740B95A-9592-41E9-BEEB-84F667796B51}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{318A85C7-CAC1-4C69-A602-5247B3545247}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{32B223CB-D5B4-44C0-9B9C-F70F649490B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{369621E3-483E-4326-B0EA-EA7C5BECF8FD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{39BDC562-C5AE-49F0-B4D7-23EEEAA680B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A365A43-99A8-41F4-A1C4-08A4ABBEA952}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3F7BF989-BD7E-4945-89B7-F7A0EC314D8B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{40B8E70B-7355-4BF4-BA8A-CAB41B74C4CB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{468B9244-87DF-47B7-BB6D-FB8470023033}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{4A32ADA0-82B2-4FF8-B415-53CA91E12A68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{529473C6-6C79-46B7-9AFF-F43E51CDD0F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57DF0457-7953-4D9D-8485-27BA966CE225}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{5B854D00-7556-4F95-A6DA-26BC75E8D58A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5BF60149-44E9-4A17-B73B-C3B8BC47A0D8}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{637DF0B7-80EC-4B39-9480-84DF65C4AB62}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{68FA40D6-BA4A-4C23-BFA4-86DE1768B24A}" = protocol=1 | dir=in |
[email protected],-28543 |
"{6968C5FB-3F82-457C-A58B-C0ECD7D06B1D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{69FEEACB-73AF-44DF-B60C-D096A374F305}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{6CF41E80-C7C6-4140-9F98-E965F30451EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7140C656-8F4A-42F7-9A84-64A25CF0BA6D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{745694B7-89FB-425E-BFE4-B81B4A588101}" = protocol=6 | dir=in | app=c:\temp\bit torrent\bittorrent.exe |
"{761A7389-92C8-4357-B549-3B602CAEC5CF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{799B4BED-9257-404A-8985-DA3FEF9A74ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{7CE4A58B-D883-497F-9703-8D53C384EFF5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7D06BC49-C787-41BC-948E-AC888EE22EA3}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{83855513-D420-4FCB-8F1C-F210C1BD6F41}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8644FB43-1413-4ADC-B6DA-A5972FF8FC54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{89F98A2C-8BAB-42BA-887A-1E9D289C96AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F651B7B-EB4D-423E-8B87-735D12AD33F2}" = protocol=17 | dir=in | app=c:\temp\bit torrent\bittorrent.exe |
"{90ED81FE-3F8C-4FC2-BADC-9E71F0B6BE4A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{940BCB73-DB1B-4FD8-A863-B15D871AD184}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1295492266\ee\aoldesktop.exe |
"{998267E5-74A8-47C5-9318-F01F20CA5C36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B347FA8-B99B-42EC-BC5B-39AED5805788}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{9B8FA5F9-4129-44CB-883E-9C92620172EF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1295595686\ee\aolsoftware.exe |
"{9CEE888B-16C0-44FF-B7D0-9B9F76662C79}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A077E4DA-0967-45D2-996B-ED8F57D5C19D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1295595686\ee\aolsoftware.exe |
"{A15E5AB8-D36F-4A9E-9A3E-F1D466DBB606}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1295492266\ee\aolsoftware.exe |
"{A33FC49A-91D2-4E54-8017-681516FC6CB9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1295492266\ee\aolsoftware.exe |
"{A393D011-AE14-442E-B4C8-654B15086DFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{AFF56C33-A91D-4CDD-A445-8D4550579893}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{B2717F7B-F366-45A5-ABE8-7E56C10E3374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4483064-52E8-4488-94C5-0996872789F7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B5DFF69D-27AB-4CBF-930B-62B98CBAA4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{B85B6943-75CD-49E1-8110-2D6C9CFA252E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{B9929F96-5BA7-473A-AE7B-693C3A8DD5C2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{BC277525-E43F-46E4-85FA-D0E0F0EE9C26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2AB5BB2-8C6C-4326-914F-CC5938D78925}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{C8A905C7-C619-42FE-AD33-E0A30920CC39}" = protocol=1 | dir=out |
[email protected],-28544 |
"{CB508EFF-486E-449A-BC54-62432BB9ED2B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{CCCB3DC0-AF0D-4CE0-9E83-C6BEBF48B2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{CEFE8D33-D2F2-408E-9F32-DCB31BBFC5CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFDF6EB2-C945-4DE4-9924-B8519F9BAC4B}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{D03C5226-7BF8-4D25-81CC-6675986B82A7}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{D1B9B020-26B7-4A38-A52C-C9E9504C7A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{D36E217E-C2D5-451A-BA70-BD54A4A8327F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D3ADD6F2-250F-44AD-9C7F-94AB914F347B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D412E973-F9F8-475F-AACE-3EB4B2CCB698}" = protocol=58 | dir=in |
[email protected],-28545 |
"{D535CB19-C4C5-43E7-A432-7C4477105D75}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D5C9F1F6-0DB1-4532-ABD7-CB995ADF7BD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6846BF7-C92F-47ED-BB57-577501EF633C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAAC80D3-887D-4231-BFC3-1D3EC32A8933}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe |
"{DC41E2F7-FA26-4104-8465-753D067C07E4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{E0109C7D-4C9E-4AFD-A69A-70DDBA75362E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{E464B9FC-5760-4EB8-B80A-D1BD960AD61A}" = dir=in | app=c:\itunes\itunes.exe |
"{EF322B78-CFD1-49E5-B42D-F9894FC0B07D}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{EF8D70CD-684F-4C05-B60E-F0766FDB9F0D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1295595686\ee\aolsoftware.exe |
"{EFA06402-7087-41FD-8762-ACDB7E986620}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{FA576301-4444-423C-B490-4E7F4A4149BE}" = protocol=58 | dir=out |
[email protected],-28546 |
"{FA5F7680-A23F-4ED9-8735-4B89B713F713}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{15B6CF88-81B2-43C3-9C06-CB188EF904A9}C:\temp\bit torrent\bittorrent-7.2.exe" = protocol=6 | dir=in | app=c:\temp\bit torrent\bittorrent-7.2.exe |
"TCP Query User{A38414FF-1D2E-4EE9-9FE0-0A1BA05F78F3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{BA278823-D94E-4C4F-A620-AC8E16BD9570}C:\temp\bit torrent\bittorrent-7.2.exe" = protocol=6 | dir=in | app=c:\temp\bit torrent\bittorrent-7.2.exe |
"UDP Query User{1AA72546-EAE6-403B-B83A-6C349D1D7B8A}C:\temp\bit torrent\bittorrent-7.2.exe" = protocol=17 | dir=in | app=c:\temp\bit torrent\bittorrent-7.2.exe |
"UDP Query User{C4AC1CEA-EBA5-40F1-8F06-350B38F445A0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E2AAAE5C-0BA3-406C-AEA5-DC53C0CE2DFD}C:\temp\bit torrent\bittorrent-7.2.exe" = protocol=17 | dir=in | app=c:\temp\bit torrent\bittorrent-7.2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java 6 Update 22 (64-bit)
"{2C5BEF49-4219-4751-9106-39604462939D}" = Face Recognition
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel® PROSet/Wireless WiFi Software
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Dell Support Center" = Dell Support Center
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F362902D-BC94-4187-8960-3B51F55B2EB0}" = Verizon Wireless USB760 Firmware Updates
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar for Firefox" = AOL Toolbar for Firefox
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.64
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PremElem80" = Adobe Premiere Elements 8.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1576188648-2490700061-4006994009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 5/23/2012 1:40:45 AM | Computer Name = Wayne-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 5/23/2012 9:37:18 AM | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 5/23/2012 9:37:18 AM | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 5/23/2012 9:42:41 AM | Computer Name = Wayne-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. The file 'C:\Users\Wayne\AppData\local\\softthinks\scheduler.xml'
already exists. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean
overwrite) at System.IO.File.Copy(String sourceFileName, String destFileName)
at Toaster.SchedulerReader.read() at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() at Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) at Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) at System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 5/23/2012 7:54:16 PM | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 5/23/2012 7:54:16 PM | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 5/23/2012 7:58:25 PM | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 5/23/2012 7:58:25 PM | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 5/23/2012 8:03:52 PM | Computer Name = Wayne-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. The file 'C:\Users\Wayne\AppData\local\\softthinks\scheduler.xml'
already exists. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean
overwrite) at System.IO.File.Copy(String sourceFileName, String destFileName)
at Toaster.SchedulerReader.read() at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() at Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) at Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) at System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 5/23/2012 8:35:28 PM | Computer Name = Wayne-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ Dell Events ]
Error - 7/25/2011 9:10:25 PM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/10/2011 11:22:01 PM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/10/2011 11:22:01 PM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/5/2011 1:44:30 AM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/5/2011 1:44:30 AM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/5/2011 1:55:06 AM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 11/5/2011 1:55:06 AM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 12/3/2011 1:31:50 PM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 12/3/2011 1:31:50 PM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 12/17/2011 12:33:16 AM | Computer Name = Wayne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
[ Media Center Events ]
Error - 3/19/2011 11:54:33 PM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 8:54:33 PM - Error connecting to the internet. 8:54:33 PM - Unable
to contact server..
Error - 3/19/2011 11:54:55 PM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 8:54:38 PM - Error connecting to the internet. 8:54:38 PM - Unable
to contact server..
Error - 3/20/2011 12:54:59 AM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 9:54:59 PM - Error connecting to the internet. 9:54:59 PM - Unable
to contact server..
Error - 3/20/2011 12:55:11 AM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 9:55:04 PM - Error connecting to the internet. 9:55:04 PM - Unable
to contact server..
Error - 4/21/2011 11:51:42 AM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 8:51:42 AM - Error connecting to the internet. 8:51:42 AM - Unable
to contact server..
Error - 4/21/2011 11:51:56 AM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 8:51:47 AM - Error connecting to the internet. 8:51:47 AM - Unable
to contact server..
Error - 5/19/2011 11:47:52 AM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 8:47:52 AM - Error connecting to the internet. 8:47:52 AM - Unable
to contact server..
Error - 5/19/2011 11:48:10 AM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 8:47:57 AM - Error connecting to the internet. 8:47:57 AM - Unable
to contact server..
Error - 5/19/2011 12:48:15 PM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 9:48:15 AM - Error connecting to the internet. 9:48:15 AM - Unable
to contact server..
Error - 5/19/2011 12:48:26 PM | Computer Name = Wayne-PC | Source = MCUpdate | ID = 0
Description = 9:48:20 AM - Error connecting to the internet. 9:48:20 AM - Unable
to contact server..
[ System Events ]
Error - 5/20/2012 11:16:06 AM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/20/2012 1:35:33 PM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/21/2012 9:48:38 AM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/21/2012 9:49:08 AM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/22/2012 1:00:59 AM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/22/2012 1:01:29 AM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/22/2012 9:37:43 AM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/22/2012 10:56:47 PM | Computer Name = Wayne-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:03:27 AM on ?5/?22/?2012 was unexpected.
Error - 5/23/2012 9:32:07 AM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 5/23/2012 7:53:09 PM | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
< End of report >
[b]
ASWMBR LOG[/b
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 21:17:38
-----------------------------
21:17:38.893 OS Version: Windows x64 6.1.7601 Service Pack 1
21:17:38.894 Number of processors: 8 586 0x1E05
21:17:38.895 ComputerName: WAYNE-PC UserName: Wayne
21:17:40.000 Initialize success
21:25:09.497 AVAST engine defs: 12052301
21:27:16.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:27:16.620 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 610480MB BusType: 3
21:27:16.640 Disk 0 MBR read successfully
21:27:16.643 Disk 0 MBR scan
21:27:16.648 Disk 0 Windows VISTA default MBR code
21:27:16.652 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:27:16.657 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
21:27:16.673 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595440 MB offset 30800325
21:27:16.693 Disk 0 scanning C:\Windows\system32\drivers
21:27:28.943 Service scanning
21:27:55.815 Modules scanning
21:27:55.833 Disk 0 trace - called modules:
21:27:55.858 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
21:27:56.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007da1790]
21:27:56.203 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> [0xfffffa8007cb5c20]
21:27:56.214 5 stdcfltn.sys[fffff88001afec52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007af6050]
21:27:57.440 AVAST engine scan C:\Windows
21:27:59.872 AVAST engine scan C:\Windows\system32
21:30:28.474 AVAST engine scan C:\Windows\system32\drivers
21:30:41.948 AVAST engine scan C:\Users\Wayne
21:31:16.999 File: C:\Users\Wayne\AppData\Roaming\HP\HP\odgjbui.dll **INFECTED** Win32:Malware-gen
21:31:59.386 AVAST engine scan C:\ProgramData
21:36:02.037 Scan finished successfully
21:37:12.259 Disk 0 MBR has been saved successfully to "C:\Users\Wayne\Desktop\MBR.dat"
21:37:12.265 The log file has been saved successfully to "C:\Users\Wayne\Desktop\aswMBR.txt"