[Jules4me]

This laptop is running Windows 7. It is the ex-gaming computer and the kids gave it up because they say it will not play games anymore. I have run Avast Free, Anti Malwarebytes, Spybot and Ccleaner, but the problems continue. It barely can do anything on the internet. It is very slow and many times does not load the html of the website correctly. I don't have much else to report. All I know is that it is really messed up.

Below you will find the two OTL logs.

Thanks godawgs for your wonderful help!



OTL logfile created on: 9/2/2012 10:59:55 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 72.21% Memory free
6.98 Gb Paging File | 5.95 Gb Available in Paging File | 85.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 23.93 Gb Free Space | 25.30% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 22:59:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 1525\Downloads\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/14 09:37:42 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/18 22:57:44 | 000,336,952 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2012/01/21 01:39:12 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.EXE
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/29 21:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 21:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 21:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 21:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/29 21:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/29 21:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 21:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 21:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/09/02 18:06:33 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/24 17:35:23 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/21 01:39:12 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/01/21 01:39:12 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/04 22:56:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) [Auto | Running] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 11:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/18 22:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/08/19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2260173

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 62 C9 88 74 83 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {be0517a8-e339-3d94-f961-6a7af79275bf} - C:\Program Files\MemoLink\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {1C888E30-FF69-441B-B061-13C1B0F0E1BD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{1266438C-0AD6-4514-9483-5668E03A0461}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{1C888E30-FF69-441B-B061-13C1B0F0E1BD}: "URL" = http://search.condui...&ctid=CT2260173
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.aol.com"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/02 17:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/02 14:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]

[2011/10/05 10:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Extensions
[2012/09/02 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions
[2011/11/29 19:59:08 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2012/07/14 09:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/24 17:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/09/02 14:55:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/02 17:52:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/14 09:06:56 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DELL 1525\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PLI5VIUT.DEFAULT\EXTENSIONS\[email protected]
[2012/07/24 17:35:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/24 17:34:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/24 17:34:52 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Swag Bucks Customized Web Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2260173
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Memolink Toolbar BHO) - {0C6FE940-7788-4F1C-B735-B7657C04A763} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MemoLink BHO) - {A9C85A36-FE15-7344-7578-A7E8EAF18473} - C:\Program Files\MemoLink\Toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.352.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.352.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dell 1525\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: conduit.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([player] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236C68D3-8D81-4FC8-A221-20B19C0F6607}: DhcpNameServer = 147.226.3.30 147.226.3.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/12 15:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/12 15:09:46 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/12 15:09:45 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/12 15:09:38 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/12 15:09:36 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/12 15:09:34 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/12 15:09:31 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/12 15:08:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/12 15:08:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files - Modified Within 30 Days ==========

[2012/09/02 22:56:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/02 22:56:38 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/02 22:56:38 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/02 21:16:14 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/02 18:25:23 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 18:25:23 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 18:17:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/02 18:17:14 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 18:15:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/02 14:55:48 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/02 14:55:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/01 14:48:37 | 000,002,480 | ---- | M] () -- C:\Users\Dell 1525\Desktop\Google Chrome.lnk
[2012/08/20 22:44:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/15 09:38:17 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 18:19:51 | 000,001,337 | ---- | M] () -- C:\Users\Dell 1525\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 15:02:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/12 15:02:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/12 15:02:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\CMS Application Updater.job

========== Files Created - No Company Name ==========

[2012/08/12 15:09:48 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/08 16:09:03 | 000,007,605 | ---- | C] () -- C:\Users\Dell 1525\AppData\Local\Resmon.ResmonCfg
[2012/07/03 23:36:32 | 000,033,134 | ---- | C] () -- C:\Users\Dell 1525\AppData\Roaming\UserTile.png
[2012/04/04 13:32:08 | 000,001,848 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2011/12/02 20:10:19 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/02 20:10:18 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/05 12:30:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/05 12:27:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/04 20:40:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\CMS Application Updater.job
[2012/09/02 18:15:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/02 21:16:14 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/05/11 16:30:33 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:32A82570

< End of report >





OTL Extras logfile created on: 9/2/2012 10:59:55 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 72.21% Memory free
6.98 Gb Paging File | 5.95 Gb Available in Paging File | 85.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 23.93 Gb Free Space | 25.30% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B3581B-B61F-4004-81DF-C4E02CBEBB51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07F6E64C-2C50-4012-80AE-3CDC47EB8885}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0C0890EC-34B7-4293-9366-61F2A32FACE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C52AF53-8708-4969-8985-42F98691AC9C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15145048-B822-4B58-8EAD-E481A1092035}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A64B75-8ACA-4ED6-A599-0E07DBACA3E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CADEBF2-2520-4F5C-A349-8C3503C00C47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41F7D0B6-51EB-4B7A-A38F-5283A568C63F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53021E62-8CFD-4C9F-A333-7C44DFAADC40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59B8C20F-AF7B-4611-B586-D5FF9FC10E29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6630BA92-8F58-4D91-9790-34EF4F8E8B2F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AD17AE5-8B2C-4B85-BAA8-A238EDD482BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AFCDB6A-E8BD-4D64-8932-83BD36F27D72}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C78A8C1-2A0D-429E-AA3B-FC126467B95B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{72D7AB30-245C-443D-A4ED-BE45FB8C804F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A43ADE36-FF5D-4084-A32B-50D50D04771E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1E5536C-841A-4EE9-94F8-11611C349E23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5F64A9C-0CC5-4535-B958-DE949F6BE004}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFE873C0-7CA9-485B-8836-5543502453E9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F972EA76-F7A7-45F6-A058-0C140D8F2483}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AFCB06-C084-4D83-9B84-E64CA0FFDB4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11372010-2BA9-4253-8DF6-475966520B5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{187581F5-655A-4C94-8282-1B397B3E6469}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BC45415-412F-48FB-AC7C-83A168B701B5}" = protocol=17 | dir=in | app=c:\users\dell 1525\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2147E8E7-B8BB-4C9B-9603-FFB2FA6855DF}" = protocol=6 | dir=in | app=c:\program files\memolink\troubleshooter.exe |
"{3264A41E-19C3-405B-B136-AA87B63D44A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34A79960-270A-4817-A04D-1975DAE56C05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34BE8205-A51F-45C7-8325-0721389ECE25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{384BCAE1-E890-48B6-A9B4-5629648EB9B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CF842BF-EEA2-40FA-AD18-E3631F9FC8BE}" = protocol=17 | dir=in | app=c:\program files\memolink toolbar\troubleshooter.exe |
"{403A15B1-8C28-4733-BEBF-03DF72E9A6FD}" = protocol=6 | dir=in | app=c:\users\dell 1525\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{49A8CA29-B494-4A38-9C14-6989F95F65AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{509B25B4-655D-4D47-92EB-331ED77E500E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57CDBD03-E879-49CA-BDDF-46AD3BA9C594}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BE60E6E-0BBF-440B-8307-3B37752881DC}" = protocol=6 | dir=in | app=c:\users\dell 1525\appdata\local\temp\7zs2645.tmp\symnrt.exe |
"{66E31D02-B071-439C-9C69-C18D68F180F2}" = protocol=6 | dir=in | app=c:\program files\memolink toolbar\troubleshooter.exe |
"{6DD775CA-EA54-46EC-93DA-496CE8B8AFD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6E62AB39-D8D1-4328-BD22-DAC9AA1C17FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A3FF354-70E4-4C6C-8ED1-23FB1B5BACE4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{931B810E-B002-4BDB-996B-A4A1F84F4DE2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9B3A627C-0EFA-4EA5-BA36-00033A1909E6}" = protocol=17 | dir=in | app=c:\program files\memolink toolbar\toolbarupdate.exe |
"{A350DE53-F7AC-4128-9C66-10B4B3F95376}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AE7EF36B-93CB-4B5F-AB05-5FB88E5BE579}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B78D8A0A-F887-42A5-BAB4-737BB8D48F11}" = protocol=6 | dir=in | app=c:\program files\roxio\roxionow player\rnowshell.exe |
"{BD8CA075-46FC-40D6-B97E-95045595206F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D022EEDB-0AEA-410A-8468-6ABBFE53BDBB}" = protocol=17 | dir=in | app=c:\users\dell 1525\appdata\local\temp\7zs2645.tmp\symnrt.exe |
"{D27E8B81-E14A-406E-BA11-D7FBA2601F22}" = protocol=6 | dir=in | app=c:\program files\memolink toolbar\toolbarupdate.exe |
"{D6AF9CB7-7CFB-4DDF-9FD5-0EE347450F3E}" = protocol=17 | dir=in | app=c:\program files\memolink\troubleshooter.exe |
"{D9147F31-F03A-443C-92CC-B266C0D7FC72}" = protocol=6 | dir=out | app=system |
"{DA34CDEF-E8BF-4799-81DF-81E8D273D4DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E13491C8-62E1-4115-ACE7-6DB3AF8CD9F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4735DC1-00A9-48DC-9031-D8E4CBE77542}" = protocol=17 | dir=in | app=c:\program files\roxio\roxionow player\rnowshell.exe |
"{EA342E35-56EF-489A-B93B-F13AA9B5F285}" = dir=in | app=c:\users\dell 1525\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{EE88FEEB-658A-4729-8E98-50892F4354CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA450632-F726-462E-9653-FDAF09A8E8BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{84C87028-9753-4801-95ED-4E544B7A4735}C:\users\dell 1525\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dell 1525\appdata\roaming\spotify\spotify.exe |
"UDP Query User{D5A342C7-3DDB-4527-BEE4-D0ED922FD3E4}C:\users\dell 1525\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dell 1525\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85D29B91-2BD3-7B95-C4FE-13E226D34090}" = Flixster Collections
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E588ABEE-F0AE-48A3-BE53-1681A8DB9781}" = Bing Bar
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CUZ4_is1" = CAM UnZip 4.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlixsterCollections" = Flixster Collections
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MemoLink" = MemoLink
"Memolink Toolbar" = Memolink Toolbar
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"RealPlayer 15.0" = RealPlayer
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"TVWiz" = Intel® TV Wizard
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2012 6:59:56 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2012 6:59:56 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 745997

Error - 9/2/2012 6:59:56 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 745997

Error - 9/2/2012 6:59:58 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2012 6:59:58 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 747666

Error - 9/2/2012 6:59:58 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 747666

Error - 9/2/2012 6:59:59 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2012 6:59:59 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 748852

Error - 9/2/2012 6:59:59 PM | Computer Name = PinkDell1525-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 748852

Error - 9/2/2012 7:33:26 PM | Computer Name = PinkDell1525-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 21.0.1180.89, time
stamp: 0x503ebf10 Faulting module name: jvm.dll, version: 23.1.0.3, time stamp:
0x4fb30b56 Exception code: 0xc0000005 Fault offset: 0x0016c784 Faulting process id:
0xccc Faulting application start time: 0x01cd8963578c9427 Faulting application path:
C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files\Java\jre7\bin\client\jvm.dll Report Id: 974bf1e4-f556-11e1-a234-0023ae1c9bc5

[ System Events ]
Error - 8/3/2012 10:20:23 PM | Computer Name = PinkDell1525-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 8/8/2012 2:32:25 PM | Computer Name = PinkDell1525-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 8/10/2012 7:35:49 AM | Computer Name = PinkDell1525-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 8/12/2012 3:54:04 PM | Computer Name = PinkDell1525-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 8/14/2012 7:27:41 PM | Computer Name = PinkDell1525-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:25:47 PM on ?8/?14/?2012 was unexpected.

Error - 8/20/2012 10:41:23 PM | Computer Name = PinkDell1525-PC | Source = DCOM | ID = 10010
Description =

Error - 9/2/2012 8:46:12 AM | Computer Name = PinkDell1525-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 9/2/2012 8:46:12 AM | Computer Name = PinkDell1525-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 9/2/2012 9:41:57 AM | Computer Name = PinkDell1525-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 9/2/2012 5:07:32 PM | Computer Name = PinkDell1525-PC | Source = DCOM | ID = 10010
Description =


< End of report >

[Advertisements]

Hi Jules,

Oh goodie....a repeat customer. I'm gonna ask for a raise
This is just to let you know that I've seen this post. I'll get back to you but I would like to ask you a question:
Is your Internet Service Provider through Ball State University....or did your kids have this computer at Ball State?

[godawgs]

Hi Jules,

Oh goodie....a repeat customer. I'm gonna ask for a raise
This is just to let you know that I've seen this post. I'll get back to you but I would like to ask you a question:
Is your Internet Service Provider through Ball State University....or did your kids have this computer at Ball State?

[Jules4me]

My brother put Windows 7 on this computer. He taught at Ball State in the computer department until budget cuts this year.

[godawgs]

Hello again,

Long time no see.
Our diagnostic tool, OTL, is designed to be run from the Desktop. So we're gonna move it.
Please go to the C:\Users\Dell 1525\Downloads folder. Right click on the OTL icon and click Copy
Now go to a clear area of the desktop, right click and click Paste. This will put OTL on the desktop.
Next go back to the C:\Users\Dell 1525\Downloads folder and delete the OTL file, the Otl.txt file and the Extras.txt file.

I don't see a lot in the log except the browser default search and start page. Our old friend Swags Bucks is present so I'll try to leave it alone. I see Memo Link on the system. It looks to be the same kind of thing as Swag Bucks. What can you tell me about it.

Is AOL your internet service provider?

We are gonna get a more indepth OTL scan and check the MBR. I have changed some of the settings on the OTL scan so please be aware of that.

Step-1.

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

createrestorepoint
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
%systemdrive%\$Recycle.Bin|@;true;true;true
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
  Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Check the box beside Scan All Users at the top of the console
• Make sure the Output box at the top is set to Standard Output.
• In the File Scans section change the File Age to 90 days.
• Check the boxes beside LOP Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-2.

Run aswMBR

• Download aswMBR.exe to your desktop.
• Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
• If it asks you if you want to download the latest virus definitions, click Yes
  
• Click the "Scan" button to start the scan
  
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Things For Your Next Post:
1. The OTL.txt log
2. The aswMBR log

[Jules4me]

We already have problem number 1. During the OTL scan, I got an error message that said something like Couldn't create C:\Users\Dell1525\Desktop\cmd.bat.

I apologize that I don't know exactly the words before the C:\. I was so concerned with writing the exact working down for the C:\ and after that I forgot the exact wording of the first part.

Now the OTL program is stalled.

Are you sure you are ready for this one?

[godawgs]

Is the program still open? If it is you can look at the bottom of the console below where you put in the custom scans or fixes and it will tell you what it was doing when it stalled.

[Jules4me]

Unfortunately no. We had a bad thunderstorm overnight and I had to shut down the computer. Darn, I wish I would have thought to take a screenshot. I'm sorry.

[godawgs]

Hi,

It's OK. The error you got was most likely thrown by the operating system and not OTL. Sometime the system doesn't want to carry out one of the commands in the custom search and sometime knowing where OTL was in the scan will tell us which command your system couldn't/wouldn't complete. But in your case, and because of my great sickic (for most people that's psychic) ability, and because this has happened before, I think I know where the error is. So we'll try the custom scan without that command.


Step-1.

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

createrestorepoint
netsvcs
msconfig
safebootminimal
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
%systemdrive%\$Recycle.Bin|@;true;true;true
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
  Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Check the box beside Scan All Users at the top of the console
• Make sure the Output box at the top is set to Standard Output.
• In the File Scans section change the File Age to 90 days.
• Check the boxes beside LOP Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Then go back to post #4 and follow the instructions for Step 2. Post the logs I requested. And don't forget to answer the question about AOL.

[Jules4me]

While I am doing the scans, I'll take some time to answer your questions.

Memolink is another pay site, like Swag bucks, that I used to do, but I don't anymore and thought I had deleted the toolbar. I used to have a toolbar for Inbox$, another pay site, but have deleted it as well. These sites were harder to make money on and my time is worth more than that.

I have Swagbucks on all the computers in my house. Yes, my addiction to making money. (Yesterday, I got a $50 Walmart gift card and a $5 Amazon gift card) As a stay at home mom who has always homeschooled, it is a nice way to make some extra for the family. Thank you for being so great and not dogging me about my Swag bucks.

AOL has never been my internet provider, but maybe the previous owner of the computer used AOL. I bought this computer used.

(On a side note, I did not run the OTL from the desktop on the computer you just finished helping me with "Hacking email in IE." Yowzaa, I hope that isn't an issue.)

[Jules4me]

Also, you may be able to see that Vista is still on this computer in a windows.old file. Someday I want to delete it, but I have to research how to do it. I don't know if there is the possibility of malware being in there that could affect the computer even though it is running Windows 7 now.

Anyway, thank you again!

[Jules4me]

OTL logfile created on: 9/4/2012 11:47:52 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 73.71% Memory free
6.98 Gb Paging File | 6.14 Gb Available in Paging File | 87.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 23.48 Gb Free Space | 24.82% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 22:59:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/14 09:37:42 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/18 22:57:44 | 000,336,952 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2012/01/21 01:39:12 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.EXE
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/09/02 18:06:33 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/24 17:35:23 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/21 01:39:12 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/01/21 01:39:12 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/04 22:56:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) [Auto | Running] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 11:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/18 22:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/08/19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2260173


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 62 C9 88 74 83 CC 01 [binary data]
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\URLSearchHook: {be0517a8-e339-3d94-f961-6a7af79275bf} - C:\Program Files\MemoLink\Helper.dll ()
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\SearchScopes,DefaultScope = {1C888E30-FF69-441B-B061-13C1B0F0E1BD}
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\SearchScopes\{1266438C-0AD6-4514-9483-5668E03A0461}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\SearchScopes\{1C888E30-FF69-441B-B061-13C1B0F0E1BD}: "URL" = http://search.condui...&ctid=CT2260173
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.aol.com"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/02 17:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/02 14:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 17:35:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/14 18:20:15 | 000,000,000 | ---D | M]

[2011/10/05 10:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Extensions
[2012/09/02 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions
[2011/11/29 19:59:08 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\pli5viut.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2012/07/14 09:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/24 17:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/09/02 14:55:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/02 17:52:27 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/14 09:06:56 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\DELL 1525\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PLI5VIUT.DEFAULT\EXTENSIONS\[email protected]
[2012/07/24 17:35:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/24 17:34:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/24 17:34:52 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Swag Bucks Customized Web Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT2260173
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Memolink Toolbar BHO) - {0C6FE940-7788-4F1C-B735-B7657C04A763} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MemoLink BHO) - {A9C85A36-FE15-7344-7578-A7E8EAF18473} - C:\Program Files\MemoLink\Toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.352.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.352.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O3 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\Toolbar\WebBrowser: (Memolink Toolbar) - {37E984C0-D9FA-439C-8279-D5EFB625B898} - C:\Program Files\Memolink Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\Toolbar\WebBrowser: (MemoLink) - {BCEFFD58-CD95-80B4-C1E1-E42927E35AD4} - C:\Program Files\MemoLink\Toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002..\Run: [Facebook Update] C:\Users\Dell 1525\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: conduit.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: sonic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: swagbucks.com ([player] http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236C68D3-8D81-4FC8-A221-20B19C0F6607}: DhcpNameServer = 147.226.3.30 147.226.3.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Advanced SystemCare 5 - hkey= - key= - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Dell 1525\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LWS - hkey= - key= - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2012/09/03 19:30:43 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/15 09:21:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 09:21:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 09:21:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/15 09:21:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 09:21:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/15 09:21:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 09:21:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/15 08:06:40 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/15 08:06:34 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/15 08:06:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/12 15:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/12 15:09:46 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/12 15:09:45 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/12 15:09:38 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/12 15:09:36 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/12 15:09:34 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/12 15:09:31 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/12 15:08:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/12 15:08:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/31 07:39:53 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Roaming\PowerISO
[2012/07/31 07:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/07/31 07:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2012/07/31 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\Desktop\julie
[2012/07/14 09:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/07/11 10:06:40 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 10:06:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 10:06:35 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/06 23:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/06 23:08:56 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/04 20:17:14 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Roaming\.minecraft
[2012/07/03 14:28:13 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/03 14:28:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/03 14:28:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/03 14:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/02 21:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/02 21:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/02 21:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/02 09:59:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/07/02 09:57:29 | 000,021,888 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/07/02 09:22:42 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\Documents\recipes
[2012/07/01 19:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/07/01 13:55:37 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/07/01 13:55:37 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/07/01 13:55:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/07/01 13:55:03 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/07/01 13:42:12 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/07/01 13:36:51 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/07/01 13:36:51 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/07/01 13:36:34 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/07/01 13:36:34 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/07/01 13:36:34 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/07/01 13:36:04 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/07/01 13:36:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/15 21:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/10 14:28:00 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Local\CrashDumps
[2012/06/09 22:37:07 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Local\Macromedia
[2012/06/08 09:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Swag_Bucks
[2012/06/06 20:59:42 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX

========== Files - Modified Within 90 Days ==========

[2012/09/04 11:45:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/04 11:40:28 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/04 11:40:24 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/04 11:40:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/03 19:28:21 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 19:28:21 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 19:20:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/03 19:20:16 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 22:59:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/09/02 18:15:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/02 18:06:32 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/02 18:06:32 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/02 14:55:48 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/02 14:55:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/01 14:48:37 | 000,002,480 | ---- | M] () -- C:\Users\Dell 1525\Desktop\Google Chrome.lnk
[2012/08/20 22:44:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/15 09:38:17 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 18:19:51 | 000,001,337 | ---- | M] () -- C:\Users\Dell 1525\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 15:02:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/12 15:02:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/12 15:02:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\CMS Application Updater.job
[2012/07/31 07:36:51 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/07/26 22:15:34 | 000,002,353 | ---- | M] () -- C:\Users\Dell 1525\Documents\Removing Gall stones naturally.rtf
[2012/07/19 23:46:29 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 12:47:53 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/17 14:16:24 | 000,000,122 | ---- | M] () -- C:\Users\Dell 1525\Desktop\Cisco Cloud.url
[2012/07/14 09:38:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/07/14 09:38:06 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/07/14 09:37:49 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/07/14 09:37:49 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/07/14 09:37:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/07/14 09:06:30 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/08 16:09:03 | 000,007,605 | ---- | M] () -- C:\Users\Dell 1525\AppData\Local\Resmon.ResmonCfg
[2012/07/04 16:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/07/04 07:57:21 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/03 23:36:32 | 000,033,134 | ---- | M] () -- C:\Users\Dell 1525\AppData\Roaming\UserTile.png
[2012/07/03 14:27:53 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/03 14:27:53 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 11:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/02 21:19:18 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/01 23:03:27 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/01 15:08:37 | 001,346,738 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1307010.005\Cat.DB
[2012/06/28 19:16:58 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/28 19:08:59 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/28 19:07:44 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/28 19:06:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/28 19:04:43 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/28 19:00:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/28 18:57:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/20 11:56:41 | 000,071,104 | ---- | M] () -- C:\Windows\CouponPrinter.ocx
[2012/06/06 20:59:42 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX

========== Files Created - No Company Name ==========

[2012/08/12 15:09:48 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/31 07:36:51 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/07/26 22:15:34 | 000,002,353 | ---- | C] () -- C:\Users\Dell 1525\Documents\Removing Gall stones naturally.rtf
[2012/07/17 14:16:10 | 000,000,122 | ---- | C] () -- C:\Users\Dell 1525\Desktop\Cisco Cloud.url
[2012/07/14 09:38:40 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/07/08 16:09:03 | 000,007,605 | ---- | C] () -- C:\Users\Dell 1525\AppData\Local\Resmon.ResmonCfg
[2012/07/06 23:12:16 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/06 23:12:16 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/06 23:09:02 | 000,002,480 | ---- | C] () -- C:\Users\Dell 1525\Desktop\Google Chrome.lnk
[2012/07/06 22:51:39 | 000,001,415 | ---- | C] () -- C:\Users\Dell 1525\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/03 23:36:32 | 000,033,134 | ---- | C] () -- C:\Users\Dell 1525\AppData\Roaming\UserTile.png
[2012/07/02 21:19:18 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/04 13:32:08 | 000,001,848 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2011/12/02 20:10:19 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/02 20:10:18 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/05 12:30:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/05 12:27:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/04 20:40:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2012/08/12 14:54:17 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\CMS Application Updater.job
[2012/09/02 18:15:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/04 11:40:28 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/05/11 16:30:33 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/20 21:34:49 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/07/13 20:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows.old\Windows\System32\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/07/27 15:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/09/05 12:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Windows.old\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows.old\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows.old\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2006/11/02 07:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2006/11/02 07:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\System32\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows.old\Windows\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2010/11/20 07:18:07 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2002
"Last Counter" = 2018
"First Help" = 2003
"Last Help" = 2019
"Object List" = 2002
"PerfMMFileName" = Global\MMF_BITS_s
"1008" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 2
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = fe80::7177:de98:afe9:ed84%11;192.168.1.107;
"LastDetectUrl" =

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 03:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{236AFA03-830C-4818-B7F2-04E042E4AE93}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{236C68D3-8D81-4FC8-A221-20B19C0F6607}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 03 01 01 01 08 01 06 01 05 01 04 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/24 17:34:51 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/24 17:34:51 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/24 17:34:51 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/24 17:35:24 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/24 17:35:24 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/24 17:35:24 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/07 10:36:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/07 10:36:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/07 10:36:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/24 17:34:51 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/24 17:34:51 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/24 17:34:51 | 000,883,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/24 17:35:24 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/24 17:35:24 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/24 17:35:24 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 21:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/07 10:36:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/07 10:36:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/07 10:36:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS543212L9A300 ATA Device
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 95.00GB
Starting Offset: 15770583040
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 2.00GB
Starting Offset: 117349285888
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:32A82570

< End of report >

[Jules4me]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 12:39:45
-----------------------------
12:39:45.274 OS Version: Windows 6.1.7601 Service Pack 1
12:39:45.274 Number of processors: 1 586 0x1601
12:39:45.274 ComputerName: PINKDELL1525-PC UserName: Dell 1525
12:39:47.178 Initialize success
12:39:47.287 AVAST engine defs: 12090400
12:40:15.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
12:40:15.492 Disk 0 Vendor: Hitachi_HTS543212L9A300 FBBOC40C Size: 114473MB BusType: 11
12:40:15.538 Disk 0 MBR read successfully
12:40:15.538 Disk 0 MBR scan
12:40:15.538 Disk 0 Windows 7 default MBR code
12:40:15.554 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:40:15.554 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:40:15.570 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 96872 MB offset 30801920
12:40:15.585 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 229197824
12:40:15.632 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 229199872
12:40:15.679 Disk 0 scanning sectors +234438656
12:40:15.772 Disk 0 scanning C:\Windows\system32\drivers
12:40:26.193 Service scanning
12:40:56.271 Modules scanning
12:41:17.128 Disk 0 trace - called modules:
12:41:17.160 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys dxgmms1.sys
12:41:17.160 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864b0aa0]
12:41:17.175 3 CLASSPNP.SYS[8cae859e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x856f3030]
12:41:18.111 AVAST engine scan C:\Windows
12:41:19.874 AVAST engine scan C:\Windows\system32
12:43:44.424 AVAST engine scan C:\Windows\system32\drivers
12:43:58.152 AVAST engine scan C:\Users\Dell 1525
12:46:28.754 AVAST engine scan C:\ProgramData
12:47:11.031 Scan finished successfully
12:48:12.791 Disk 0 MBR has been saved successfully to "C:\Users\Dell 1525\Desktop\MBR.dat"
12:48:12.807 The log file has been saved successfully to "C:\Users\Dell 1525\Desktop\aswMBR.txt"

[godawgs]

Hi Jules,

Memolink is another pay site, like Swag bucks, that I used to do, but I don't anymore and thought I had deleted the toolbar.

We'll take care of it now.

Thank you for being so great and not dogging me about my Swag bucks.

We'll see what happens before going that far.

AOL has never been my internet provider, but maybe the previous owner of the computer used AOL. I bought this computer used.

K

(On a side note, I did not run the OTL from the desktop on the computer you just finished helping me with "Hacking email in IE." Yowzaa, I hope that isn't an issue.)

I know. I didnt' want you to think I was giving you a hard time right off the bat so I thought I would make things easier for you. Downloading everything to and running everything from the desktop makes it easier for me to cleanup after we've finished. So this time it's all about me me me!

The msconfig part of the scan shows both MalwareBytes and Spybot running at start up, but the entries in the registry Run key only shows MalwareBytes running at startup. So we're gonna check that. Then uninstall the MemoLink toolbar. Then I want a look at the Run registry key.


Step-1.

Check SpyBot S&D TeaTimer

• Right click the Spybot Icon in the System Tray (looks like a calendar with a padlock symbol ) and click Exit Spybot S&D Resident
• Run Spybot S&D. If there isn't an icon in the system tray, right click the Spybot icon onthe desktop and click Run as Administrator, or click the Start Orb and click All Programs. The click the SpyBot S&D folder and cright click SpyBot S&D and click Run as Administrator to run the program.
• Go to the Mode menu, and make sure Advanced Mode is selected.
  
• You may be presented with a warning dialog. If so, press Yes.
• Click on
• Click on
• Uncheck these boxes if there is a check mark in them:
  
• If you had to uncheck the boxes, close Spybot S&D and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
Let me know if you had to uncheck the boxes


Step-2.

Uninstall MemoLink

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

MemoLink
Memolink Toolbar

3. (Vista/7 users: Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\Memolink Toolbar
C:\Program Files\Memolink

2. Close Windows Explorer.


Please notice the changes I've made to the OTL settings. This OTL scan should produce a very small log file.

Step-3.

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
  Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• At the top of the console click the greyed out None button<---Very Important
• Make sure the Output box at the top is set to Minimal Output.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Things For Your Next Post:
1. Let my know what you found RE: SpyBot TeaTimer
2. Let me know if you had any problems uninstalling MemoLink
3. The new OTL.txt log

[Jules4me]

Spybot: Previously, I had permanently disabled this program to run in the systray, because the whole system is running so slowly and I was trying to eliminate so many programs running in the background. So Spybot was not found in the systray to disable. Only the Resident "SDHelper" was checkmarked, so unchecked that one and restarted the computer.

Memolink unstalled fine.

Edited by Jules4me, 04 September 2012 - 04:16 PM.

[Jules4me]

OTL logfile created on: 9/4/2012 5:11:17 PM - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 78.19% Memory free
6.98 Gb Paging File | 6.22 Gb Available in Paging File | 89.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 23.84 Gb Free Space | 25.20% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run >
"IgfxTray" = C:\Windows\system32\igfxtray.exe -- [2009/09/23 19:30:48 | 000,141,848 | ---- | M] (Intel Corporation)
"HotKeysCmds" = C:\Windows\system32\hkcmd.exe -- [2009/09/23 19:30:48 | 000,173,592 | ---- | M] (Intel Corporation)
"Persistence" = C:\Windows\system32\igfxpers.exe -- [2009/09/23 19:30:48 | 000,150,552 | ---- | M] (Intel Corporation)
"Adobe ARM" = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [2012/07/27 15:51:26 | 000,919,008 | ---- | M] (Adobe Systems Incorporated)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime -- [2012/04/18 20:56:22 | 000,421,888 | ---- | M] (Apple Inc.)
"APSDaemon" = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" -- [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" -- [2012/06/07 19:33:22 | 000,421,776 | ---- | M] (Apple Inc.)
"TkBellExe" = "c:\program files\real\realplayer\Update\realsched.exe" -osboot -- [2012/07/14 09:37:42 | 000,296,096 | ---- | M] (RealNetworks, Inc.)
"Malwarebytes' Anti-Malware" = "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray -- [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation)
"PWRISOVM.EXE" = C:\Program Files\PowerISO\PWRISOVM.EXE -startup -- [2012/04/18 22:57:44 | 000,336,952 | ---- | M] (Power Software Ltd)
"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software)

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run >
"Facebook Update" = "C:\Users\Dell 1525\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver -- [2012/07/11 18:10:02 | 000,138,096 | ---- | M] (Facebook Inc.)
"Google Update" = "C:\Users\Dell 1525\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2011/10/04 22:45:01 | 000,136,176 | ---- | M] (Google Inc.)

< End of report >