Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Xfinity Constant Guard alert---- NEED IT GONE

Started by Sapphire Dreams , Sep 07 2012 12:44 AM

Please log in to reply

#1
Sapphire Dreams

Posted 07 September 2012 - 12:44 AM

Member

Member
18 posts

I do not have any connection to norton or comcast, The owner of the wireless network has an xfinity account for TV. But both my laptop and my phone who are connected to the ireless keep getting a popup on my screen that will not go away. It is every page and it moves with the page so you have to grasp it and drag it off the page for it to only return on the next page. It is ABSOLUTELY annoying.

I have run several computer scans and a malware scan and nothing comes up wrong with my computer. If i use a different network the stupid thing is not there.

I need help before i chuck the main computer, wireless router, and both laptops out the window and call comcast and get my self into trouble.

How do i get rid of it?

Here is what it looks like!!

Posted Image

PLEASE HELP!!!

#2
RKinner

Posted 08 September 2012 - 02:48 PM

Malware Expert

Expert
24,624 posts

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
Sapphire Dreams

Posted 12 September 2012 - 01:12 AM

Member

Topic Starter
Member
18 posts

Log 1:

OTL Extras logfile created on: 9/11/2012 11:53:08 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\test\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 38.22% Memory free
8.12 Gb Paging File | 5.60 Gb Available in Paging File | 68.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 190.78 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.57 Gb Free Space | 38.06% Space Free | Partition Type: NTFS

Computer Name: INSPIRON1545 | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5D F6 AC 75 DA DF CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EEA40A7-80AE-4C9A-A5FD-7F5E530A1102}" = lport=138 | protocol=17 | dir=in | app=system |
"{393D4D6E-E3B8-42C3-ABD0-BB7C50D5CAD8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{5D44ACAA-F282-4662-9734-063A6E78AFE2}" = rport=139 | protocol=6 | dir=out | app=system |
"{65DC495D-EE74-4920-840F-C7949A23E6B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66E57D5D-8156-40D6-923A-6D62BB1F882E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B6F6633-5DDD-4A74-9532-0074B1B932A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{70AB62DD-DB6D-454B-8721-5AC1A5B9261C}" = lport=445 | protocol=6 | dir=in | app=system |
"{85F2C80F-8176-4DCB-B779-34CD83172FA7}" = lport=139 | protocol=6 | dir=in | app=system |
"{C769B052-BB28-4978-9DDD-35531B6DD991}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF37E52C-7B82-4F52-8DAD-F8C03CCC2FF1}" = rport=138 | protocol=17 | dir=out | app=system |
"{EC470544-B845-4EB3-A358-3B59B3DBFF89}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014D4E02-7916-4200-B224-EA1DD842908D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{0503942D-3B07-40E3-8BFB-4A8C4F880BE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{0781FB3C-DE2D-4BF9-B5FF-800D1D2B7960}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{1057067A-4D66-407C-BE7D-76E80EDD4FD9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{149FEABD-AFAB-49D3-B372-06D9414BB557}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{14FA094F-FF99-45C2-99DE-90446EA2913C}" = dir=in | app=c:\users\test\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1B69325C-4180-4FCF-9277-A8BA3E6692C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{1D286708-4640-46DB-AABA-761C6AE17F74}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{1E1A61A8-AB67-4F07-8D35-4F5A61FD094D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{226F5257-308E-4F48-A338-B7B1C9AB6DFF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{256BEAB8-F23F-484C-AC00-1091AE6C937A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{2B52E79F-502B-47C1-A80B-B3DCFFE8BBAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{32158DA0-B094-4D25-B2DF-9FC65D5C3423}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3C000DCD-BA26-4B67-8BED-46D15B7FF272}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E06EFAF-42A8-4EC0-8479-9C9CDA8AACEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{0bc1a5b2-79a1-4716-b3e5-4071e9ab6f43}\setup\hpznui40.exe |
"{4A006D80-6F7C-4178-92E7-587C4FD9C76F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C31664F-2C86-4B30-989C-518927EEB58D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4E39117E-BB17-4E41-8BBC-A1EB4781F8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{4EBF38D1-083E-4625-A12A-2B4DFFD2174F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4FD135AA-26A3-4610-98FF-D29A685F6787}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{58BD7062-4805-480F-B2BE-E93C6BE5C616}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{69746E04-2243-46C2-A7F2-E3C0EBA51EA1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{6D71A43A-F6A3-472C-8E13-A1CD08CA8016}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D5318BC-2545-4167-8CA4-94DE460D1B0B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8661E5CE-1618-42A1-AF20-F805BA76C13A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{8E6441CC-2423-4BDA-8791-58DCA6284891}" = protocol=58 | dir=out | [email protected],-28546 |
"{8EBF6017-04B1-4034-8FE3-9968E0AD10BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{981790D6-3A43-40CC-B7BD-D555AEC394EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{9A95B1FD-5500-4738-A9A3-9D485FE0D75B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{9B134AE0-EA4F-4AAE-BB85-B7C45A1EFDC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9C8B0327-F6D4-48F5-910B-76EA281570A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{9FE32276-AE65-4807-85F0-0F1143C11E13}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{A3470200-DC2B-4DA2-B9D2-AF9848660F5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B43E3492-6AFE-4EFA-9CE2-D109324B213B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{BCBE4F0D-F137-44C6-ADD1-337C036A7CBC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{BE02CCB1-2AB6-437C-B4E4-C56EF963CC74}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{BF99BE86-20AF-402F-8B58-2C339F946DB4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{C0819049-4582-4F43-89F5-4A9324759B41}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{C12881DA-DDAB-41F0-A334-9383C575AB6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CEEAAD04-AE71-4BA1-AAD7-F9DFB3F13911}" = protocol=58 | dir=in | [email protected],-28545 |
"{CF7561F3-2DD9-4D92-96E0-FA358144DE36}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{D2034D59-4D1D-49E0-9167-C66F1C0BEB81}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D8300457-15FF-4CE8-8281-C27BA92F0976}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{D8B55F85-57CB-422C-9EF1-41C3CB8F7001}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{DC863681-0A5E-4957-A9DF-E2B40BFA8646}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DCC6DD81-77AB-45A3-9E56-3D2D116187DD}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DD076E83-CAA9-4436-B6B0-F0BF9B9578F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF9B2E0C-EA1A-4DDD-83BB-CB3BE26814DC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E63591CA-8E89-4B52-91E8-95166178AF9F}" = protocol=1 | dir=out | [email protected],-28544 |
"{EAFB14F2-EFCE-4EAB-8778-D3CB961E42A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EBF5F923-2F99-4384-8C20-E0C62BE56530}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F30806B0-DAED-45A5-94F8-AD293034D98E}" = protocol=1 | dir=in | [email protected],-28543 |
"{F77753C7-7C26-48E7-8A39-F8B39EAB28C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF74B96F-3DCB-4AEE-B059-75C6FE955B53}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{5DAC11D8-3D1A-4125-BE07-4161E9DC1CB1}C:\program files (x86)\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |
"TCP Query User{E69DA28B-A058-44E7-86B9-FEDE810470DB}C:\programdata\87bc3f\bm87b_2159.exe" = protocol=6 | dir=in | app=c:\programdata\87bc3f\bm87b_2159.exe |
"UDP Query User{5AB0DAF0-CB06-4891-BF17-A384C26A163C}C:\programdata\87bc3f\bm87b_2159.exe" = protocol=17 | dir=in | app=c:\programdata\87bc3f\bm87b_2159.exe |
"UDP Query User{8BEFCDEB-0CEE-4593-8F7F-4DB01DC7DB70}C:\program files (x86)\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E931A51-A183-4E66-8562-D82896E74C67}" = BCool Gadget
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D4CEDA5-DF94-45A1-A893-C8779C781236}" = AVG 2011
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver 14.0 Rel. 5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7CCFD3E-1D12-4ce6-9FC4-39521B3B5B64}" = HP Photosmart Appliance Printer Driver Software 10.0 Rel .2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AVG" = AVG 2011
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WNLT" = Web Optimizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5E730665-26CF-4cd5-BBDC-D005665B01F6}" = PS_APP_02_Software
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117890193}" = Gardenscapes
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118188153}" = Power Puzzle Pack
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118445887}" = Hidden Object Heroes Bundle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118748907}" = Dark Parables - Curse Of Briar Rose
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119284590}" = The Heritage
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119302503}" = Hidden Magic
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119698620}" = Mystery of Mortlake Mansion
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF911E7B-1B9D-4e1c-8534-60E70FA45BC1}" = PS_APP_02_Software_Min
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"BcoolApp" = BcoolApp
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"blekkotb_soc" = Blekko search bar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Free Download Manager_is1" = Free Download Manager 3.8
"GoToAssist" = GoToAssist Corporate
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"I Want This" = I Want This
"incredibar" = Incredibar Toolbar on IE
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/22/2012 9:18:00 PM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6427

Error - 8/22/2012 9:37:23 PM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/22/2012 9:37:23 PM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1170007

Error - 8/22/2012 9:37:23 PM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1170007

Error - 8/22/2012 9:39:00 PM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/22/2012 9:39:00 PM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44944

Error - 8/22/2012 9:39:00 PM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44944

Error - 8/23/2012 12:09:31 AM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/23/2012 12:09:31 AM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8508685

Error - 8/23/2012 12:09:31 AM | Computer Name = Inspiron1545 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8508685

[ System Events ]
Error - 9/8/2012 2:43:37 PM | Computer Name = Inspiron1545 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/8/2012 2:43:37 PM | Computer Name = Inspiron1545 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/8/2012 2:44:11 PM | Computer Name = Inspiron1545 | Source = Service Control Manager | ID = 7022
Description =

Error - 9/8/2012 4:30:51 PM | Computer Name = Inspiron1545 | Source = bowser | ID = 8003
Description =

Error - 9/11/2012 2:45:06 PM | Computer Name = Inspiron1545 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2012 2:45:06 PM | Computer Name = Inspiron1545 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2012 2:45:06 PM | Computer Name = Inspiron1545 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2012 2:45:25 PM | Computer Name = Inspiron1545 | Source = Service Control Manager | ID = 7022
Description =

Error - 9/11/2012 2:45:36 PM | Computer Name = Inspiron1545 | Source = bowser | ID = 8003
Description =

Error - 9/11/2012 6:16:25 PM | Computer Name = Inspiron1545 | Source = DCOM | ID = 10010
Description =

< End of report >

Log 2:

OTL logfile created on: 9/11/2012 11:53:08 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\test\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 38.22% Memory free
8.12 Gb Paging File | 5.60 Gb Available in Paging File | 68.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 190.78 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.57 Gb Free Space | 38.06% Space Free | Partition Type: NTFS

Computer Name: INSPIRON1545 | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/11 23:42:23 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\test\Desktop\OTL.exe
PRC - [2012/09/03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/08/15 12:11:18 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/08/08 15:38:02 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/03 09:37:37 | 006,156,696 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/07/16 07:10:52 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\test\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/05/24 13:26:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/12/28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/04/17 08:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/16 19:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/15 12:11:18 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/08/08 15:38:02 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2011/12/28 12:49:14 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
MOD - [2011/12/28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2009/03/31 08:00:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/31 08:00:02 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/08/15 12:11:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/08 15:38:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/05/04 15:22:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/17 08:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/16 19:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/27 19:05:14 | 000,117,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:34 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:22 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/03/31 09:53:54 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/31 09:48:56 | 010,275,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/31 08:00:28 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/31 07:19:00 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/19 17:02:00 | 000,311,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/12/30 19:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/21 10:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/31 11:19:24 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/08/31 11:15:58 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 01:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/11/04 16:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...D&cr=1072557642
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://start.funmood...D&cr=1072557642
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...D&cr=1072557642
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7D820998-3292-FD8C-BF3A-00CDD40F83B1}: "URL" = http://search.condui...&ctid=CT2776682
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://start.funmood...D&cr=1072557642

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=15818
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{A84A6C84-DBBB-4882-89B2-1D0B8C7B0B8B}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8AYDUYtp&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT2790392.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "BitTorrentBar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.83.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:10.10.20.14
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/04/28 21:51:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/04/28 21:51:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\test\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\test\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\test\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/11 11:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/05/28 14:00:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 15:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 15:38:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/07 11:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Extensions
[2012/09/11 16:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions
[2012/08/03 09:38:03 | 000,000,000 | ---D | M] (BitTorrentBar) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/03 10:16:29 | 000,000,000 | ---D | M] ("BcoolApp") -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\[email protected]
[2012/08/03 10:17:10 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\[email protected]
[2012/09/11 16:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\staged
[2012/08/03 12:01:56 | 000,000,919 | ---- | M] () -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\searchplugins\conduit.xml
[2012/08/03 10:16:46 | 000,002,203 | ---- | M] () -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\searchplugins\MyStart Search.xml
[2012/06/04 10:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/08 15:38:02 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/08 15:38:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/08 15:38:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incre...6R8AYDUYtp&i=26
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\test\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\test\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\test\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\test\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Translator = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: BcoolApp = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\maeiepphbmmcgpcnalhdnobgijjphace\1.18.2_0\crossrider
CHR - Extension: BcoolApp = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\maeiepphbmmcgpcnalhdnobgijjphace\1.18.2_0\
CHR - Extension: BitTorrentBar = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: I Want This = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.19.65_0\crossrider
CHR - Extension: I Want This = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.19.65_0\
CHR - Extension: I Want This = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.80_0\crossrider
CHR - Extension: I Want This = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.80_0\
CHR - Extension: Gmail = C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (BcoolApp) - {11111111-1111-1111-1111-110111181125} - C:\Program Files (x86)\BcoolApp\BcoolApp.dll (BcoolTeam)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\test\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.169.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63839B86-F6CB-421A-BF15-682DE8A88BC4}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6FA8063-DA66-4C25-8651-A922DBF4FD3F}: DhcpNameServer = 192.168.169.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 23:42:21 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\test\Desktop\OTL.exe
[2012/09/11 11:46:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2012/09/11 11:45:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2012/08/13 18:57:58 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Facebook

========== Files - Modified Within 30 Days ==========

[2012/09/12 00:00:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{21F3EBB1-85C1-48AE-8BE6-0FE8778C5A19}.job
[2012/09/11 23:55:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 23:55:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 23:42:23 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\test\Desktop\OTL.exe
[2012/09/11 23:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1000UA.job
[2012/09/11 23:17:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1000Core.job
[2012/09/11 23:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001UA.job
[2012/09/11 23:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/11 22:03:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001UA.job
[2012/09/11 19:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001Core.job
[2012/09/11 18:45:50 | 094,583,317 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/11 13:56:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 07:53:26 | 000,002,083 | ---- | M] () -- C:\Users\test\Desktop\Google Chrome.lnk
[2012/09/07 07:53:26 | 000,002,045 | ---- | M] () -- C:\Users\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/01 19:37:31 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001Core.job
[2012/08/29 14:22:09 | 000,347,646 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/15 23:10:03 | 000,006,144 | ---- | M] () -- C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 12:11:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 12:11:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/08/13 18:58:06 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001UA.job
[2012/08/13 18:58:05 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001Core.job
[2012/05/28 14:48:42 | 000,135,224 | ---- | C] () -- C:\Windows\hpoins37.dat
[2012/05/28 14:48:42 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2012/05/28 13:59:50 | 000,161,380 | ---- | C] () -- C:\Windows\hphins17.dat
[2012/05/28 13:59:50 | 000,005,581 | ---- | C] () -- C:\Windows\hphmdl17.dat
[2011/08/10 14:32:55 | 000,006,144 | ---- | C] () -- C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 18:51:43 | 000,000,498 | ---- | C] () -- C:\Program Files (x86)\0606201118514373.bat
[2011/05/04 15:22:13 | 000,103,720 | ---- | C] () -- C:\Users\test\GoToAssistDownloadHelper.exe
[2011/04/25 16:59:45 | 000,000,192 | ---- | C] () -- C:\ProgramData\video[1]
[2011/04/19 12:10:28 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2010/10/21 16:01:23 | 000,000,498 | ---- | C] () -- C:\Program Files (x86)\1021201016012372.bat
[2010/10/21 15:17:58 | 000,000,499 | ---- | C] () -- C:\Program Files (x86)\1021201015175876.bat
[2010/10/18 20:40:21 | 000,000,484 | ---- | C] () -- C:\Program Files (x86)\1018201020402164.bat
[2010/04/18 21:29:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:D8EA2847
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:1B825050
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:21625197
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:AA7BE830
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:DD3F5AF4
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:C24B973A
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:1A66EC5F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:8FCCCD6D
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:A99C1C81
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:7CACEF61
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:68C4BECC
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:10E295F9
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:49F896E9
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:2556A8A0
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:5E748D4C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0BFCB272
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E7123C4C
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C1C3561E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:94B65E3C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:50A11A00
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2A578A48
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E8F2B426
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:81B52FA6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9C5E2795
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:498EFCA4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6987107A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5743A858
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9C504A4D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:01EDA307

< End of report >

#4
RKinner

Posted 12 September 2012 - 08:53 AM

Malware Expert

Expert
24,624 posts

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 20
Java™ 7 Update 4
JavaFX 2.1.0

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Uninstall all of these that you can:

BCool Gadget
Web Assistant 2.0.0.485
BcoolApp
BitTorrent
BitTorrentBar Toolbar
Blekko search bar
Comcast Desktop Software (v1.2.0.9)
Free Download Manager
Incredibar Toolbar on IE
PC Speed Maximizer v3.0
Yahoo! Toolbar
Adobe Reader 9.5.1 - get the latest version at adobe.com. Do not let them also install the ask toolbar, yahoo toolbar, McAfee Security Scan or other foistware
Skype Toolbars
Microsoft Search Enhancement Pack
"I Want This"
MarketResearch

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE:64bit: - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://start.funmood...D&cr=1072557642
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...D&cr=1072557642
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.inklineglobal.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{7D820998-3292-FD8C-BF3A-00CDD40F83B1}: "URL" = http://search.condui...&ctid=CT2776682
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://start.funmood...D&cr=1072557642
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=15818
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{A84A6C84-DBBB-4882-89B2-1D0B8C7B0B8B}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8AYDUYtp&i=26
FF - prefs.js..CT2790392.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "BitTorrentBar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2790392&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.83.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:10.10.20.14
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q="
[2012/08/03 09:38:03 | 000,000,000 | ---D | M] (BitTorrentBar) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/03 10:16:29 | 000,000,000 | ---D | M] ("BcoolApp") -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\[email protected]
[2012/08/03 10:17:10 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\[email protected]
[2012/09/11 16:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\extensions\staged
[2012/08/03 12:01:56 | 000,000,919 | ---- | M] () -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\searchplugins\conduit.xml
[2012/08/03 10:16:46 | 000,002,203 | ---- | M] () -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\58w34f2p.default\searchplugins\MyStart Search.xml
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (BcoolApp) - {11111111-1111-1111-1111-110111181125} - C:\Program Files (x86)\BcoolApp\BcoolApp.dll (BcoolTeam)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\test\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
[2012/09/11 22:03:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001UA.job
[2012/09/11 19:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3032078171-2249586416-1759690279-1001Core.job
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:D8EA2847
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:1B825050
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:21625197
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:AA7BE830
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:DD3F5AF4
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:C24B973A
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:1A66EC5F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:8FCCCD6D
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:A99C1C81
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:7CACEF61
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:68C4BECC
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:10E295F9
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:49F896E9
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:2556A8A0
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:5E748D4C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0BFCB272
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E7123C4C
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C1C3561E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:94B65E3C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:50A11A00
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2A578A48
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E8F2B426
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:81B52FA6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9C5E2795
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:498EFCA4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6987107A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5743A858
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9C504A4D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:01EDA307

:files
type C:\Program Files (x86)\0606201118514373.bat /c
C:\Program Files (x86)\0606201118514373.bat
C:\Program Files (x86)\1021201016012372.bat
C:\Program Files (x86)\1021201015175876.bat
C:\Program Files (x86)\1018201020402164.bat

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09122012-some number.log.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron

#5
Sapphire Dreams

Posted 15 September 2012 - 03:40 PM

Member

Topic Starter
Member
18 posts

The first set of logs that i posted on here were from one of the laptops. We have 3 computers in the house that are al having the same popup.
I ran the OTL on this comouter and here are the logs for this one.

OTL logfile created on: 9/15/2012 2:11:33 PM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Megan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 36.20% Memory free
7.61 Gb Paging File | 4.83 Gb Available in Paging File | 63.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 371.06 Gb Free Space | 82.27% Space Free | Partition Type: NTFS

Computer Name: MEGAN-PC | User Name: Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/15 13:52:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
PRC - [2012/09/02 23:50:05 | 000,927,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
PRC - [2012/09/02 23:50:04 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/02 16:06:28 | 000,173,056 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/16 08:09:04 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe
PRC - [2011/02/14 14:02:36 | 000,495,746 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 16:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/26 14:45:22 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/07/02 04:10:28 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/02 04:10:24 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/02 23:50:05 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll
MOD - [2012/09/02 23:50:04 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/08/30 12:02:38 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll
MOD - [2012/08/30 12:02:38 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MOD - [2012/08/29 16:49:19 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/08/29 16:48:58 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/08/29 16:48:31 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/08/29 16:48:07 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/29 16:47:59 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/29 16:47:30 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/08/29 16:47:07 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/08/29 16:46:56 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/08/29 16:46:44 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/08/29 16:46:42 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/29 16:46:23 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/11/24 20:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/11 16:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 16:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 16:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 16:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 16:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 16:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 16:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/08/11 16:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/08/11 16:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

========== Services (SafeList) ==========

SRV:64bit: - [2011/05/27 12:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/09/02 23:50:05 | 000,927,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
SRV - [2012/08/24 19:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/02 16:06:28 | 000,173,056 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/01/12 16:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 18:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/07/02 04:10:28 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/02 04:10:24 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/02 23:50:06 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/27 12:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/16 23:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/31 20:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/24 12:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/20 09:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/29 17:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-09-02 23:50:06&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/02 23:49:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012/09/02 23:50:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/03 11:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.169.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EF56E09-D045-43A4-9143-D3CA145D44E1}: DhcpNameServer = 192.168.169.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 13:52:21 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2012/09/14 21:55:17 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/09/14 21:55:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2012/09/14 21:55:16 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/09/14 21:55:16 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 13:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/10 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Diagnostics
[2012/09/10 00:18:35 | 000,000,000 | ---D | C] -- C:\Users\Megan\Documents\Rhapsody Puppies
[2012/09/10 00:18:35 | 000,000,000 | ---D | C] -- C:\Users\Megan\FrostWire
[2012/09/06 22:17:25 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/09/06 13:13:02 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/09/04 11:12:25 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Adobe
[2012/09/04 00:48:07 | 059,884,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2012/09/03 13:11:50 | 000,000,000 | ---D | C] -- C:\Users\Megan\My Backup Files
[2012/09/03 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\Megan\Desktop\Disc needed
[2012/09/03 11:48:32 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Mozilla
[2012/09/03 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/03 11:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/03 11:47:41 | 000,000,000 | ---D | C] -- C:\Users\Megan\Desktop\Mozilla Firefox
[2012/09/02 23:50:20 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\AVG2012
[2012/09/02 23:50:09 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\AVG Secure Search
[2012/09/02 23:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/02 23:50:06 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/09/02 23:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/09/02 23:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/09/02 23:49:43 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2012/09/02 23:48:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/02 23:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/09/02 23:48:57 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
[2012/09/02 21:13:40 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Sonic_Solutions
[2012/09/02 18:02:36 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Roxio Burn
[2012/08/29 14:48:56 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/08/29 14:48:56 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/08/29 14:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/29 13:48:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/29 13:48:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/29 13:48:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/29 13:48:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/29 13:48:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/29 13:48:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/29 13:48:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/29 13:48:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/29 13:48:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/29 13:48:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/29 13:48:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/29 13:48:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/29 13:48:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/29 13:40:03 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/08/29 13:40:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/08/29 13:40:03 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/08/28 23:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/08/28 22:54:10 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe
[2012/08/28 21:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/28 21:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/28 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
[2012/08/28 21:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mouse Auto Clicker
[2012/08/28 21:07:20 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\SoftGrid Client
[2012/08/28 21:07:19 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\SoftGrid Client
[2012/08/28 21:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/08/28 21:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/28 21:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/08/28 21:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/28 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\TP
[2012/08/28 15:01:53 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/08/28 15:01:53 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2012/08/28 15:01:53 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2012/08/28 15:01:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2012/08/28 15:01:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2012/08/28 15:01:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2012/08/28 15:01:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2012/08/28 15:01:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2012/08/28 15:01:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2012/08/28 15:01:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2012/08/28 15:01:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2012/08/28 15:01:51 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/28 15:01:44 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/08/28 15:01:43 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/08/28 15:01:43 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/08/28 15:01:43 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/08/28 15:01:37 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2012/08/28 15:01:37 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2012/08/28 15:01:37 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/08/28 15:01:36 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2012/08/28 15:01:36 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2012/08/28 15:01:36 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2012/08/28 15:01:36 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2012/08/28 15:01:36 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2012/08/28 15:01:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2012/08/28 15:01:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2012/08/28 15:01:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2012/08/28 15:01:36 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2012/08/28 15:01:36 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2012/08/28 15:01:36 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2012/08/28 15:01:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/08/28 15:01:35 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/08/28 15:01:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/08/28 15:01:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/08/28 15:01:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/28 15:01:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/08/28 15:01:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/08/28 15:01:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2012/08/28 15:01:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/28 15:01:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/28 15:01:15 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2012/08/28 15:01:15 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2012/08/28 15:01:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/08/28 15:01:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/08/28 15:01:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/08/28 15:01:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/08/28 15:01:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/08/28 15:01:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/08/28 15:01:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/08/28 15:01:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/08/28 15:01:11 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2012/08/28 15:00:29 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2012/08/28 15:00:29 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2012/08/28 15:00:29 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2012/08/28 15:00:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2012/08/28 15:00:28 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/08/28 15:00:25 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/08/28 15:00:25 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/08/28 15:00:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/28 15:00:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/28 15:00:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/28 15:00:19 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/08/28 15:00:19 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/08/28 15:00:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/08/28 15:00:18 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/08/28 15:00:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/08/28 15:00:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/08/28 15:00:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/08/28 15:00:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/08/28 15:00:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/08/28 15:00:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/08/28 15:00:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/08/28 15:00:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/08/28 15:00:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/08/28 15:00:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/08/28 15:00:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/08/28 15:00:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/08/28 15:00:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/08/28 15:00:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/08/28 15:00:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/08/28 15:00:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/08/28 15:00:16 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2012/08/28 15:00:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll
[2012/08/28 15:00:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/08/28 14:59:59 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/08/28 14:59:59 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2012/08/28 14:59:59 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2012/08/28 14:59:51 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2012/08/28 14:59:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2012/08/28 14:59:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/08/28 14:59:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/08/28 14:59:46 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/08/28 14:59:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/08/28 14:59:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/08/28 14:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2012/08/28 14:37:42 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/08/28 00:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/27 23:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/27 23:57:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/27 23:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/27 23:56:05 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Mozilla
[2012/08/27 23:55:52 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\WildTangent
[2012/08/27 23:53:17 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/08/27 23:53:17 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/08/27 23:52:22 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Macrovision
[2012/08/27 23:51:25 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Dell
[2012/08/27 23:51:22 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Macromedia
[2012/08/27 23:51:19 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Adobe
[2012/08/27 23:50:47 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Dell
[2012/08/27 23:50:41 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Dell Touch Zone
[2012/08/27 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Intel Corporation
[2012/08/27 23:50:38 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Roxio
[2012/08/27 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Creative
[2012/08/27 23:50:11 | 000,000,000 | R--D | C] -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/27 23:50:11 | 000,000,000 | R--D | C] -- C:\Users\Megan\Searches
[2012/08/27 23:50:11 | 000,000,000 | R--D | C] -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/27 23:50:11 | 000,000,000 | -H-D | C] -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/27 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Identities
[2012/08/27 23:49:54 | 000,000,000 | R--D | C] -- C:\Users\Megan\Contacts
[2012/08/27 23:49:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/27 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\VirtualStore
[2012/08/27 23:49:30 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\SoftThinks
[2012/08/27 23:48:57 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/08/27 23:48:57 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/08/27 23:48:57 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/08/27 23:48:00 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/08/27 23:48:00 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/08/27 23:48:00 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/08/27 23:47:32 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/08/27 23:47:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\AppData\Local\Temporary Internet Files
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Templates
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Start Menu
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\SendTo
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Recent
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\PrintHood
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\NetHood
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Documents\My Videos
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Documents\My Pictures
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Documents\My Music
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\My Documents
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Local Settings
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\AppData\Local\History
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Cookies
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\Application Data
[2012/08/27 23:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Megan\AppData\Local\Application Data
[2012/08/27 23:46:31 | 000,000,000 | --SD | C] -- C:\Users\Megan\AppData\Roaming\Microsoft
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Videos
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Saved Games
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Desktop\Play Games
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Pictures
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Music
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Links
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Favorites
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Downloads
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Documents
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\Desktop
[2012/08/27 23:46:31 | 000,000,000 | R--D | C] -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/27 23:46:31 | 000,000,000 | -H-D | C] -- C:\Users\Megan\AppData
[2012/08/27 23:46:31 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Temp
[2012/08/27 23:46:31 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Microsoft
[2012/08/27 23:46:31 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Media Center Programs
[2012/08/27 21:39:09 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\svchost.exe
[2012/08/27 21:37:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/27 15:50:03 | 000,000,000 | ---D | C] -- C:\Emergency
[2012/08/27 15:34:12 | 000,000,000 | ---D | C] -- C:\windows\SMINST
[2012/08/24 15:43:16 | 000,384,352 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgtdia.sys

========== Files - Modified Within 30 Days ==========

[2012/09/15 13:57:21 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 13:57:21 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 13:53:18 | 000,779,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/15 13:53:18 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/15 13:53:18 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/15 13:52:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2012/09/15 13:46:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/15 13:46:49 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/15 13:14:37 | 094,883,637 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/09/08 13:44:10 | 000,040,208 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/07 15:39:24 | 427,974,198 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/09/03 11:47:45 | 000,001,132 | ---- | M] () -- C:\Users\Megan\Desktop\Mozilla Firefox.lnk
[2012/09/02 23:55:52 | 000,627,150 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2012/09/02 23:50:09 | 000,000,967 | ---- | M] () -- C:\Users\Megan\Desktop\AVG 2012.lnk
[2012/09/02 23:50:06 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/09/02 23:49:43 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/09/02 23:49:43 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2012/09/02 23:49:43 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/29 16:39:58 | 000,319,000 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/29 14:18:37 | 000,773,572 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/28 00:08:15 | 000,002,822 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2012/08/27 23:55:12 | 000,001,439 | ---- | M] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 21:44:41 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/08/27 21:44:41 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012/08/27 19:34:27 | 000,000,452 | ---- | M] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgtdia.sys
[2012/08/22 11:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/08/22 11:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS

========== Files Created - No Company Name ==========

[2012/09/15 13:14:37 | 094,883,637 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/09/08 13:44:10 | 000,040,208 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/07 15:39:24 | 427,974,198 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/09/03 11:47:45 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/03 11:47:45 | 000,001,132 | ---- | C] () -- C:\Users\Megan\Desktop\Mozilla Firefox.lnk
[2012/09/02 23:55:52 | 000,627,150 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2012/09/02 23:50:09 | 000,000,967 | ---- | C] () -- C:\Users\Megan\Desktop\AVG 2012.lnk
[2012/09/02 23:49:43 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/09/02 23:49:43 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavifw.avm
[2012/09/02 23:49:43 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/28 14:41:17 | 000,000,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Digital Delivery.lnk
[2012/08/27 23:55:12 | 000,001,439 | ---- | C] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 23:50:17 | 000,001,411 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/27 23:50:13 | 000,001,445 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/27 23:49:25 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/08/27 23:46:32 | 000,000,290 | ---- | C] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/27 23:46:32 | 000,000,272 | ---- | C] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/27 21:37:29 | 3062,902,784 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/27 19:34:27 | 000,000,452 | ---- | C] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2011/07/16 10:27:22 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/07/16 10:27:21 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/07/16 10:27:21 | 000,105,428 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/07/16 10:26:42 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/07/16 10:26:27 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/16 10:26:27 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/07/16 10:26:27 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/07/16 10:26:26 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/07/16 10:26:26 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/07/16 10:26:26 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/07/16 10:26:26 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/07/16 08:20:32 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/07/16 08:12:54 | 000,773,572 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BPVT-75HXZT1
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15834546176
Hidden sectors: 0

< End of report >

OTL Extras logfile created on: 9/15/2012 2:11:33 PM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Megan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 36.20% Memory free
7.61 Gb Paging File | 4.83 Gb Available in Paging File | 63.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 371.06 Gb Free Space | 82.27% Space Free | Partition Type: NTFS

Computer Name: MEGAN-PC | User Name: Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BF563A-6F11-47E1-B3F9-6E70DE22F42E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{080F7CAB-7CA7-4F6A-9B9B-EC03AF9062DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{13092DC0-C860-484C-82D8-7E332A67BD68}" = rport=445 | protocol=6 | dir=out | app=system |
"{26509555-63A7-46A8-8CC0-01FA7D750228}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A49AC5B-27A7-40F3-A389-6D00FE48CD79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D71E509-66F7-487C-9992-DD03F68A0EC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E22B43C-ED27-40D9-831D-0883614E68DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{49F934AD-8ABC-4759-B7C3-723DC8B6B479}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63644335-D6C6-4102-A485-38BFCA52C7A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BD5EAB3-B921-438A-8A61-C42779255DA4}" = rport=138 | protocol=17 | dir=out | app=system |
"{792E8E26-4D18-4F4D-878A-A0084731DDC7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8439479A-FCD2-4433-9A4D-B6629DD180D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{9EC1252C-24AA-4D4F-A195-68FC708A23CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A3D59050-F40E-4C7C-9D0B-43E8969792ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A60C874B-9696-415A-97AE-8B80A5670B95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD4BA7C-F7FF-4458-8B43-810351BD2DD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C76476D7-6846-459B-8628-0502B5915B9B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC562B80-41DF-4FF5-AF93-2FA21240AC81}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E816B544-0C27-493D-A14C-4AC3F0AF3121}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9A3C93C-4363-4894-B2B1-F4A15C4F4F32}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB725BBE-093C-42CD-B3D9-8B09CA1CCFD3}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2646E19-34A2-4976-9638-4A03E98AAF56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F63F494F-258D-497F-9FE2-97D279387512}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024A9EFA-100E-4F70-921B-32D6341237C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{043A135D-8D87-4A1E-87C0-36E8398D4235}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{0CDA3089-1367-4B8E-B536-8438160034BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10EE75C9-9B21-4834-A890-2446B2CE754E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12658A82-2E0F-4FC6-A525-7F6DE0CEE1C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D5F766B-F6D4-4312-878A-CAEA9490D477}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F3EDCDB-79A9-4176-8485-78D04B241641}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BF70EBD-6A91-4510-A3B4-81F41AB6FD9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44018B1F-2C5C-48AA-BE5D-966CA458E12F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4866D906-E951-4C65-83BE-E436C7B53ABD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55CE29E7-40D3-4AF6-B879-4B6A91C32039}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{5D9D948D-F454-4159-A5AA-38AD540D4CFB}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{5E6FA329-B38A-4222-8D7B-4B66A7DAFC6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F2C494E-F3FF-4E55-8BED-6D2E0A9B2CC6}" = protocol=1 | dir=out | [email protected],-28544 |
"{60B35E3C-8A93-489D-9E02-A5EE4E6C47E3}" = protocol=58 | dir=in | [email protected],-28545 |
"{66CE218F-16CC-4298-9E2A-F9A11C47EB83}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{7348AE7F-EB6A-4681-ACB2-D8A451564BB5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7B713C82-2257-4A4A-96F4-CD36D285031D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E91D739-B73F-4A22-97DE-C1C3E4B4ABF7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7E9548E5-30AD-4D27-B080-AC7D882E6D20}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8AA6D460-5F74-4FB1-A17C-9BA99D4A1A7F}" = protocol=6 | dir=out | app=system |
"{93E76202-D056-4556-A7C1-3810BA6BECFE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9F7453DD-D589-48DF-A2BD-53B116B0FE6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0C816CF-7592-42A5-BF79-D8B765692A19}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A9EBD381-FC44-4519-BE21-9E4251A6D98C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{AB37FC67-544B-41C0-B219-73B05D4BA929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB4C225E-F1E8-4628-A61F-4A4A058A8103}" = protocol=58 | dir=out | [email protected],-28546 |
"{AFA17695-417C-4078-9DDC-4F2D9DAF9B55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5D1A367-EB0B-40DF-8EBD-132547F15428}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E7E209FE-4F52-481C-B138-50505F4C23CC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E90C182B-97C0-4010-A005-D8039F455289}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED18CEC9-2664-442D-A047-DE17116E56F9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F40FD778-E187-4304-9284-872D547A353F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F479EE90-5D0E-49B5-B313-0B707A14DDF4}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{4ED0DB47-769D-4B71-8724-E7A5BFEA1D51}" = Adobe Flash Player 10 Plugin
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1" = Free Mouse Auto Clicker 3.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88D881EF-0567-443A-9A84-E5AAEF29BB34}" = Adobe Flash Player 10 ActiveX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}" = Dell Digital Delivery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley ™
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2012 11:27:03 PM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: YontooIEClient.dll, version: 1.10.1.0,
time stamp: 0x4ee16049 Exception code: 0xc0000005 Fault offset: 0x0001e701 Faulting
process id: 0x1068 Faulting application start time: 0x01cd8728740620b0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\Yontoo\YontooIEClient.dll Report Id: bb418f7e-f31b-11e1-b20a-1803736f19bd

Error - 8/31/2012 12:21:24 AM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x661c6992 Faulting process id: 0x1374 Faulting application
start time: 0x01cd871c72526dac Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 52b79bac-f323-11e1-b20a-1803736f19bd

Error - 8/31/2012 1:00:59 AM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0f000007 Faulting process id: 0x22f8 Faulting application
start time: 0x01cd87304fdb6859 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: da4fd03c-f328-11e1-b20a-1803736f19bd

Error - 9/1/2012 2:07:29 AM | Computer Name = Megan-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/1/2012 2:28:36 AM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time
stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x001d9b56 Faulting process
id: 0x11d4 Faulting application start time: 0x01cd880826973663 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll
Report
Id: 41de9404-f3fe-11e1-a91a-1803736f19bd

Error - 9/1/2012 6:16:28 AM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time
stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x001d9b56 Faulting process
id: 0x1bcc Faulting application start time: 0x01cd880b24f42814 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll
Report
Id: 177abccf-f41e-11e1-a91a-1803736f19bd

Error - 9/1/2012 10:04:46 PM | Computer Name = Megan-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/2/2012 1:04:35 AM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x1c691167 Faulting process id: 0xb50 Faulting application
start time: 0x01cd88af5e520d2c Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: b030489e-f4bb-11e1-80ac-1803736f19bd

Error - 9/2/2012 1:50:25 AM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: Flash10s.ocx, version: 10.3.181.23, time
stamp: 0x4debfb58 Exception code: 0xc0000005 Fault offset: 0x003c1080 Faulting process
id: 0x14dc Faulting application start time: 0x01cd88c8aa967808 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash10s.ocx
Report
Id: 16de194c-f4c2-11e1-80ac-1803736f19bd

Error - 9/2/2012 2:14:53 AM | Computer Name = Megan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time
stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x001d9b56 Faulting process
id: 0xb60 Faulting application start time: 0x01cd88cf0efbf499 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll
Report
Id: 823fd5f3-f4c5-11e1-80ac-1803736f19bd

[ Dell Events ]
Error - 9/8/2012 3:01:27 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 3:01:27 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 3:07:35 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 3:07:35 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 4:31:18 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 4:31:18 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 4:33:59 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 4:33:59 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 4:42:30 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/8/2012 4:42:30 AM | Computer Name = Megan-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 9/7/2012 6:40:47 PM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent
service to connect.

Error - 9/7/2012 6:40:47 PM | Computer Name = Megan-PC | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%1053

Error - 9/7/2012 6:46:58 PM | Computer Name = Megan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).

Error - 9/7/2012 6:46:58 PM | Computer Name = Megan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).

Error - 9/7/2012 6:46:58 PM | Computer Name = Megan-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

Error - 9/7/2012 6:48:25 PM | Computer Name = Megan-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 9/7/2012 6:52:49 PM | Computer Name = Megan-PC | Source = bowser | ID = 8003
Description =

Error - 9/7/2012 11:40:34 PM | Computer Name = Megan-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/7/2012 11:41:42 PM | Computer Name = Megan-PC | Source = bowser | ID = 8003
Description =

Error - 9/8/2012 3:05:47 AM | Computer Name = Megan-PC | Source = bowser | ID = 8003
Description =

< End of report >

When I get back on the other laptoop i will follow through with the nnext step and i will also do that to this computer when u take a look at the logs.

#6
RKinner

Posted 15 September 2012 - 06:23 PM

Malware Expert

Expert
24,624 posts

This one has a zero access infection:

PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

[2012/08/27 21:39:09 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\svchost.exe

svchost.exe should be in c:\windows\system32\svchost.exe not C:\windows\svchost.exe and certainly not \\.\globalroot\systemroot\svchost.exe

There are several different versions of this rootkit.

I'm guessing this is the one that runs out of C:\$Recycle.Bin\ since I don't see any of the other signs. There may also be a fake partition. Follow the same steps as in my previous post but start after the first OTL fix where it says:

Download aswMBR.exe ( 511KB ) to your desktop.

One Exception: When aswMBR runs it will put two files on your desktop. One is the log and the other MBR.dat is a copy of the mbr. Please ATTACH MBR.dat (do not try to open it).
Some programs may not be able to run with this infection. If that's the case just skip to the next one.

#7
Sapphire Dreams

Posted 16 September 2012 - 12:00 AM

Member

Topic Starter
Member
18 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-15 22:50:58
-----------------------------
22:50:58.623 OS Version: Windows x64 6.1.7601 Service Pack 1
22:50:58.623 Number of processors: 4 586 0x2505
22:50:58.623 ComputerName: MEGAN-PC UserName: Megan
22:51:02.263 Initialize success
22:51:27.305 AVAST engine download error: 0
22:52:24.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:52:24.925 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
22:52:24.935 Device \Driver\iaStor -> MajorFunction fffffa800671c5c4
22:52:24.935 Disk 0 MBR read successfully
22:52:24.945 Disk 0 MBR scan
22:52:24.945 Disk 0 Windows 7 default MBR code
22:52:24.955 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
22:52:24.975 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
22:52:24.995 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
22:52:25.025 Disk 0 scanning C:\windows\system32\drivers
22:52:30.465 Service scanning
22:53:45.605 Modules scanning
22:53:45.615 Scan finished successfully
22:55:12.095 Disk 0 MBR has been saved successfully to "C:\Users\Megan\Desktop\MBR.dat"
22:55:12.105 The log file has been saved successfully to "C:\Users\Megan\Desktop\aswMBR-LOG.txt"

The only problem is i dont know how to attach MBR.dat It is on my Desktop and so is the log which is pasted above...

#8
RKinner

Posted 16 September 2012 - 12:02 AM

Malware Expert

Expert
24,624 posts

Don't worry about attaching mbr.dat. It appears like we won't need it from what aswMBR says. That's very good news. I hate messing with the mbr.

Just go on with the other steps.

#9
Sapphire Dreams

Posted 16 September 2012 - 12:22 AM

Member

Topic Starter
Member
18 posts

ComboFix 12-09-15.02 - Megan 09/15/2012 23:08:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2541 [GMT -7:00]
Running from: c:\users\Megan\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 06:13 . 2012-09-16 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 21:41 . 2012-09-15 21:41 0 ----a-w- c:\windows\SysWow64\shoB912.tmp
2012-09-15 04:55 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-15 04:55 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-15 04:55 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-15 04:55 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-15 04:55 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-15 04:55 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-15 04:55 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-07 05:17 . 2012-09-07 05:17 -------- d-----w- C:\found.000
2012-09-06 20:13 . 2012-09-06 20:13 -------- d-----r- C:\MSOCache
2012-09-04 18:27 . 2012-08-03 11:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-09-03 18:47 . 2012-09-03 18:47 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-03 06:50 . 2012-09-03 06:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-03 06:50 . 2012-09-03 06:50 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-03 06:50 . 2012-09-03 06:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-03 06:50 . 2012-09-03 06:50 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-03 06:49 . 2012-09-03 06:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-09-03 06:48 . 2012-09-16 04:51 -------- d-----w- c:\windows\system32\drivers\AVG
2012-09-03 06:48 . 2012-09-07 22:40 -------- d-----w- c:\programdata\AVG2012
2012-09-03 06:48 . 2012-09-03 06:48 -------- d-----w- C:\$AVG
2012-09-02 10:30 . 2012-09-02 10:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A270F9-112E-4B58-9182-DD7485014411}\offreg.dll
2012-09-01 06:12 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A270F9-112E-4B58-9182-DD7485014411}\mpengine.dll
2012-08-30 18:08 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-30 03:20 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-08-29 21:48 . 2012-08-29 21:48 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-29 21:48 . 2012-08-29 21:48 -------- d-----w- c:\windows\system32\Wat
2012-08-29 21:09 . 2012-08-29 21:09 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-29 20:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-29 20:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-29 20:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-29 20:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-29 20:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-29 20:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-29 20:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-29 06:17 . 2012-08-30 00:22 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-29 05:54 . 2012-08-29 05:54 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-29 04:18 . 2012-09-15 21:48 -------- d-----w- c:\programdata\Tarma Installer
2012-08-29 04:18 . 2012-08-29 04:18 -------- d-----w- c:\program files (x86)\Free Mouse Auto Clicker
2012-08-29 04:06 . 2012-08-29 20:54 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-29 04:06 . 2012-08-29 04:06 -------- d-----w- c:\program files\Microsoft Office
2012-08-28 22:00 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-08-28 21:59 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-28 21:41 . 2012-08-28 21:41 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-08-28 07:08 . 2012-08-28 07:08 -------- d-----w- c:\program files (x86)\AVG
2012-08-28 06:57 . 2012-09-16 04:53 -------- d-----w- c:\programdata\MFAData
2012-08-28 06:57 . 2012-08-28 06:57 -------- d--h--w- c:\programdata\Common Files
2012-08-28 06:53 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-28 06:53 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-28 06:53 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-28 06:49 . 2012-08-28 06:49 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-08-28 06:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-28 06:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-28 06:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-28 06:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-28 06:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-28 06:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-28 06:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-28 06:47 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-28 06:47 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-28 06:46 . 2012-09-10 07:18 -------- d-----w- c:\users\Megan
2012-08-27 22:50 . 2012-09-10 07:16 -------- d-----w- C:\Emergency
2012-08-27 22:34 . 2012-08-27 22:50 -------- d-----w- c:\windows\SMINST
2012-08-24 22:43 . 2012-08-24 22:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 06:46 . 2010-06-24 16:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-26 10:21 . 2012-07-26 10:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 06:50 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-09-03 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Megan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-16 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-02-14 495746]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-03 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-09-03 1020512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-11 120032]
.
c:\users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Megan\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-03 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-03 927840]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-423531589-2283378909-819107643-1001Core.job
- c:\users\Megan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-16 04:52]
.
2012-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-423531589-2283378909-819107643-1001UA.job
- c:\users\Megan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-16 04:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.169.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mozilla Firefox 15.0 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-15 23:16:36
ComboFix-quarantined-files.txt 2012-09-16 06:16
.
Pre-Run: 397,718,368,256 bytes free
Post-Run: 398,939,545,600 bytes free
.
- - End Of File - - 5500D7C728ABB41A6BE39CA7993E5629

#10
Sapphire Dreams

Posted 16 September 2012 - 12:30 AM

Member

Topic Starter
Member
18 posts

How do i run TDSSKiller. My comuter keeps popping up with a box that says choose a program to run TDSSKiller

It is also the same for the Malwarebytes also. I dont know what to choose to run it. Am i doing something wrong?

Edited by Sapphire Dreams, 16 September 2012 - 12:38 AM.

#11
RKinner

Posted 16 September 2012 - 01:21 AM

Malware Expert

Expert
24,624 posts

Probably it's the malware. Sometimes if you go into Safe Mode it will let you run it.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

If that doesn't help just go on.

I'm going to bed now it's after midnight here.

#12
Sapphire Dreams

Posted 16 September 2012 - 01:10 PM

Member

Topic Starter
Member
18 posts

TDSS Log

12:07:04.0638 1656 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:07:04.0935 1656 ============================================================
12:07:04.0935 1656 Current date / time: 2012/09/16 12:07:04.0935
12:07:04.0935 1656 SystemInfo:
12:07:04.0935 1656
12:07:04.0935 1656 OS Version: 6.1.7601 ServicePack: 1.0
12:07:04.0935 1656 Product type: Workstation
12:07:04.0935 1656 ComputerName: MEGAN-PC
12:07:04.0935 1656 UserName: Megan
12:07:04.0935 1656 Windows directory: C:\windows
12:07:04.0935 1656 System windows directory: C:\windows
12:07:04.0935 1656 Running under WOW64
12:07:04.0935 1656 Processor architecture: Intel x64
12:07:04.0935 1656 Number of processors: 4
12:07:04.0935 1656 Page size: 0x1000
12:07:04.0935 1656 Boot type: Safe boot with network
12:07:04.0935 1656 ============================================================
12:07:05.0153 1656 BG loaded
12:07:05.0621 1656 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:07:05.0621 1656 ============================================================
12:07:05.0621 1656 \Device\Harddisk0\DR0:
12:07:05.0621 1656 MBR partitions:
12:07:05.0621 1656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
12:07:05.0621 1656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
12:07:05.0621 1656 ============================================================
12:07:05.0652 1656 C: <-> \Device\Harddisk0\DR0\Partition2
12:07:05.0652 1656 ============================================================
12:07:05.0652 1656 Initialize success
12:07:05.0652 1656 ============================================================
12:07:11.0752 1636 ============================================================
12:07:11.0752 1636 Scan started
12:07:11.0752 1636 Mode: Manual; SigCheck; TDLFS;
12:07:11.0752 1636 ============================================================
12:07:12.0048 1636 ================ Scan system memory ========================
12:07:12.0048 1636 System memory - ok
12:07:12.0048 1636 ================ Scan services =============================
12:07:12.0376 1636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
12:07:12.0454 1636 1394ohci - ok
12:07:12.0501 1636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
12:07:12.0516 1636 ACPI - ok
12:07:12.0548 1636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
12:07:12.0610 1636 AcpiPmi - ok
12:07:12.0672 1636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
12:07:12.0688 1636 adp94xx - ok
12:07:12.0750 1636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
12:07:12.0766 1636 adpahci - ok
12:07:12.0813 1636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
12:07:12.0828 1636 adpu320 - ok
12:07:12.0860 1636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
12:07:13.0016 1636 AeLookupSvc - ok
12:07:13.0109 1636 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
12:07:13.0125 1636 AESTFilters - ok
12:07:13.0172 1636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
12:07:13.0218 1636 AFD - ok
12:07:13.0281 1636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
12:07:13.0281 1636 agp440 - ok
12:07:13.0312 1636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
12:07:13.0343 1636 ALG - ok
12:07:13.0390 1636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
12:07:13.0390 1636 aliide - ok
12:07:13.0390 1636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
12:07:13.0406 1636 amdide - ok
12:07:13.0437 1636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
12:07:13.0468 1636 AmdK8 - ok
12:07:13.0484 1636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
12:07:13.0499 1636 AmdPPM - ok
12:07:13.0530 1636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
12:07:13.0546 1636 amdsata - ok
12:07:13.0577 1636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
12:07:13.0593 1636 amdsbs - ok
12:07:13.0624 1636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
12:07:13.0624 1636 amdxata - ok
12:07:13.0655 1636 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
12:07:13.0671 1636 ApfiltrService - ok
12:07:13.0733 1636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
12:07:13.0780 1636 AppID - ok
12:07:13.0827 1636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
12:07:13.0874 1636 AppIDSvc - ok
12:07:13.0905 1636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
12:07:13.0952 1636 Appinfo - ok
12:07:14.0045 1636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
12:07:14.0045 1636 arc - ok
12:07:14.0061 1636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
12:07:14.0076 1636 arcsas - ok
12:07:14.0186 1636 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:07:14.0232 1636 aspnet_state - ok
12:07:14.0248 1636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
12:07:14.0295 1636 AsyncMac - ok
12:07:14.0326 1636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
12:07:14.0326 1636 atapi - ok
12:07:14.0404 1636 [ 80D6820DDB5427363A9D3F2137441C83 ] athr C:\windows\system32\DRIVERS\athrx.sys
12:07:14.0482 1636 athr - ok
12:07:14.0529 1636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:07:14.0607 1636 AudioEndpointBuilder - ok
12:07:14.0638 1636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
12:07:14.0669 1636 AudioSrv - ok
12:07:14.0716 1636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
12:07:14.0747 1636 AxInstSV - ok
12:07:14.0794 1636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
12:07:14.0856 1636 b06bdrv - ok
12:07:14.0903 1636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
12:07:14.0934 1636 b57nd60a - ok
12:07:14.0966 1636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
12:07:14.0997 1636 BDESVC - ok
12:07:15.0012 1636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
12:07:15.0059 1636 Beep - ok
12:07:15.0122 1636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
12:07:15.0168 1636 BFE - ok
12:07:15.0246 1636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
12:07:15.0324 1636 BITS - ok
12:07:15.0340 1636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
12:07:15.0356 1636 blbdrive - ok
12:07:15.0371 1636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
12:07:15.0418 1636 bowser - ok
12:07:15.0434 1636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
12:07:15.0465 1636 BrFiltLo - ok
12:07:15.0465 1636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
12:07:15.0480 1636 BrFiltUp - ok
12:07:15.0496 1636 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
12:07:15.0543 1636 BridgeMP - ok
12:07:15.0590 1636 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
12:07:15.0621 1636 Browser - ok
12:07:15.0636 1636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
12:07:15.0668 1636 Brserid - ok
12:07:15.0668 1636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
12:07:15.0699 1636 BrSerWdm - ok
12:07:15.0699 1636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
12:07:15.0714 1636 BrUsbMdm - ok
12:07:15.0746 1636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
12:07:15.0777 1636 BrUsbSer - ok
12:07:15.0839 1636 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
12:07:15.0886 1636 BthEnum - ok
12:07:15.0948 1636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
12:07:15.0980 1636 BTHMODEM - ok
12:07:16.0011 1636 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
12:07:16.0026 1636 BthPan - ok
12:07:16.0120 1636 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
12:07:16.0151 1636 BTHPORT - ok
12:07:16.0182 1636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
12:07:16.0229 1636 bthserv - ok
12:07:16.0260 1636 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
12:07:16.0292 1636 BTHUSB - ok
12:07:16.0323 1636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
12:07:16.0354 1636 cdfs - ok
12:07:16.0354 1636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
12:07:16.0385 1636 cdrom - ok
12:07:16.0416 1636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
12:07:16.0463 1636 CertPropSvc - ok
12:07:16.0479 1636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
12:07:16.0494 1636 circlass - ok
12:07:16.0526 1636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
12:07:16.0541 1636 CLFS - ok
12:07:16.0588 1636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:07:16.0588 1636 clr_optimization_v2.0.50727_32 - ok
12:07:16.0619 1636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:07:16.0635 1636 clr_optimization_v2.0.50727_64 - ok
12:07:16.0682 1636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:07:16.0838 1636 clr_optimization_v4.0.30319_32 - ok
12:07:16.0853 1636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:07:16.0947 1636 clr_optimization_v4.0.30319_64 - ok
12:07:16.0962 1636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
12:07:16.0978 1636 CmBatt - ok
12:07:17.0025 1636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
12:07:17.0025 1636 cmdide - ok
12:07:17.0056 1636 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
12:07:17.0087 1636 CNG - ok
12:07:17.0103 1636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
12:07:17.0118 1636 Compbatt - ok
12:07:17.0118 1636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
12:07:17.0150 1636 CompositeBus - ok
12:07:17.0181 1636 COMSysApp - ok
12:07:17.0196 1636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
12:07:17.0212 1636 crcdisk - ok
12:07:17.0274 1636 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
12:07:17.0306 1636 CryptSvc - ok
12:07:17.0352 1636 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
12:07:17.0384 1636 CtClsFlt - ok
12:07:17.0524 1636 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:07:17.0555 1636 cvhsvc - ok
12:07:17.0586 1636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
12:07:17.0649 1636 DcomLaunch - ok
12:07:17.0711 1636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
12:07:17.0774 1636 defragsvc - ok
12:07:17.0805 1636 [ 88D5FE2109F1A52CF69BA410082A833A ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
12:07:17.0820 1636 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
12:07:17.0820 1636 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
12:07:17.0852 1636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
12:07:17.0898 1636 DfsC - ok
12:07:17.0914 1636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
12:07:17.0976 1636 Dhcp - ok
12:07:17.0976 1636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
12:07:18.0023 1636 discache - ok
12:07:18.0039 1636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
12:07:18.0054 1636 Disk - ok
12:07:18.0070 1636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
12:07:18.0086 1636 Dnscache - ok
12:07:18.0101 1636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
12:07:18.0148 1636 dot3svc - ok
12:07:18.0164 1636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
12:07:18.0210 1636 DPS - ok
12:07:18.0242 1636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
12:07:18.0273 1636 drmkaud - ok
12:07:18.0335 1636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
12:07:18.0351 1636 DXGKrnl - ok
12:07:18.0382 1636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
12:07:18.0429 1636 EapHost - ok
12:07:18.0491 1636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
12:07:18.0585 1636 ebdrv - ok
12:07:18.0600 1636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
12:07:18.0616 1636 EFS - ok
12:07:18.0678 1636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
12:07:18.0741 1636 ehRecvr - ok
12:07:18.0772 1636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
12:07:18.0772 1636 ehSched - ok
12:07:18.0819 1636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
12:07:18.0834 1636 elxstor - ok
12:07:18.0850 1636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
12:07:18.0866 1636 ErrDev - ok
12:07:18.0944 1636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
12:07:18.0990 1636 EventSystem - ok
12:07:19.0006 1636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
12:07:19.0037 1636 exfat - ok
12:07:19.0068 1636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
12:07:19.0115 1636 fastfat - ok
12:07:19.0146 1636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
12:07:19.0193 1636 Fax - ok
12:07:19.0256 1636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
12:07:19.0287 1636 fdc - ok
12:07:19.0302 1636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
12:07:19.0349 1636 fdPHost - ok
12:07:19.0349 1636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
12:07:19.0412 1636 FDResPub - ok
12:07:19.0427 1636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
12:07:19.0427 1636 FileInfo - ok
12:07:19.0443 1636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
12:07:19.0474 1636 Filetrace - ok
12:07:19.0490 1636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
12:07:19.0505 1636 flpydisk - ok
12:07:19.0536 1636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
12:07:19.0552 1636 FltMgr - ok
12:07:19.0583 1636 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
12:07:19.0646 1636 FontCache - ok
12:07:19.0692 1636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:07:19.0692 1636 FontCache3.0.0.0 - ok
12:07:19.0708 1636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
12:07:19.0708 1636 FsDepends - ok
12:07:19.0739 1636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
12:07:19.0755 1636 Fs_Rec - ok
12:07:19.0802 1636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
12:07:19.0817 1636 fvevol - ok
12:07:19.0848 1636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
12:07:19.0864 1636 gagp30kx - ok
12:07:19.0911 1636 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:07:19.0926 1636 GamesAppService - ok
12:07:19.0958 1636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
12:07:20.0004 1636 gpsvc - ok
12:07:20.0004 1636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
12:07:20.0051 1636 hcw85cir - ok
12:07:20.0098 1636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:07:20.0129 1636 HdAudAddService - ok
12:07:20.0129 1636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
12:07:20.0160 1636 HDAudBus - ok
12:07:20.0192 1636 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
12:07:20.0192 1636 HECIx64 - ok
12:07:20.0192 1636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
12:07:20.0223 1636 HidBatt - ok
12:07:20.0223 1636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
12:07:20.0238 1636 HidBth - ok
12:07:20.0270 1636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
12:07:20.0285 1636 HidIr - ok
12:07:20.0301 1636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
12:07:20.0348 1636 hidserv - ok
12:07:20.0410 1636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
12:07:20.0410 1636 HidUsb - ok
12:07:20.0457 1636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
12:07:20.0519 1636 hkmsvc - ok
12:07:20.0550 1636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:07:20.0582 1636 HomeGroupListener - ok
12:07:20.0613 1636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:07:20.0628 1636 HomeGroupProvider - ok
12:07:20.0675 1636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
12:07:20.0675 1636 HpSAMD - ok
12:07:20.0706 1636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
12:07:20.0769 1636 HTTP - ok
12:07:20.0769 1636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
12:07:20.0784 1636 hwpolicy - ok
12:07:20.0784 1636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
12:07:20.0800 1636 i8042prt - ok
12:07:20.0847 1636 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
12:07:20.0862 1636 iaStor - ok
12:07:20.0909 1636 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:07:20.0909 1636 IAStorDataMgrSvc - ok
12:07:20.0940 1636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
12:07:20.0956 1636 iaStorV - ok
12:07:21.0003 1636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:07:21.0034 1636 idsvc - ok
12:07:21.0237 1636 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
12:07:21.0549 1636 igfx - ok
12:07:21.0580 1636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
12:07:21.0580 1636 iirsp - ok
12:07:21.0627 1636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
12:07:21.0674 1636 IKEEXT - ok
12:07:21.0736 1636 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
12:07:21.0767 1636 Impcd - ok
12:07:21.0799 1636 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
12:07:21.0814 1636 IntcDAud - ok
12:07:21.0845 1636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
12:07:21.0845 1636 intelide - ok
12:07:21.0877 1636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
12:07:21.0892 1636 intelppm - ok
12:07:21.0923 1636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
12:07:21.0970 1636 IPBusEnum - ok
12:07:22.0001 1636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
12:07:22.0033 1636 IpFilterDriver - ok
12:07:22.0079 1636 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
12:07:22.0126 1636 iphlpsvc - ok
12:07:22.0126 1636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
12:07:22.0142 1636 IPMIDRV - ok
12:07:22.0157 1636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
12:07:22.0189 1636 IPNAT - ok
12:07:22.0204 1636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
12:07:22.0220 1636 IRENUM - ok
12:07:22.0235 1636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
12:07:22.0235 1636 isapnp - ok
12:07:22.0282 1636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
12:07:22.0298 1636 iScsiPrt - ok
12:07:22.0329 1636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
12:07:22.0345 1636 kbdclass - ok
12:07:22.0345 1636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
12:07:22.0360 1636 kbdhid - ok
12:07:22.0391 1636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
12:07:22.0391 1636 KeyIso - ok
12:07:22.0407 1636 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
12:07:22.0407 1636 KSecDD - ok
12:07:22.0438 1636 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
12:07:22.0454 1636 KSecPkg - ok
12:07:22.0454 1636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
12:07:22.0516 1636 ksthunk - ok
12:07:22.0547 1636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
12:07:22.0610 1636 KtmRm - ok
12:07:22.0672 1636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
12:07:22.0735 1636 LanmanServer - ok
12:07:22.0766 1636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:07:22.0797 1636 LanmanWorkstation - ok
12:07:22.0844 1636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
12:07:22.0891 1636 lltdio - ok
12:07:22.0922 1636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
12:07:22.0969 1636 lltdsvc - ok
12:07:22.0984 1636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
12:07:23.0015 1636 lmhosts - ok
12:07:23.0078 1636 [ 23D990150D56B670A62B21B9ABDD45EE ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:07:23.0093 1636 LMS - ok
12:07:23.0125 1636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
12:07:23.0140 1636 LSI_FC - ok
12:07:23.0140 1636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
12:07:23.0156 1636 LSI_SAS - ok
12:07:23.0187 1636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
12:07:23.0187 1636 LSI_SAS2 - ok
12:07:23.0203 1636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
12:07:23.0203 1636 LSI_SCSI - ok
12:07:23.0234 1636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
12:07:23.0281 1636 luafv - ok
12:07:23.0312 1636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
12:07:23.0327 1636 Mcx2Svc - ok
12:07:23.0359 1636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
12:07:23.0359 1636 megasas - ok
12:07:23.0405 1636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
12:07:23.0421 1636 MegaSR - ok
12:07:23.0437 1636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
12:07:23.0483 1636 MMCSS - ok
12:07:23.0499 1636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
12:07:23.0546 1636 Modem - ok
12:07:23.0577 1636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
12:07:23.0593 1636 monitor - ok
12:07:23.0608 1636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
12:07:23.0624 1636 mouclass - ok
12:07:23.0624 1636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
12:07:23.0655 1636 mouhid - ok
12:07:23.0655 1636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
12:07:23.0671 1636 mountmgr - ok
12:07:23.0749 1636 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:07:23.0764 1636 MozillaMaintenance - ok
12:07:23.0780 1636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
12:07:23.0795 1636 mpio - ok
12:07:23.0795 1636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
12:07:23.0827 1636 mpsdrv - ok
12:07:23.0873 1636 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
12:07:23.0936 1636 MpsSvc - ok
12:07:23.0936 1636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
12:07:23.0967 1636 MRxDAV - ok
12:07:23.0998 1636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
12:07:24.0045 1636 mrxsmb - ok
12:07:24.0061 1636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
12:07:24.0076 1636 mrxsmb10 - ok
12:07:24.0092 1636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
12:07:24.0092 1636 mrxsmb20 - ok
12:07:24.0139 1636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
12:07:24.0139 1636 msahci - ok
12:07:24.0154 1636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
12:07:24.0170 1636 msdsm - ok
12:07:24.0201 1636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
12:07:24.0232 1636 MSDTC - ok
12:07:24.0248 1636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
12:07:24.0279 1636 Msfs - ok
12:07:24.0295 1636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
12:07:24.0341 1636 mshidkmdf - ok
12:07:24.0373 1636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
12:07:24.0373 1636 msisadrv - ok
12:07:24.0451 1636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
12:07:24.0497 1636 MSiSCSI - ok
12:07:24.0497 1636 msiserver - ok
12:07:24.0513 1636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
12:07:24.0560 1636 MSKSSRV - ok
12:07:24.0591 1636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
12:07:24.0638 1636 MSPCLOCK - ok
12:07:24.0638 1636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
12:07:24.0669 1636 MSPQM - ok
12:07:24.0700 1636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
12:07:24.0716 1636 MsRPC - ok
12:07:24.0716 1636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
12:07:24.0731 1636 mssmbios - ok
12:07:24.0747 1636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
12:07:24.0794 1636 MSTEE - ok
12:07:24.0794 1636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
12:07:24.0809 1636 MTConfig - ok
12:07:24.0841 1636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
12:07:24.0841 1636 Mup - ok
12:07:24.0887 1636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
12:07:24.0934 1636 napagent - ok
12:07:24.0981 1636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
12:07:25.0012 1636 NativeWifiP - ok
12:07:25.0090 1636 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
12:07:25.0106 1636 NDIS - ok
12:07:25.0137 1636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
12:07:25.0184 1636 NdisCap - ok
12:07:25.0199 1636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
12:07:25.0231 1636 NdisTapi - ok
12:07:25.0262 1636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
12:07:25.0309 1636 Ndisuio - ok
12:07:25.0324 1636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
12:07:25.0371 1636 NdisWan - ok
12:07:25.0387 1636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
12:07:25.0418 1636 NDProxy - ok
12:07:25.0418 1636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
12:07:25.0465 1636 NetBIOS - ok
12:07:25.0465 1636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
12:07:25.0511 1636 NetBT - ok
12:07:25.0543 1636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
12:07:25.0543 1636 Netlogon - ok
12:07:25.0589 1636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
12:07:25.0652 1636 Netman - ok
12:07:25.0683 1636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:07:25.0714 1636 NetMsmqActivator - ok
12:07:25.0714 1636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:07:25.0730 1636 NetPipeActivator - ok
12:07:25.0730 1636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
12:07:25.0792 1636 netprofm - ok
12:07:25.0792 1636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:07:25.0808 1636 NetTcpActivator - ok
12:07:25.0808 1636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:07:25.0823 1636 NetTcpPortSharing - ok
12:07:25.0855 1636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
12:07:25.0855 1636 nfrd960 - ok
12:07:25.0870 1636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
12:07:25.0917 1636 NlaSvc - ok
12:07:26.0042 1636 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
12:07:26.0120 1636 NOBU - ok
12:07:26.0135 1636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
12:07:26.0167 1636 Npfs - ok
12:07:26.0182 1636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
12:07:26.0245 1636 nsi - ok
12:07:26.0245 1636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
12:07:26.0291 1636 nsiproxy - ok
12:07:26.0354 1636 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
12:07:26.0401 1636 Ntfs - ok
12:07:26.0401 1636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
12:07:26.0432 1636 Null - ok
12:07:26.0463 1636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
12:07:26.0479 1636 nvraid - ok
12:07:26.0494 1636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
12:07:26.0510 1636 nvstor - ok
12:07:26.0510 1636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
12:07:26.0525 1636 nv_agp - ok
12:07:26.0525 1636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
12:07:26.0541 1636 ohci1394 - ok
12:07:26.0572 1636 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:07:26.0588 1636 ose - ok
12:07:26.0759 1636 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:07:26.0915 1636 osppsvc - ok
12:07:26.0947 1636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
12:07:27.0009 1636 p2pimsvc - ok
12:07:27.0040 1636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
12:07:27.0056 1636 p2psvc - ok
12:07:27.0071 1636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
12:07:27.0087 1636 Parport - ok
12:07:27.0118 1636 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
12:07:27.0118 1636 partmgr - ok
12:07:27.0134 1636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
12:07:27.0165 1636 PcaSvc - ok
12:07:27.0196 1636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
12:07:27.0196 1636 pci - ok
12:07:27.0212 1636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
12:07:27.0227 1636 pciide - ok
12:07:27.0243 1636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
12:07:27.0259 1636 pcmcia - ok
12:07:27.0259 1636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
12:07:27.0274 1636 pcw - ok
12:07:27.0274 1636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
12:07:27.0337 1636 PEAUTH - ok
12:07:27.0415 1636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
12:07:27.0446 1636 PerfHost - ok
12:07:27.0493 1636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
12:07:27.0571 1636 pla - ok
12:07:27.0602 1636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
12:07:27.0649 1636 PlugPlay - ok
12:07:27.0649 1636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
12:07:27.0680 1636 PNRPAutoReg - ok
12:07:27.0680 1636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
12:07:27.0695 1636 PNRPsvc - ok
12:07:27.0742 1636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
12:07:27.0789 1636 PolicyAgent - ok
12:07:27.0836 1636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
12:07:27.0883 1636 Power - ok
12:07:27.0929 1636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
12:07:27.0976 1636 PptpMiniport - ok
12:07:28.0007 1636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
12:07:28.0039 1636 Processor - ok
12:07:28.0101 1636 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
12:07:28.0148 1636 ProfSvc - ok
12:07:28.0179 1636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
12:07:28.0179 1636 ProtectedStorage - ok
12:07:28.0195 1636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
12:07:28.0257 1636 Psched - ok
12:07:28.0304 1636 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
12:07:28.0304 1636 PxHlpa64 - ok
12:07:28.0366 1636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
12:07:28.0413 1636 ql2300 - ok
12:07:28.0444 1636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
12:07:28.0444 1636 ql40xx - ok
12:07:28.0507 1636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
12:07:28.0522 1636 QWAVE - ok
12:07:28.0538 1636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
12:07:28.0569 1636 QWAVEdrv - ok
12:07:28.0569 1636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
12:07:28.0631 1636 RasAcd - ok
12:07:28.0678 1636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:07:28.0725 1636 RasAgileVpn - ok
12:07:28.0741 1636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
12:07:28.0787 1636 RasAuto - ok
12:07:28.0803 1636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:07:28.0834 1636 Rasl2tp - ok
12:07:28.0865 1636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
12:07:28.0912 1636 RasMan - ok
12:07:28.0912 1636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:07:28.0959 1636 RasPppoe - ok
12:07:28.0990 1636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:07:29.0037 1636 RasSstp - ok
12:07:29.0053 1636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:07:29.0099 1636 rdbss - ok
12:07:29.0099 1636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
12:07:29.0115 1636 rdpbus - ok
12:07:29.0115 1636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
12:07:29.0177 1636 RDPCDD - ok
12:07:29.0193 1636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
12:07:29.0255 1636 RDPENCDD - ok
12:07:29.0255 1636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
12:07:29.0287 1636 RDPREFMP - ok
12:07:29.0318 1636 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:07:29.0349 1636 RDPWD - ok
12:07:29.0396 1636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:07:29.0396 1636 rdyboost - ok
12:07:29.0427 1636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
12:07:29.0474 1636 RemoteAccess - ok
12:07:29.0489 1636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:07:29.0536 1636 RemoteRegistry - ok
12:07:29.0567 1636 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
12:07:29.0583 1636 RFCOMM - ok
12:07:29.0692 1636 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
12:07:29.0739 1636 RoxMediaDB12OEM - ok
12:07:29.0755 1636 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
12:07:29.0770 1636 RoxWatch12 - ok
12:07:29.0817 1636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:07:29.0848 1636 RpcEptMapper - ok
12:07:29.0879 1636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
12:07:29.0895 1636 RpcLocator - ok
12:07:29.0911 1636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
12:07:29.0957 1636 RpcSs - ok
12:07:29.0989 1636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:07:30.0020 1636 rspndr - ok
12:07:30.0067 1636 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
12:07:30.0082 1636 RSUSBSTOR - ok
12:07:30.0098 1636 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
12:07:30.0113 1636 RTL8167 - ok
12:07:30.0145 1636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
12:07:30.0145 1636 SamSs - ok
12:07:30.0160 1636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
12:07:30.0176 1636 sbp2port - ok
12:07:30.0191 1636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
12:07:30.0238 1636 SCardSvr - ok
12:07:30.0238 1636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:07:30.0285 1636 scfilter - ok
12:07:30.0316 1636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
12:07:30.0379 1636 Schedule - ok
12:07:30.0410 1636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
12:07:30.0441 1636 SCPolicySvc - ok
12:07:30.0457 1636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:07:30.0488 1636 SDRSVC - ok
12:07:30.0535 1636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
12:07:30.0581 1636 secdrv - ok
12:07:30.0597 1636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
12:07:30.0644 1636 seclogon - ok
12:07:30.0644 1636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
12:07:30.0675 1636 SENS - ok
12:07:30.0706 1636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
12:07:30.0722 1636 SensrSvc - ok
12:07:30.0769 1636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
12:07:30.0784 1636 Serenum - ok
12:07:30.0815 1636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
12:07:30.0847 1636 Serial - ok
12:07:30.0847 1636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
12:07:30.0862 1636 sermouse - ok
12:07:30.0862 1636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
12:07:30.0909 1636 SessionEnv - ok
12:07:30.0925 1636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
12:07:30.0940 1636 sffdisk - ok
12:07:30.0956 1636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
12:07:30.0971 1636 sffp_mmc - ok
12:07:31.0003 1636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
12:07:31.0018 1636 sffp_sd - ok
12:07:31.0034 1636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
12:07:31.0065 1636 sfloppy - ok
12:07:31.0143 1636 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
12:07:31.0159 1636 Sftfs - ok
12:07:31.0252 1636 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:07:31.0268 1636 sftlist - ok
12:07:31.0299 1636 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
12:07:31.0315 1636 Sftplay - ok
12:07:31.0330 1636 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
12:07:31.0346 1636 Sftredir - ok
12:07:31.0393 1636 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:07:31.0408 1636 SftService - ok
12:07:31.0455 1636 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
12:07:31.0471 1636 Sftvol - ok
12:07:31.0502 1636 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:07:31.0517 1636 sftvsa - ok
12:07:31.0564 1636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
12:07:31.0627 1636 SharedAccess - ok
12:07:31.0642 1636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:07:31.0705 1636 ShellHWDetection - ok
12:07:31.0736 1636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
12:07:31.0736 1636 SiSRaid2 - ok
12:07:31.0751 1636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
12:07:31.0751 1636 SiSRaid4 - ok
12:07:31.0767 1636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
12:07:31.0814 1636 Smb - ok
12:07:31.0845 1636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:07:31.0876 1636 SNMPTRAP - ok
12:07:31.0907 1636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
12:07:31.0907 1636 spldr - ok
12:07:31.0954 1636 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
12:07:31.0970 1636 Spooler - ok
12:07:32.0032 1636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
12:07:32.0173 1636 sppsvc - ok
12:07:32.0173 1636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
12:07:32.0219 1636 sppuinotify - ok
12:07:32.0266 1636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
12:07:32.0313 1636 srv - ok
12:07:32.0313 1636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:07:32.0344 1636 srv2 - ok
12:07:32.0391 1636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:07:32.0391 1636 srvnet - ok
12:07:32.0438 1636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:07:32.0485 1636 SSDPSRV - ok
12:07:32.0500 1636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
12:07:32.0531 1636 SstpSvc - ok
12:07:32.0594 1636 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
12:07:32.0609 1636 STacSV - ok
12:07:32.0641 1636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
12:07:32.0656 1636 stexstor - ok
12:07:32.0719 1636 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
12:07:32.0750 1636 STHDA - ok
12:07:32.0765 1636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
12:07:32.0797 1636 stisvc - ok
12:07:32.0859 1636 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:07:32.0875 1636 stllssvr - ok
12:07:32.0890 1636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
12:07:32.0906 1636 swenum - ok
12:07:32.0921 1636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
12:07:32.0984 1636 swprv - ok
12:07:33.0031 1636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
12:07:33.0093 1636 SysMain - ok
12:07:33.0093 1636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
12:07:33.0109 1636 TabletInputService - ok
12:07:33.0124 1636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
12:07:33.0171 1636 TapiSrv - ok
12:07:33.0171 1636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
12:07:33.0218 1636 TBS - ok
12:07:33.0296 1636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:07:33.0358 1636 Tcpip - ok
12:07:33.0389 1636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:07:33.0421 1636 TCPIP6 - ok
12:07:33.0452 1636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:07:33.0499 1636 tcpipreg - ok
12:07:33.0514 1636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
12:07:33.0530 1636 TDPIPE - ok
12:07:33.0561 1636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
12:07:33.0592 1636 TDTCP - ok
12:07:33.0623 1636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:07:33.0655 1636 tdx - ok
12:07:33.0655 1636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
12:07:33.0670 1636 TermDD - ok
12:07:33.0701 1636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
12:07:33.0764 1636 TermService - ok
12:07:33.0795 1636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
12:07:33.0811 1636 Themes - ok
12:07:33.0842 1636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
12:07:33.0873 1636 THREADORDER - ok
12:07:33.0873 1636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
12:07:33.0935 1636 TrkWks - ok
12:07:33.0967 1636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:07:34.0029 1636 TrustedInstaller - ok
12:07:34.0060 1636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
12:07:34.0107 1636 tssecsrv - ok
12:07:34.0123 1636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
12:07:34.0154 1636 TsUsbFlt - ok
12:07:34.0154 1636 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
12:07:34.0169 1636 TsUsbGD - ok
12:07:34.0201 1636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:07:34.0247 1636 tunnel - ok
12:07:34.0279 1636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
12:07:34.0279 1636 uagp35 - ok
12:07:34.0294 1636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:07:34.0341 1636 udfs - ok
12:07:34.0388 1636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
12:07:34.0403 1636 UI0Detect - ok
12:07:34.0403 1636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
12:07:34.0419 1636 uliagpkx - ok
12:07:34.0419 1636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
12:07:34.0450 1636 umbus - ok
12:07:34.0466 1636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
12:07:34.0481 1636 UmPass - ok
12:07:34.0591 1636 [ CBDEE152D73200EE49031A26310B9D3E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:07:34.0669 1636 UNS - ok
12:07:34.0700 1636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
12:07:34.0762 1636 upnphost - ok
12:07:34.0778 1636 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
12:07:34.0809 1636 usbccgp - ok
12:07:34.0856 1636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
12:07:34.0871 1636 usbcir - ok
12:07:34.0871 1636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
12:07:34.0887 1636 usbehci - ok
12:07:34.0934 1636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
12:07:34.0949 1636 usbhub - ok
12:07:34.0949 1636 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\drivers\usbohci.sys
12:07:34.0965 1636 usbohci - ok
12:07:34.0981 1636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
12:07:34.0996 1636 usbprint - ok
12:07:35.0012 1636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
12:07:35.0043 1636 USBSTOR - ok
12:07:35.0059 1636 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
12:07:35.0090 1636 usbuhci - ok
12:07:35.0121 1636 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
12:07:35.0137 1636 usbvideo - ok
12:07:35.0152 1636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
12:07:35.0215 1636 UxSms - ok
12:07:35.0230 1636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
12:07:35.0230 1636 VaultSvc - ok
12:07:35.0261 1636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
12:07:35.0277 1636 vdrvroot - ok
12:07:35.0293 1636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
12:07:35.0355 1636 vds - ok
12:07:35.0386 1636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
12:07:35.0402 1636 vga - ok
12:07:35.0402 1636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
12:07:35.0449 1636 VgaSave - ok
12:07:35.0449 1636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
12:07:35.0464 1636 vhdmp - ok
12:07:35.0464 1636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
12:07:35.0480 1636 viaide - ok
12:07:35.0495 1636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
12:07:35.0495 1636 volmgr - ok
12:07:35.0511 1636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:07:35.0527 1636 volmgrx - ok
12:07:35.0527 1636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
12:07:35.0542 1636 volsnap - ok
12:07:35.0573 1636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
12:07:35.0589 1636 vsmraid - ok
12:07:35.0620 1636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
12:07:35.0714 1636 VSS - ok
12:07:35.0714 1636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
12:07:35.0745 1636 vwifibus - ok
12:07:35.0745 1636 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:07:35.0776 1636 vwififlt - ok
12:07:35.0776 1636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
12:07:35.0823 1636 W32Time - ok
12:07:35.0823 1636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
12:07:35.0839 1636 WacomPen - ok
12:07:35.0870 1636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
12:07:35.0932 1636 WANARP - ok
12:07:35.0948 1636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:07:35.0979 1636 Wanarpv6 - ok
12:07:36.0041 1636 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
12:07:36.0104 1636 WatAdminSvc - ok
12:07:36.0151 1636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
12:07:36.0213 1636 wbengine - ok
12:07:36.0213 1636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:07:36.0229 1636 WbioSrvc - ok
12:07:36.0244 1636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
12:07:36.0291 1636 wcncsvc - ok
12:07:36.0291 1636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:07:36.0322 1636 WcsPlugInService - ok
12:07:36.0353 1636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
12:07:36.0353 1636 Wd - ok
12:07:36.0400 1636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:07:36.0416 1636 Wdf01000 - ok
12:07:36.0416 1636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
12:07:36.0509 1636 WdiServiceHost - ok
12:07:36.0525 1636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
12:07:36.0541 1636 WdiSystemHost - ok
12:07:36.0556 1636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
12:07:36.0587 1636 WebClient - ok
12:07:36.0619 1636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
12:07:36.0665 1636 Wecsvc - ok
12:07:36.0681 1636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
12:07:36.0712 1636 wercplsupport - ok
12:07:36.0728 1636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
12:07:36.0775 1636 WerSvc - ok
12:07:36.0806 1636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
12:07:36.0837 1636 WfpLwf - ok
12:07:36.0884 1636 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
12:07:36.0899 1636 WimFltr - ok
12:07:36.0962 1636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:07:36.0962 1636 WIMMount - ok
12:07:36.0993 1636 WinDefend - ok
12:07:36.0993 1636 WinHttpAutoProxySvc - ok
12:07:37.0055 1636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:07:37.0087 1636 Winmgmt - ok
12:07:37.0149 1636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
12:07:37.0243 1636 WinRM - ok
12:07:37.0305 1636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
12:07:37.0336 1636 Wlansvc - ok
12:07:37.0399 1636 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:07:37.0414 1636 wlcrasvc - ok
12:07:37.0508 1636 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:07:37.0586 1636 wlidsvc - ok
12:07:37.0601 1636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
12:07:37.0633 1636 WmiAcpi - ok
12:07:37.0664 1636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:07:37.0679 1636 wmiApSrv - ok
12:07:37.0711 1636 WMPNetworkSvc - ok
12:07:37.0742 1636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
12:07:37.0773 1636 WPCSvc - ok
12:07:37.0789 1636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:07:37.0804 1636 WPDBusEnum - ok
12:07:37.0820 1636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:07:37.0851 1636 ws2ifsl - ok
12:07:37.0867 1636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
12:07:37.0913 1636 wscsvc - ok
12:07:37.0929 1636 WSearch - ok
12:07:38.0007 1636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
12:07:38.0085 1636 wuauserv - ok
12:07:38.0101 1636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:07:38.0147 1636 WudfPf - ok
12:07:38.0194 1636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
12:07:38.0225 1636 WUDFRd - ok
12:07:38.0257 1636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:07:38.0288 1636 wudfsvc - ok
12:07:38.0303 1636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
12:07:38.0335 1636 WwanSvc - ok
12:07:38.0366 1636 ================ Scan global ===============================
12:07:38.0381 1636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
12:07:38.0428 1636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
12:07:38.0428 1636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
12:07:38.0459 1636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
12:07:38.0491 1636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
12:07:38.0491 1636 [Global] - ok
12:07:38.0491 1636 ================ Scan MBR ==================================
12:07:38.0506 1636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:07:38.0849 1636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:07:38.0849 1636 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:07:38.0849 1636 ================ Scan VBR ==================================
12:07:38.0849 1636 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
12:07:38.0865 1636 \Device\Harddisk0\DR0\Partition1 - ok
12:07:38.0896 1636 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
12:07:38.0896 1636 \Device\Harddisk0\DR0\Partition2 - ok
12:07:38.0896 1636 ============================================================
12:07:38.0896 1636 Scan finished
12:07:38.0896 1636 ============================================================
12:07:38.0912 1812 Detected object count: 2
12:07:38.0912 1812 Actual detected object count: 2
12:08:35.0555 1812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
12:08:35.0555 1812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:08:35.0555 1812 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:08:35.0555 1812 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:09:44.0882 1800 Deinitialize success

#13
Sapphire Dreams

Posted 16 September 2012 - 01:41 PM

Member

Topic Starter
Member
18 posts

Malwarebytes log

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.11

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Megan :: MEGAN-PC [administrator]

Protection: Disabled

9/16/2012 12:38:27 PM
mbam-log-2012-09-16 (12-38-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201456
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)