Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

We Care Virus Infection! [Solved]


  • This topic is locked This topic is locked

#1
NorthstarATL

NorthstarATL

    Member

  • Member
  • PipPip
  • 62 posts
I downloaded a program that I thought was safe (even ran a Maladwarebytes scan of the folder before opening!), but it was definitely NOT! Something popped onto my toolbar and a website opened up! I quickly closed my browser and went into scanning again with Maladwarebytes, and tried to delete the folder that I had downloaded. It said I couldn't because it was open in another program. I checked programs on the control panel for unfamiliar programs! There were at least two, one of which I uninstalled, and one called 'ASPCA We Care Reminder', which wouldn't uninstall.Then the quick scan showed a trojan and required a restart, which I did, starting again in safe mode.
In safe mode I was able to delete the folder, but the 'We Care' thing required me to give access to an unknown program, which I declined to do. I ran CC Cleaner (but not the Registry), and ran Microsoft Security Essentials. It didn't find anything, but warned me that it couldn't protect me in safe mode. I then ran Maladwarebytes once more, and it found 2 items, which it would claen with a restart. I restarted in normal mode. 'We Care' is still listed in Programs and Features, though I can't find it anywhere else on the computer (no surprise, as that's probably not the real name). MSI keeps telling me that I need to run a scan, as I haven't run one in awhile, which isn't true, and is freaking me out. I'm running a full Maladwarebytes scan now, but I'm afraid thsi might be more than it can handle.
I can't believe I did something this stupid! Please help!
rOTL logfile created on: 9/15/2012 12:19:12 AM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 39.16% Memory free
6.72 Gb Paging File | 4.66 Gb Available in Paging File | 69.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 223.68 Gb Free Space | 38.47% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive L: | 3.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/15 00:17:36 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2012/09/14 15:10:31 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2012/05/12 00:50:18 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/04/05 21:40:50 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/06 20:18:40 | 001,389,720 | ---- | M] () -- C:\Program Files\SpywareBlaster\spywareblaster.exe
PRC - [2011/11/04 20:53:32 | 000,177,936 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\IR\Hcw2650Service.exe
PRC - [2011/10/28 19:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\WinTV\Extend\WinTVExtender.exe
PRC - [2011/10/28 00:17:20 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/10/28 00:15:30 | 000,413,696 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/10/28 00:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/10/05 21:13:50 | 000,014,848 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\Hauppauge\Hauppauge Tuning Adapter Proxy\TAHSP.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 10:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 19:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 23:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [1999/10/01 01:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/14 15:10:30 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/09/05 21:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:15:21 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\3b5151bbd0e6de9d28585589bda695cd\MenuSkinning.ni.dll
MOD - [2012/06/14 03:15:06 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\4665c10b713844b5a2e77e5ed50f9cfe\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 03:15:05 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\b46f17d6b131711060172ef5b72c71df\DellDock.ni.exe
MOD - [2012/06/14 03:15:03 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\8607754d59549e501cd716c679fd03ff\MyDock.Util.ni.dll
MOD - [2012/06/14 03:15:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 01:44:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 01:44:30 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 21:24:59 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/12 21:24:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 21:24:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 21:24:35 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/12 21:16:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 21:14:00 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 21:13:47 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/03/02 18:07:44 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:42 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:41 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/03/02 18:07:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/03/02 18:07:40 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/03/02 18:07:40 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/03/02 18:07:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012/03/02 18:07:40 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/03/02 18:07:39 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/03/02 18:07:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/03/02 18:07:39 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/03/02 18:07:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/03/02 18:07:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/03/02 18:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/03/02 18:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.dll
MOD - [2012/03/02 18:07:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/03/02 18:07:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/03/02 18:07:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/03/02 18:07:39 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/03/02 18:07:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/02/18 00:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/02/06 20:18:40 | 001,389,720 | ---- | M] () -- C:\Program Files\SpywareBlaster\spywareblaster.exe
MOD - [2011/10/28 00:16:38 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/07/04 17:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/01/28 23:34:48 | 000,417,792 | ---- | M] () -- C:\Program Files\SpywareBlaster\SQLite3SB.dll
MOD - [2008/05/13 03:55:52 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/05 21:40:50 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/02 17:51:46 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/04 20:53:32 | 000,177,936 | ---- | M] (Hauppauge Computer Works, Inc.) [Auto | Running] -- C:\Program Files\WinTV\IR\Hcw2650Service.exe -- (Hcw2650Service)
SRV - [2011/10/28 19:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2011/10/28 00:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/10/05 21:13:50 | 000,014,848 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\Hauppauge\Hauppauge Tuning Adapter Proxy\TAHSP.exe -- (HCWe3TAP)
SRV - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (amufud8d)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajrvcna6)
DRV - [2012/09/15 00:04:22 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F78B2D3-5236-458A-9C19-29A25D6C5756}\MpKsl1d2b4921.sys -- (MpKsl1d2b4921)
DRV - [2012/09/14 23:00:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/22 14:08:07 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/03 15:33:04 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/11/04 22:30:22 | 000,022,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HcwMocurIR.sys -- (HcwMocurIR)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/15 00:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2008/05/13 04:31:00 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/13 21:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/13 17:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 F7 04 5A 1F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKCU\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\fbphotozoom\fbphotozoom13.xpi [2012/03/03 18:17:13 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 15:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 12:12:26 | 000,000,000 | ---D | M]

[2012/09/14 15:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2012/09/14 22:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2012/09/14 22:26:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/09/14 15:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2012/09/14 15:29:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/14 15:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 12:12:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/07 12:12:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.3_0\
CHR - Extension: Gmail = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SearchAmong Toolbar) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\SearchAmong Toolbar\SearchAmongToolbar.dll File not found
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (SearchAmong Toolbar) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\SearchAmong Toolbar\SearchAmongToolbar.dll File not found
O4 - HKLM..\Run: [AMD Catalyst] C:\ProgramData\Catalyst\color.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: &SearchAmong - res://C:\Program Files\SearchAmong Toolbar\SearchAmongToolbar.dll/MENUSEARCH.HTM File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/07/30 21:20:10 | 000,055,176 | R--- | M] (Electronic Arts) - L:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012/05/22 17:23:10 | 000,000,049 | R--- | M] () - L:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Autorun.exe -- [2012/07/30 21:20:10 | 000,055,176 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 23:00:47 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/09/14 22:27:17 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Fighters
[2012/09/14 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/09/14 22:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/09/14 15:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/14 14:06:42 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\Applian
[2012/09/12 12:29:09 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{CF1A3C6A-AD7C-452A-A578-91DA4D6DD246}
[2012/09/07 19:39:38 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Moonlight Falls_Wolff.sims3.backup
[2012/09/07 12:36:18 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{0D0E4FBD-5610-4224-8D8D-06271D6EF14F}
[2012/09/07 12:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/06 09:59:11 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Supernatural
[2012/09/05 10:14:07 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\ElevatedDiagnostics
[2012/09/05 09:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Catalyst
[2012/09/05 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Patching
[2012/09/03 20:38:54 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/09/03 20:38:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/09/03 20:38:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/08/16 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{1D7965DC-2394-44A6-8A0B-0E1EF58E5808}
[2012/08/16 20:52:13 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{D37A1E91-1CD7-49C5-93C8-2E1409A7BF57}
[2012/08/16 20:52:03 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{2B386D63-6088-480C-9839-B1A2507A7819}
[2012/08/16 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{E726F53D-ED38-4834-B0C1-1B8B96672BAF}
[2012/08/16 18:07:04 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{07A503F8-98EC-4CCE-80D1-E1D5B9F5AED3}
[2012/08/16 18:06:49 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{D2F98794-D078-4558-8D55-AE1FD8965ED2}
[2012/08/16 18:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{015A8623-E193-49C3-9AE7-54CE942ADBB0}
[2012/08/16 18:06:25 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{A378D212-AE5A-484F-8722-0D7750906A6E}
[2012/08/16 14:29:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 14:29:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 14:29:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 14:29:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 14:29:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 14:29:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 14:29:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 14:28:57 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/14 00:50:12 | 000,041,984 | ---- | C] (Lee 'FordGT90Concept' Glasser) -- C:\Users\Kenn\Large Address Aware.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/14 23:53:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
[2012/09/14 23:45:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 23:00:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/09/14 22:55:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 22:54:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 22:54:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 22:54:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 22:54:44 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 22:40:53 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/14 22:34:32 | 000,001,356 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/09/14 22:22:06 | 000,229,888 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/14 17:53:07 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
[2012/09/14 15:22:34 | 000,000,870 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/14 15:17:13 | 000,384,090 | ---- | M] () -- C:\Users\Kenn\Documents\bookmarks.html
[2012/09/14 15:10:31 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/14 15:10:31 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/14 14:13:39 | 000,000,354 | ---- | M] () -- C:\Users\Kenn\settings.sav
[2012/09/13 15:55:21 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/13 15:55:21 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 15:01:39 | 000,246,763 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12_Supernatural.jpg
[2012/09/07 14:28:15 | 000,222,991 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12_D.jpg
[2012/09/07 14:23:08 | 000,221,914 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12.jpg
[2012/08/31 23:56:35 | 000,001,999 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/14 22:54:44 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/14 15:22:34 | 000,000,870 | ---- | C] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/14 15:22:34 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/14 15:17:13 | 000,384,090 | ---- | C] () -- C:\Users\Kenn\Documents\bookmarks.html
[2012/09/07 14:54:39 | 001,182,142 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-52.jpg
[2012/09/07 14:52:52 | 000,246,763 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12_Supernatural.jpg
[2012/09/07 14:28:15 | 000,222,991 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12_D.jpg
[2012/09/07 14:23:08 | 000,221,914 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12.jpg
[2012/07/14 20:12:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/06/14 13:24:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/14 16:34:26 | 000,000,354 | ---- | C] () -- C:\Users\Kenn\settings.sav
[2012/05/14 01:36:17 | 000,048,640 | ---- | C] () -- C:\Users\Kenn\TS3Lib.dll
[2012/05/14 01:36:17 | 000,039,424 | ---- | C] () -- C:\Users\Kenn\TS3CLA.exe
[2012/03/22 10:33:18 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/15 21:47:39 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/15 21:47:39 | 000,007,223 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/13 03:11:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/03/13 03:11:34 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/05 15:05:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/05 15:05:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/05 03:09:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/04 14:07:36 | 000,005,197 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/03/03 07:01:04 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2012/03/03 05:51:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012/03/03 05:51:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2012/03/03 00:14:28 | 000,229,888 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 20:37:35 | 000,001,356 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/03/02 18:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/02 18:15:26 | 000,157,677 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012/03/02 18:06:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2012/03/02 18:06:04 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/03/02 18:06:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/03/02 18:06:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2012/03/02 18:06:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2012/03/02 18:06:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there two programmes to run, the first to kill the toolbar and a fresh OTL to see whats left


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that



THEN

  • Run OTL.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    %systemdrive%\$Recycle.Bin|@;true;true;true
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thank you! Will do so now!
  • 0

#4
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Here is the Adw log:
# AdwCleaner v2.001 - Logfile created 09/15/2012 at 09:07:45
# Updated 09/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Kenn - KENN-PC
# Boot Mode : Normal
# Running from : C:\Users\Kenn\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Kenn\AppData\Local\Conduit
Folder Deleted : C:\Users\Kenn\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&SearchAmong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C7456F74-B576-4A8E-BAB2-538C99EE38F0}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7456F74-B576-4A8E-BAB2-538C99EE38F0}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8123 octets] - [15/09/2012 09:07:45]

########## EOF - C:\AdwCleaner[S1].txt - [8183 octets] ##########
  • 0

#5
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
and the OLT.Txt (It did not generate an Extras; is that a problem?)
OTL logfile created on: 9/15/2012 9:15:48 AM - Run 2
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 58.54% Memory free
6.73 Gb Paging File | 5.26 Gb Available in Paging File | 78.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 227.85 Gb Free Space | 39.18% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive L: | 3.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/15 00:17:36 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2012/04/05 21:40:50 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/11/04 20:53:32 | 000,177,936 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\IR\Hcw2650Service.exe
PRC - [2011/10/28 19:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\WinTV\Extend\WinTVExtender.exe
PRC - [2011/10/28 00:17:20 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/10/28 00:15:30 | 000,413,696 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/10/28 00:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/10/05 21:13:50 | 000,014,848 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\Hauppauge\Hauppauge Tuning Adapter Proxy\TAHSP.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 10:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 19:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 23:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [1999/10/01 01:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:15:21 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\3b5151bbd0e6de9d28585589bda695cd\MenuSkinning.ni.dll
MOD - [2012/06/14 03:15:06 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\4665c10b713844b5a2e77e5ed50f9cfe\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 03:15:05 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\b46f17d6b131711060172ef5b72c71df\DellDock.ni.exe
MOD - [2012/06/14 03:15:03 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\8607754d59549e501cd716c679fd03ff\MyDock.Util.ni.dll
MOD - [2012/06/14 03:15:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 01:44:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 01:44:30 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 21:24:59 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/12 21:24:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 21:24:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 21:24:35 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/12 21:16:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 21:14:00 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 21:13:47 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/03/02 18:07:44 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:42 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:41 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/03/02 18:07:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/03/02 18:07:40 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/03/02 18:07:40 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/03/02 18:07:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012/03/02 18:07:40 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/03/02 18:07:39 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/03/02 18:07:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/03/02 18:07:39 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/03/02 18:07:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/03/02 18:07:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/03/02 18:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/03/02 18:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.dll
MOD - [2012/03/02 18:07:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/03/02 18:07:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/03/02 18:07:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/03/02 18:07:39 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/03/02 18:07:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/10/28 00:16:38 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/13 03:55:52 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/05 21:40:50 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/02 17:51:46 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/04 20:53:32 | 000,177,936 | ---- | M] (Hauppauge Computer Works, Inc.) [Auto | Running] -- C:\Program Files\WinTV\IR\Hcw2650Service.exe -- (Hcw2650Service)
SRV - [2011/10/28 19:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2011/10/28 00:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/10/05 21:13:50 | 000,014,848 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\Hauppauge\Hauppauge Tuning Adapter Proxy\TAHSP.exe -- (HCWe3TAP)
SRV - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awj7k4oe)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a9bjdtf4)
DRV - [2012/03/22 14:08:07 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/03 15:33:04 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/11/04 22:30:22 | 000,022,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HcwMocurIR.sys -- (HcwMocurIR)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/15 00:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2008/05/13 04:31:00 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/13 21:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/13 17:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 F7 04 5A 1F CD 01 [binary data]
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\fbphotozoom\fbphotozoom13.xpi [2012/03/03 18:17:13 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 15:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 12:12:26 | 000,000,000 | ---D | M]

[2012/09/14 15:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2012/09/14 22:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2012/09/14 22:26:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/09/14 15:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2012/09/14 15:29:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/14 15:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 12:12:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/07 12:12:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.3_0\
CHR - Extension: Gmail = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AMD Catalyst] C:\ProgramData\Catalyst\color.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found
O4 - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/07/30 21:20:10 | 000,055,176 | R--- | M] (Electronic Arts) - L:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012/05/22 17:23:10 | 000,000,049 | R--- | M] () - L:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Autorun.exe -- [2012/07/30 21:20:10 | 000,055,176 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 22:27:17 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Fighters
[2012/09/14 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/09/14 15:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/14 14:06:42 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\Applian
[2012/09/12 12:29:09 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{CF1A3C6A-AD7C-452A-A578-91DA4D6DD246}
[2012/09/07 19:39:38 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Moonlight Falls_Wolff.sims3.backup
[2012/09/07 12:36:18 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{0D0E4FBD-5610-4224-8D8D-06271D6EF14F}
[2012/09/07 12:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/06 09:59:11 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Supernatural
[2012/09/05 10:14:07 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\ElevatedDiagnostics
[2012/09/05 09:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Catalyst
[2012/09/05 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Patching
[2012/08/16 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{1D7965DC-2394-44A6-8A0B-0E1EF58E5808}
[2012/08/16 20:52:13 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{D37A1E91-1CD7-49C5-93C8-2E1409A7BF57}
[2012/08/16 20:52:03 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{2B386D63-6088-480C-9839-B1A2507A7819}
[2012/08/16 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{E726F53D-ED38-4834-B0C1-1B8B96672BAF}
[2012/08/16 18:07:04 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{07A503F8-98EC-4CCE-80D1-E1D5B9F5AED3}
[2012/08/16 18:06:49 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{D2F98794-D078-4558-8D55-AE1FD8965ED2}
[2012/08/16 18:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{015A8623-E193-49C3-9AE7-54CE942ADBB0}
[2012/08/16 18:06:25 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{A378D212-AE5A-484F-8722-0D7750906A6E}
[2012/05/14 00:50:12 | 000,041,984 | ---- | C] (Lee 'FordGT90Concept' Glasser) -- C:\Users\Kenn\Large Address Aware.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/15 09:10:34 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 09:09:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 09:09:52 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 09:09:46 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/15 09:09:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/15 09:09:26 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/15 08:53:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
[2012/09/15 08:44:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 22:34:32 | 000,001,356 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/09/14 22:22:06 | 000,229,888 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/14 17:53:07 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
[2012/09/14 15:22:34 | 000,000,870 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/14 15:17:13 | 000,384,090 | ---- | M] () -- C:\Users\Kenn\Documents\bookmarks.html
[2012/09/14 14:13:39 | 000,000,354 | ---- | M] () -- C:\Users\Kenn\settings.sav
[2012/09/13 15:55:21 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/13 15:55:21 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 15:01:39 | 000,246,763 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12_Supernatural.jpg
[2012/09/07 14:28:15 | 000,222,991 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12_D.jpg
[2012/09/07 14:23:08 | 000,221,914 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12.jpg
[2012/08/31 23:56:35 | 000,001,999 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/14 22:54:44 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/14 15:22:34 | 000,000,870 | ---- | C] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/14 15:22:34 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/14 15:17:13 | 000,384,090 | ---- | C] () -- C:\Users\Kenn\Documents\bookmarks.html
[2012/09/07 14:54:39 | 001,182,142 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-52.jpg
[2012/09/07 14:52:52 | 000,246,763 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12_Supernatural.jpg
[2012/09/07 14:28:15 | 000,222,991 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12_D.jpg
[2012/09/07 14:23:08 | 000,221,914 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12.jpg
[2012/07/14 20:12:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/06/14 13:24:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/14 16:34:26 | 000,000,354 | ---- | C] () -- C:\Users\Kenn\settings.sav
[2012/05/14 01:36:17 | 000,048,640 | ---- | C] () -- C:\Users\Kenn\TS3Lib.dll
[2012/05/14 01:36:17 | 000,039,424 | ---- | C] () -- C:\Users\Kenn\TS3CLA.exe
[2012/03/22 10:33:18 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/15 21:47:39 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/15 21:47:39 | 000,007,223 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/13 03:11:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/03/13 03:11:34 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/05 15:05:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/05 15:05:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/05 03:09:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/04 14:07:36 | 000,005,197 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/03/03 07:01:04 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2012/03/03 05:51:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012/03/03 05:51:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2012/03/03 00:14:28 | 000,229,888 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 20:37:35 | 000,001,356 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/03/02 18:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/02 18:15:26 | 000,157,677 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012/03/02 18:06:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2012/03/02 18:06:04 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/03/02 18:06:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/03/02 18:06:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2012/03/02 18:06:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2012/03/02 18:06:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2012/08/24 14:45:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Audacity
[2012/04/21 00:49:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Azureus
[2012/03/12 14:37:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2012/09/14 13:30:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2012/09/14 22:28:00 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Fighters
[2012/04/30 21:23:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2012/03/12 16:20:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2012/07/21 18:17:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Music Editor Free
[2012/03/09 16:20:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2012/03/22 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Origin
[2012/04/17 21:02:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Peter L Jones
[2012/03/30 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2012/07/19 15:48:48 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Syncdocs
[2012/09/15 09:07:14 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2012/06/17 23:06:56 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\wyUpdate AU
[2012/09/15 09:08:33 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 22:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 22:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 22:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/23 12:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 22:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 22:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 22:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 22:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 22:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 22:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 22:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 22:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 22:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 12:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/20 22:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 16:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 22:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 22:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2006/11/02 05:46:02 | 000,017,920 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 1908
"Last Counter" = 1924
"First Help" = 1909
"Last Help" = 1925
"Object List" = 1908
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 90 90 00 00 00 A0 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 C0 18 00 00 00 0C 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 02 00 5C 00 04 00 00 00 00 02 14 00 FF 01 0F 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 [Binary data over 200 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks to have got the great majority of it, any problems remianing ?

Extras is only generated on the first run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awj7k4oe)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a9bjdtf4)
    IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
    IE - HKU\S-1-5-21-3019194991-3436555038-3990252873-1000\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
    [2012/09/14 22:26:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
I just realized that I haven't said 'thank you' yet for helping me with this, but I really appreciate it! Here's the OTL scan:
OTL logfile created on: 9/15/2012 1:48:49 PM - Run 3
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 56.45% Memory free
6.69 Gb Paging File | 5.25 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 236.51 Gb Free Space | 40.67% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive L: | 3.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/15 00:17:36 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2012/04/05 21:40:50 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/11/04 20:53:32 | 000,177,936 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\IR\Hcw2650Service.exe
PRC - [2011/10/28 19:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\WinTV\Extend\WinTVExtender.exe
PRC - [2011/10/28 00:17:20 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/10/28 00:15:30 | 000,413,696 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/10/28 00:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/10/05 21:13:50 | 000,014,848 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\Hauppauge\Hauppauge Tuning Adapter Proxy\TAHSP.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 10:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 19:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 23:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [1999/10/01 01:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:15:21 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\3b5151bbd0e6de9d28585589bda695cd\MenuSkinning.ni.dll
MOD - [2012/06/14 03:15:06 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\4665c10b713844b5a2e77e5ed50f9cfe\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 03:15:05 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\b46f17d6b131711060172ef5b72c71df\DellDock.ni.exe
MOD - [2012/06/14 03:15:03 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\8607754d59549e501cd716c679fd03ff\MyDock.Util.ni.dll
MOD - [2012/06/14 03:15:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 01:44:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 01:44:30 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 21:24:59 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/12 21:24:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 21:24:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 21:24:35 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/12 21:16:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 21:14:00 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 21:13:47 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/03/02 18:07:44 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:43 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/03/02 18:07:42 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:42 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:41 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/03/02 18:07:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/03/02 18:07:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/03/02 18:07:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/03/02 18:07:41 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/03/02 18:07:40 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/03/02 18:07:40 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/03/02 18:07:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/03/02 18:07:40 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012/03/02 18:07:40 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/03/02 18:07:39 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/03/02 18:07:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/03/02 18:07:39 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/03/02 18:07:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/03/02 18:07:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/03/02 18:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/03/02 18:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.dll
MOD - [2012/03/02 18:07:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/03/02 18:07:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/03/02 18:07:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/03/02 18:07:39 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/03/02 18:07:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/03/02 18:07:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/02/18 00:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/10/28 00:16:38 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/07/04 17:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/13 03:55:52 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/05 21:40:50 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/02 17:51:46 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/04 20:53:32 | 000,177,936 | ---- | M] (Hauppauge Computer Works, Inc.) [Auto | Running] -- C:\Program Files\WinTV\IR\Hcw2650Service.exe -- (Hcw2650Service)
SRV - [2011/10/28 19:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2011/10/28 00:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/10/05 21:13:50 | 000,014,848 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\Hauppauge\Hauppauge Tuning Adapter Proxy\TAHSP.exe -- (HCWe3TAP)
SRV - [2010/03/18 15:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/11 14:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/26 19:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqv1yfmi)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a0osrbzl)
DRV - [2012/03/22 14:08:07 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/03 15:33:04 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/11/04 22:30:22 | 000,022,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HcwMocurIR.sys -- (HcwMocurIR)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/15 00:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2008/05/13 04:31:00 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/13 21:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/13 17:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 F7 04 5A 1F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\fbphotozoom\fbphotozoom13.xpi [2012/03/03 18:17:13 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 15:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 12:12:26 | 000,000,000 | ---D | M]

[2012/09/14 15:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2012/09/14 22:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2012/09/14 15:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2012/09/14 15:29:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/14 15:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 12:12:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/07 12:12:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenn\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.3_0\
CHR - Extension: Gmail = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/15 13:36:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AMD Catalyst] C:\ProgramData\Catalyst\color.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/07/30 21:20:10 | 000,055,176 | R--- | M] (Electronic Arts) - L:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012/05/22 17:23:10 | 000,000,049 | R--- | M] () - L:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Autorun.exe -- [2012/07/30 21:20:10 | 000,055,176 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 13:00:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/14 22:27:17 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Fighters
[2012/09/14 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/09/14 15:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/14 14:06:42 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\Applian
[2012/09/12 12:29:09 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{CF1A3C6A-AD7C-452A-A578-91DA4D6DD246}
[2012/09/07 19:39:38 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Moonlight Falls_Wolff.sims3.backup
[2012/09/07 12:36:18 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{0D0E4FBD-5610-4224-8D8D-06271D6EF14F}
[2012/09/07 12:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/06 09:59:11 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Supernatural
[2012/09/05 10:14:07 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\ElevatedDiagnostics
[2012/09/05 09:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Catalyst
[2012/09/05 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Patching
[2012/08/16 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{1D7965DC-2394-44A6-8A0B-0E1EF58E5808}
[2012/08/16 20:52:13 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{D37A1E91-1CD7-49C5-93C8-2E1409A7BF57}
[2012/08/16 20:52:03 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{2B386D63-6088-480C-9839-B1A2507A7819}
[2012/08/16 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{E726F53D-ED38-4834-B0C1-1B8B96672BAF}
[2012/08/16 18:07:04 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{07A503F8-98EC-4CCE-80D1-E1D5B9F5AED3}
[2012/08/16 18:06:49 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{D2F98794-D078-4558-8D55-AE1FD8965ED2}
[2012/08/16 18:06:36 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{015A8623-E193-49C3-9AE7-54CE942ADBB0}
[2012/08/16 18:06:25 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{A378D212-AE5A-484F-8722-0D7750906A6E}
[2012/05/14 00:50:12 | 000,041,984 | ---- | C] (Lee 'FordGT90Concept' Glasser) -- C:\Users\Kenn\Large Address Aware.exe

========== Files - Modified Within 30 Days ==========

[2012/09/15 13:53:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
[2012/09/15 13:45:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/15 13:44:14 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 13:42:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 13:42:47 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 13:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/15 13:42:40 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/15 13:36:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/15 12:58:11 | 000,233,472 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/15 12:56:20 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/15 12:56:20 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/15 09:09:46 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/14 22:34:32 | 000,001,356 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/09/14 17:53:07 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
[2012/09/14 15:22:34 | 000,000,870 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/14 15:17:13 | 000,384,090 | ---- | M] () -- C:\Users\Kenn\Documents\bookmarks.html
[2012/09/14 14:13:39 | 000,000,354 | ---- | M] () -- C:\Users\Kenn\settings.sav
[2012/09/07 15:01:39 | 000,246,763 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12_Supernatural.jpg
[2012/09/07 14:28:15 | 000,222,991 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12_D.jpg
[2012/09/07 14:23:08 | 000,221,914 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-12.jpg
[2012/08/31 23:56:35 | 000,001,999 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/09/14 22:54:44 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/14 15:22:34 | 000,000,870 | ---- | C] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/14 15:22:34 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/14 15:17:13 | 000,384,090 | ---- | C] () -- C:\Users\Kenn\Documents\bookmarks.html
[2012/09/07 14:54:39 | 001,182,142 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-52.jpg
[2012/09/07 14:52:52 | 000,246,763 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12_Supernatural.jpg
[2012/09/07 14:28:15 | 000,222,991 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12_D.jpg
[2012/09/07 14:23:08 | 000,221,914 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-12.jpg
[2012/07/14 20:12:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/06/14 13:24:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/14 16:34:26 | 000,000,354 | ---- | C] () -- C:\Users\Kenn\settings.sav
[2012/05/14 01:36:17 | 000,048,640 | ---- | C] () -- C:\Users\Kenn\TS3Lib.dll
[2012/05/14 01:36:17 | 000,039,424 | ---- | C] () -- C:\Users\Kenn\TS3CLA.exe
[2012/03/22 10:33:18 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/15 21:47:39 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/15 21:47:39 | 000,007,223 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/13 03:11:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/03/13 03:11:34 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/05 15:05:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/05 15:05:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/05 03:09:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/04 14:07:36 | 000,005,197 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/03/03 07:01:04 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2012/03/03 05:51:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012/03/03 05:51:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2012/03/03 00:14:28 | 000,233,472 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 20:37:35 | 000,001,356 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/03/02 18:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/02 18:15:26 | 000,157,677 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012/03/02 18:06:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2012/03/02 18:06:04 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/03/02 18:06:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/03/02 18:06:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2012/03/02 18:06:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2012/03/02 18:06:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

========== LOP Check ==========

[2012/08/24 14:45:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Audacity
[2012/04/21 00:49:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Azureus
[2012/03/12 14:37:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2012/09/14 13:30:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2012/09/14 22:28:00 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Fighters
[2012/04/30 21:23:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2012/03/12 16:20:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2012/07/21 18:17:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Music Editor Free
[2012/03/09 16:20:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2012/03/22 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Origin
[2012/04/17 21:02:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Peter L Jones
[2012/03/30 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2012/07/19 15:48:48 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Syncdocs
[2012/09/15 12:59:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2012/06/17 23:06:56 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\wyUpdate AU
[2012/09/15 13:37:33 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Also, I'm attaching the 'run fix' text just in case!

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see no further sign of wecare, how is the computer behaving ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks! Yes, I checked the Programs & Features, and no longer see the 'We Care' program! Ran Malwarebytes, and here is the log:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kenn :: KENN-PC [administrator]

9/15/2012 3:14:25 PM
mbam-log-2012-09-15 (15-14-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188851
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. For AdwCleaner run the programme and click uninstall

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thank you so much! I did as you instructed and cleaned up the various programs, as well as creating the new restore point and deleting the old ones, I use Malwarebytes, Spyware Blaster, and MSE. I'm usually VERY cautious, which is why I was so panicked when something slipped through! My Java is up to date, and I downloaded File Hippo and am checking Windows Updates! I will post tomorrow just to make certain things are running smoothly!
I am disabled, and the computer is my one access to the world, so it's really important to me that I keep it functional! I know you didn't ask, but I don't have anything to donate. If I did I most certainly would! Thank you again!
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What I would recommend then is that you keep the download link for AdwCleaner as that is updated regularly, specifically to kill these type of toolbars that are snuck in. Also bookmark us if you ever need a hand again

Otherwise enjoy and be happy :)
  • 0

#13
NorthstarATL

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Just wanted to let you know that things have been working smoothly! Thank you again!
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure .. Keep safe
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP