Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! My computer won't let me download literally ANYTHING


  • Please log in to reply

#1
Liv Scott

Liv Scott

    Member

  • Member
  • PipPipPip
  • 139 posts
Hi! So a friendly person on here suggested this might be a malware issue. My computer literally will not let me download anything, regardless of the browser I use.

IE-Says every file contains a virus and deletes the file
Firefox-Just doesn't do anything at all
Chrome-downloads the file, cannot find the download location, then deletes the file

Please help, this is so frustrating! 99% of what I need are files from my email, like .doc, .docx, Excel, etc. I even had to use another computer to download OTL onto a flash drive. Any help you can provide is greatly appreciated!! Thanks for reading! Attached is my OTL scan and the Extras scan from it as well.

OTL logfile created on: 12/3/2012 4:56:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 19.14% Memory free
7.60 Gb Paging File | 3.84 Gb Available in Paging File | 50.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 12.36 Gb Free Space | 21.09% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 123.39 Gb Free Space | 31.06% Space Free | Partition Type: NTFS
Drive F: | 979.72 Mb Total Space | 860.16 Mb Free Space | 87.80% Space Free | Partition Type: FAT

Computer Name: LIVSIE-PC | User Name: Livsie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/03 16:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/10/26 12:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Users\Livsie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/09/12 15:29:04 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 18:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Livsie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/20 04:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 00:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
PRC - [2009/12/29 13:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 13:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 22:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Livsie\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/05 02:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\DELL\DellComms\bin\sprtsvc.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/06 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/27 19:43:17 | 000,460,904 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/27 19:43:16 | 012,456,040 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012/11/27 19:43:15 | 004,008,040 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/27 19:42:30 | 000,587,880 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/27 19:42:29 | 000,124,520 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/27 19:42:22 | 000,157,304 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/27 19:42:21 | 002,168,952 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/27 19:42:21 | 000,275,576 | ---- | M] () -- C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012/11/15 20:32:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/15 13:28:48 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll
MOD - [2012/11/15 13:27:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 13:27:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 13:26:39 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 13:26:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 13:26:31 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 13:26:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2009/11/13 13:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 13:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 13:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 13:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 13:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 13:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/08/28 22:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Livsie\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/07/13 17:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/12/15 10:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/12/15 10:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/12/15 10:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/09 04:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/10/09 13:32:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/22 09:51:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/10 00:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 04:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 04:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/05 02:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 09:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 09:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 09:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 09:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 09:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 09:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/07 02:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 02:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/08/03 00:29:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/08/03 00:29:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/12 03:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (avgfwfd)
DRV:64bit: - [2010/04/27 10:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/30 11:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 06:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 11:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 05:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 08:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/16 19:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/15 10:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {812F0E75-DDF8-40C9-83B9-57ACF1312B63}
IE:64bit: - HKLM\..\SearchScopes\{812F0E75-DDF8-40C9-83B9-57ACF1312B63}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{3EAD345A-5334-40C5-9F44-62F73C440223}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=18-06-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...rud=21-06-2012"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...eviantart.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.35
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.8300
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledAddons: [email protected]:6.0.1367
FF - prefs.js..extensions.enabledAddons: [email protected]:2.4.2
FF - prefs.js..extensions.enabledAddons: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: canitbech[email protected]:3.8.12
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.33
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Livsie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/09/03 20:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/11/30 01:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files (x86)\components [2012/09/15 18:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files (x86)\plugins [2012/09/15 18:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: D:\Program Files (x86)\Mozilla Sunbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files (x86)\components [2012/09/15 18:48:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files (x86)\plugins [2012/09/15 18:48:34 | 000,000,000 | ---D | M]

[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions
[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/07/25 21:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/11/04 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions
[2011/08/24 23:07:10 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/09/04 08:34:26 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012/09/04 08:34:28 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/06/18 10:02:41 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/10/31 13:22:39 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2012/11/04 19:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\staged
[2012/09/04 08:34:23 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2010/08/01 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Sunbird\Profiles\6bpd18yu.default\extensions
[2012/09/04 08:34:21 | 000,070,902 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2011/04/01 00:16:34 | 000,107,019 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2011/08/26 08:53:20 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\[email protected]
[2012/11/04 19:51:54 | 000,377,191 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/04 08:34:28 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/06/21 07:08:26 | 000,002,562 | ---- | M] () -- C:\Users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\searchplugins\aol-search.xml
[2011/11/30 01:18:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
File not found (No name found) -- D:\PROGRAM FILES (X86)\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========== Chrome ==========

CHR - homepage: http://www.google.com/reader/view/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/reader/view/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Livsie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Program Files (x86)\plugins\NPOFF12.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Livsie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Livsie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - Extension: YouTube = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Notifier for Twitter = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn\4.2.2_0\
CHR - Extension: Disconnect = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.1.1_0\
CHR - Extension: InvisibleHand = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.8.26_0\
CHR - Extension: Thor = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijopgmiofmhjaihppiboemgnddmjpge\1_0\
CHR - Extension: Gmail = C:\Users\Livsie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [F.lux] C:\Users\Livsie\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [WorkForce 310(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE /FU "C:\Windows\TEMP\E_S700A.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FF6BC-1FFE-4AAA-B202-A40150CC9E90}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd056ee2-6a9b-11df-a748-b8ac6f5afad6}\Shell - "" = AutoRun
O33 - MountPoints2\{dd056ee2-6a9b-11df-a748-b8ac6f5afad6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dd056eed-6a9b-11df-a748-b8ac6f5afad6}\Shell - "" = AutoRun
O33 - MountPoints2\{dd056eed-6a9b-11df-a748-b8ac6f5afad6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/26 17:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/25 22:36:14 | 000,000,000 | ---D | C] -- C:\Western Digital
[2012/11/23 11:29:01 | 000,000,000 | ---D | C] -- C:\Users\Livsie\AppData\Local\{086EF2A7-1B77-4101-8773-F5F665CE6184}
[2012/11/15 20:49:50 | 000,000,000 | ---D | C] -- C:\Users\Livsie\AppData\Local\{68621B4D-88FE-4ABE-B820-C52102A14F00}
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Users\Livsie\Desktop\*.tmp files -> C:\Users\Livsie\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/03 16:58:46 | 000,731,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/03 16:58:46 | 000,626,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/03 16:58:46 | 000,108,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/03 16:48:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/03 16:48:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/03 16:38:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/03 16:38:22 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/03 15:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job
[2012/12/03 15:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 16:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job
[2012/11/28 13:25:34 | 000,087,132 | ---- | M] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Interior Motivated Picture.jpg
[2012/11/28 13:24:48 | 000,025,214 | ---- | M] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Interior Motivating Picture.jpg
[2012/11/28 13:23:57 | 000,106,867 | ---- | M] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Exterior Picture.jpg
[2012/11/28 13:22:45 | 000,270,418 | ---- | M] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Fantasy Picture.jpg
[2012/11/23 20:29:14 | 000,001,072 | ---- | M] () -- C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/11/23 10:04:51 | 000,004,608 | ---- | M] () -- C:\Users\Livsie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/15 13:23:18 | 000,355,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Users\Livsie\Desktop\*.tmp files -> C:\Users\Livsie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 13:25:51 | 000,087,132 | ---- | C] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Interior Motivated Picture.jpg
[2012/11/28 13:25:16 | 000,025,214 | ---- | C] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Interior Motivating Picture.jpg
[2012/11/28 13:24:37 | 000,106,867 | ---- | C] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Exterior Picture.jpg
[2012/11/28 13:23:45 | 000,270,418 | ---- | C] () -- C:\Users\Livsie\Desktop\El Camino Fall 2012 Stage Lighting Fantasy Picture.jpg
[2012/11/23 20:29:14 | 000,001,072 | ---- | C] () -- C:\Users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/11/15 11:30:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 10:54:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/03/30 01:25:02 | 000,007,598 | ---- | C] () -- C:\Users\Livsie\AppData\Local\Resmon.ResmonCfg
[2011/02/23 18:05:03 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/02/23 18:05:03 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/02/23 18:05:03 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/02/23 18:05:03 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/02/23 18:05:03 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/02/23 18:05:03 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/02/23 18:05:03 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/02/23 18:05:03 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/02/23 18:05:03 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/02/23 18:05:03 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/02/23 18:05:03 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/02/23 18:05:03 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/02/23 18:05:03 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/02/23 18:05:03 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/02/23 18:05:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/02/23 18:05:02 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/02/23 17:57:23 | 000,000,060 | ---- | C] () -- C:\Windows\EPWF310.ini
[2010/10/08 18:15:25 | 000,002,016 | ---- | C] () -- C:\Program Files (x86)\Adobe Reader 9 (2).lnk
[2010/10/03 17:28:17 | 000,004,608 | ---- | C] () -- C:\Users\Livsie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/15 15:16:57 | 000,002,587 | ---- | C] () -- C:\Program Files\Dell Support Center.lnk
[2010/09/15 11:04:49 | 000,004,236 | ---- | C] () -- C:\Program Files\Windows Compatibility Report.htm
[2010/08/25 14:11:49 | 000,002,515 | ---- | C] () -- C:\Program Files (x86)\Skype.lnk
[2010/08/20 17:44:01 | 000,002,016 | ---- | C] () -- C:\Program Files (x86)\Adobe Reader 9.lnk
[2010/07/13 03:51:16 | 000,000,000 | ---- | C] () -- C:\Users\Livsie\AppData\Local\prvlcl.dat
[2010/05/20 00:57:05 | 000,000,196 | ---- | C] () -- C:\Users\Livsie\AppData\Roaming\wklnhst.dat
[2010/05/19 20:09:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/18 18:43:34 | 000,002,164 | ---- | C] () -- C:\Users\Livsie\AppData\Roaming\install.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/05/23 15:41:32 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Absolute
[2010/05/19 16:53:21 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\acccore
[2010/07/17 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Alzex
[2010/11/17 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG
[2010/10/16 13:22:51 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG10
[2010/06/23 15:06:30 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\AVG9
[2012/11/22 12:59:46 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\BitTorrent
[2012/12/03 16:56:36 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Dropbox
[2012/04/03 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Epson
[2011/11/04 10:10:38 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\GARMIN
[2011/08/05 23:38:43 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\go
[2010/06/08 06:17:51 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Hardcore
[2011/01/11 02:47:08 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\LimeWire
[2010/12/10 02:05:52 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\PCDr
[2010/06/08 06:18:13 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\PoiZone
[2011/11/18 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Spotify
[2010/08/03 10:50:45 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Template
[2011/10/31 13:27:24 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Trillian
[2011/03/30 17:54:01 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Trusteer
[2010/09/15 15:07:31 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Uniblue
[2010/05/21 18:46:54 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\WildTangent
[2011/04/26 13:57:01 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\Windows Live Writer
[2010/05/22 12:59:24 | 000,000,000 | ---D | M] -- C:\Users\Livsie\AppData\Roaming\XemiComputers

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/08/04 16:32:24 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
[2011/08/04 16:32:24 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
[2010/10/21 04:38:30 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
[2010/10/21 04:38:30 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
[2010/09/15 02:21:15 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
[2010/09/15 02:21:15 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
[2010/09/07 03:29:35 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
[2010/09/07 03:29:35 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
[2010/09/06 06:19:52 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င
[2010/09/06 06:19:52 | 000,000,000 | ---D | M](C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င
(C:\Users\Livsie\AppData\Local\DataSafeOnlineC???????????????????????????4???????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnlineC剐䍏卅体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????4???????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline体归剁䡃呉䍅啔䕒砽㘸倀佒䕃卓剏䅟䍒䥈䕔㙗㌴㴲䵁㙄4剐䍏卅体归䑉久䥔䥆剅䤽瑮汥㐶䘠浡汩⁹‶
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷
(C:\Users\Livsie\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Livsie\AppData\Local\DataSafeOnline楆敬⁳砨㘸尩䑖卍畯摮䐻尺牐杯慲楆敬⁳砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶
(C:\Users\Livsie\AppData\Local\DataSafeOnline??) -- C:\Users\Livsie\AppData\Local\DataSafeOnline攄င

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Attached Files


  • 0

Advertisements


#2
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Hi all,

Just wanted to give an update-I ran a full-system scan of my computer using Avaast, my anti-virus, and it found that winrar was malware, so I used Avaast to delete it. Here's hoping I didn't mess up anything...

And I just realized this may alter the OTL results. I'm so sorry! Here are the new results-I swear I won't touch anything else!

Attached Files

  • Attached File  OTL.Txt   116.92KB   105 downloads

Edited by Liv Scott, 05 December 2012 - 10:19 AM.

  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Liv Scott and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Sorry for delay. If you are ready we can give it a try :)

Step 1

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#4
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Hi Maliprog! First of all, thank you so much for being willing to work with me! Here is my log from the Malwarebytes Anti-Malware Quick Scan. I will post the GMER next! Just a note-when I clicked on the link you provided on the other computer (I downloaded the installers to a flash drive to get them onto my computer) but when I clicked on the GMER link, it got flagged as malware.... I figured it was a false alarm, but it's a bit unnerving.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Livsie :: LIVSIE-PC [administrator]

12/12/2012 11:05:44 PM
mbam-log-2012-12-12 (23-05-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212401
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Quarantined and deleted successfully.
HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Yontoo) -> Quarantined and deleted successfully.
HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Quarantined and deleted successfully.
HKCR\YontooIEClient.Layers.1 (Adware.Yontoo) -> Quarantined and deleted successfully.
HKCR\YontooIEClient.Layers (Adware.Yontoo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Adware.Yontoo) -> Quarantined and deleted successfully.

(end)
  • 0

#5
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Hi Maliprog! My apologies for the delay, I needed to allow the GMER scan to run overnight. The first time I attempted to run it, my computer turned itself off spontaneously. The second time, it simply came back with "No modifications found". I tried saving the results, but when I opened up the log, it was completely empty.... Should I run it again? I won't touch anything for now!
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Liv Scott,

Can you tell me your current problems. Anything specific?
  • 0

#7
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Hi Maliprog!
-Yes, it dings randomly without me having done anything (if you use Windows, you know when you backspace and the computer will ding if you're backspacing nothingness? It does that randomly).
-Chrome still downloads the file but when I go to open it, Chrome cannot find the download location and removes the file from my computer.
-Firefox attempts to download the file but when the download is complete, the file is not there
-and when I try to download a file from Internet Explorer (keep in mind this is the same file every time, I tried a .docx file this time) it says the file contains a virus and deletes it.....

HOWEVER! My soundcard seemed to crash very quickly, and I would have to jiggle the volume to get it to work when I first started my computer for a while, and now that seems to have been fixed!! Edit-nevermind, still crashes! :( Maybe I just have too much stuff on my computer....?

Would you like me to run the GMER scan again? Or OTL? I'll wait for your instructions!

Edited by Liv Scott, 16 December 2012 - 09:16 PM.

  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try these two tools and see what we'll discover.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#9
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
I tried to download tdsskiler, but it would just save as a generic file, not as an application-and I was hesitant to run ComboFix when TDSSKiller didn't work because you said that order is important.... Does it have something to do with the fact that I have to save it to a flash drive from a different computer and move it onto my own computer from my flash drive? That's what I had to do with OTL and the other programs, and there didn't seem to be a problem :( should I run ComboFix anyway?
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Liv Scott,

That you for waiting for my answer. Leave TDSSKiller for now. Run Combofix and post results for me as instructed.
  • 0

Advertisements


#11
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Hi Maliprog,

Here are the ComboFix results!

ComboFix 12-12-17.02 - Livsie 12/18/2012 8:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1148 [GMT -8:00]
Running from: c:\users\Livsie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-18 16:36 . 2012-12-18 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 07:04 . 2012-12-13 07:04 -------- d-----w- c:\users\Livsie\AppData\Roaming\Malwarebytes
2012-12-13 07:04 . 2012-12-13 07:04 -------- d-----w- c:\programdata\Malwarebytes
2012-12-13 07:03 . 2012-12-13 07:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-13 07:03 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 03:26 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 03:26 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 03:24 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 03:24 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 08:32 . 2012-12-12 08:32 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-27 01:23 . 2012-11-27 01:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-26 06:36 . 2012-11-26 06:36 -------- d-----w- C:\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 06:29 . 2010-05-23 23:23 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 08:33 . 2012-04-01 06:55 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 08:33 . 2011-05-15 21:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 15:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:39 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 19:46 . 2012-10-12 19:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-12 19:46 . 2012-10-12 19:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-12 19:46 . 2012-10-12 19:46 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-10-12 19:46 . 2012-10-12 19:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-10-12 19:46 . 2012-10-12 19:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-10-12 19:46 . 2012-10-12 19:46 82432 ----a-w- c:\windows\system32\icardie.dll
2012-10-12 19:46 . 2012-10-12 19:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-12 19:46 . 2012-10-12 19:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-10-12 19:46 . 2012-10-12 19:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-12 19:46 . 2012-10-12 19:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-10-12 19:46 . 2012-10-12 19:46 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-10-12 19:46 . 2012-10-12 19:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-10-12 19:46 . 2012-10-12 19:46 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-12 19:46 . 2012-10-12 19:46 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-10-12 19:46 . 2012-10-12 19:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-10-12 19:46 . 2012-10-12 19:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-10-12 19:46 . 2012-10-12 19:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-12 19:46 . 2012-10-12 19:46 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-10-12 19:46 . 2012-10-12 19:46 448512 ----a-w- c:\windows\system32\html.iec
2012-10-12 19:46 . 2012-10-12 19:46 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-12 19:46 . 2012-10-12 19:46 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-10-12 19:46 . 2012-10-12 19:46 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-10-12 19:46 . 2012-10-12 19:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-10-12 19:46 . 2012-10-12 19:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-10-12 19:46 . 2012-10-12 19:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-12 19:46 . 2012-10-12 19:46 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-10-12 19:46 . 2012-10-12 19:46 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-10-12 19:46 . 2012-10-12 19:46 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-10-12 19:46 . 2012-10-12 19:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-12 19:46 . 2012-10-12 19:46 222208 ----a-w- c:\windows\system32\msls31.dll
2012-10-12 19:46 . 2012-10-12 19:46 197120 ----a-w- c:\windows\system32\msrating.dll
2012-10-12 19:46 . 2012-10-12 19:46 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-10-12 19:46 . 2012-10-12 19:46 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-10-12 19:46 . 2012-10-12 19:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-10-12 19:46 . 2012-10-12 19:46 160256 ----a-w- c:\windows\system32\wextract.exe
2012-10-12 19:46 . 2012-10-12 19:46 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-10-12 19:46 . 2012-10-12 19:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-10-12 19:46 . 2012-10-12 19:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-10-12 19:46 . 2012-10-12 19:46 149504 ----a-w- c:\windows\system32\occache.dll
2012-10-12 19:46 . 2012-10-12 19:46 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-10-12 19:46 . 2012-10-12 19:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-12 19:46 . 2012-10-12 19:46 12288 ----a-w- c:\windows\system32\mshta.exe
2012-10-12 19:46 . 2012-10-12 19:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-10-12 19:46 . 2012-10-12 19:46 114176 ----a-w- c:\windows\system32\admparse.dll
2012-10-12 19:46 . 2012-10-12 19:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-12 19:46 . 2012-10-12 19:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-10-12 19:46 . 2012-10-12 19:46 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-12 19:46 . 2012-10-12 19:46 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-12 19:46 . 2012-10-12 19:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-10-09 18:17 . 2012-11-15 16:35 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 16:35 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 16:35 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 16:35 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-04 16:40 . 2012-12-13 03:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 16:34 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 16:34 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 16:34 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 16:34 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 16:34 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 16:34 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 16:34 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 16:34 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 16:34 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 16:34 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 16:34 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-15 16:34 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 16:34 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 22:32 . 2012-04-27 06:14 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 22:32 . 2010-05-20 05:44 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 20:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 20:26 3908192 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 18:31 2475336 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Livsie\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-25 409744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Livsie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
WKCALREM.LNK - c:\program files (x86)\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
R1 avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2010-09-07 305232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-22 45456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-04-27 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2010-09-07 41040]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2010-09-10 3210176]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:33]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001Core.job
- c:\users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 23:29]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171093069-540651395-608262162-1001UA.job
- c:\users\Livsie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 23:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Livsie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Livsie\AppData\Roaming\Mozilla\Firefox\Profiles\92h85qxq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120618180239030&tb_oid=21-06-2012&tb_mrud=21-06-2012
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/reader/view/|http://www.facebook.com/|http://www.deviantart.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, dba97893-a2d2-48fb-a673-ea00d237967e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-hpqSRMon - c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Pong - d:\program files (x86)\Uninst.isu
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-171093069-540651395-608262162-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-171093069-540651395-608262162-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,f7,23,23,ba,63,0c,91,33,e8,b5,a3,59,ed,2b,5a,2e,6d,2d,9d,06,
d1,fa,0a,3b,32,4f,ca,2e,3f,09,eb,e4,e3,f9,f6,c2,4f,ed,dd,ac,03,37,71,07,46,\
"rkeysecu"=hex:05,9c,2f,9f,45,21,16,d0,45,ab,1c,0d,d8,4e,59,27
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-18 08:40:08
ComboFix-quarantined-files.txt 2012-12-18 16:40
.
Pre-Run: 9,720,860,672 bytes free
Post-Run: 14,548,664,320 bytes free
.
- - End Of File - - B28C2E05EC809DFBF68717D6E42A667D
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you try to download TDSSKiller now and try to run it. Let me know results.
  • 0

#13
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Okay so I tried downloading it from IE, Firefox, and Chrome-no dice. So I went on my other computer-and I tried putting .exe at the end of the file when I was saving it to my flash drive-and it worked! Transferred it to my desktop, disconnected my flash drive, and here are the results! The only strange thing is that it never offered me the choice to Reboot Now after clicking Continue once the scan was done (there were no malicious objects found, 8 suspicious ones though) so I restarted my computer on my own (I hope that was okay, it seemed like it was important it be rebooted).

Here's the log!

00:15:31.0075 5196 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:15:32.0198 5196 ============================================================
00:15:32.0198 5196 Current date / time: 2012/12/19 00:15:32.0198
00:15:32.0198 5196 SystemInfo:
00:15:32.0198 5196
00:15:32.0198 5196 OS Version: 6.1.7601 ServicePack: 1.0
00:15:32.0198 5196 Product type: Workstation
00:15:32.0198 5196 ComputerName: LIVSIE-PC
00:15:32.0198 5196 UserName: Livsie
00:15:32.0198 5196 Windows directory: C:\Windows
00:15:32.0198 5196 System windows directory: C:\Windows
00:15:32.0198 5196 Running under WOW64
00:15:32.0198 5196 Processor architecture: Intel x64
00:15:32.0198 5196 Number of processors: 4
00:15:32.0198 5196 Page size: 0x1000
00:15:32.0198 5196 Boot type: Normal boot
00:15:32.0198 5196 ============================================================
00:15:47.0939 5196 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:15:48.0001 5196 ============================================================
00:15:48.0001 5196 \Device\Harddisk0\DR0:
00:15:48.0001 5196 MBR partitions:
00:15:48.0001 5196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
00:15:48.0001 5196 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
00:15:48.0032 5196 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
00:15:48.0032 5196 ============================================================
00:15:48.0157 5196 C: <-> \Device\Harddisk0\DR0\Partition2
00:15:48.0235 5196 D: <-> \Device\Harddisk0\DR0\Partition3
00:15:48.0235 5196 ============================================================
00:15:48.0235 5196 Initialize success
00:15:48.0235 5196 ============================================================
  • 0

#14
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Whoops, I think I spoke too soon with that log-I found 4 files on my computer, here they are! I will post each of them separately, here's Log 1

Log 1
23:57:03.0579 3552 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:57:04.0642 3552 ============================================================
23:57:04.0642 3552 Current date / time: 2012/12/18 23:57:04.0642
23:57:04.0642 3552 SystemInfo:
23:57:04.0642 3552
23:57:04.0642 3552 OS Version: 6.1.7601 ServicePack: 1.0
23:57:04.0643 3552 Product type: Workstation
23:57:04.0643 3552 ComputerName: LIVSIE-PC
23:57:04.0643 3552 UserName: Livsie
23:57:04.0643 3552 Windows directory: C:\Windows
23:57:04.0643 3552 System windows directory: C:\Windows
23:57:04.0643 3552 Running under WOW64
23:57:04.0643 3552 Processor architecture: Intel x64
23:57:04.0643 3552 Number of processors: 4
23:57:04.0643 3552 Page size: 0x1000
23:57:04.0643 3552 Boot type: Normal boot
23:57:04.0643 3552 ============================================================
23:57:07.0933 3552 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:07.0973 3552 Drive \Device\Harddisk1\DR1 - Size: 0x3D400000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:57:07.0977 3552 ============================================================
23:57:07.0977 3552 \Device\Harddisk0\DR0:
23:57:07.0977 3552 MBR partitions:
23:57:07.0977 3552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
23:57:07.0977 3552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
23:57:07.0984 3552 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
23:57:07.0984 3552 \Device\Harddisk1\DR1:
23:57:07.0985 3552 MBR partitions:
23:57:07.0986 3552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1E9FE0
23:57:07.0986 3552 ============================================================
23:57:08.0045 3552 C: <-> \Device\Harddisk0\DR0\Partition2
23:57:08.0086 3552 D: <-> \Device\Harddisk0\DR0\Partition3
23:57:08.0087 3552 ============================================================
23:57:08.0087 3552 Initialize success
23:57:08.0087 3552 ============================================================
23:58:08.0435 6908 Deinitialize success
  • 0

#15
Liv Scott

Liv Scott

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Log 2
23:58:43.0704 6108 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:58:44.0357 6108 ============================================================
23:58:44.0357 6108 Current date / time: 2012/12/18 23:58:44.0357
23:58:44.0357 6108 SystemInfo:
23:58:44.0357 6108
23:58:44.0357 6108 OS Version: 6.1.7601 ServicePack: 1.0
23:58:44.0357 6108 Product type: Workstation
23:58:44.0358 6108 ComputerName: LIVSIE-PC
23:58:44.0358 6108 UserName: Livsie
23:58:44.0358 6108 Windows directory: C:\Windows
23:58:44.0358 6108 System windows directory: C:\Windows
23:58:44.0358 6108 Running under WOW64
23:58:44.0358 6108 Processor architecture: Intel x64
23:58:44.0358 6108 Number of processors: 4
23:58:44.0358 6108 Page size: 0x1000
23:58:44.0358 6108 Boot type: Normal boot
23:58:44.0358 6108 ============================================================
23:58:46.0635 6108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:58:46.0928 6108 ============================================================
23:58:46.0928 6108 \Device\Harddisk0\DR0:
23:58:46.0928 6108 MBR partitions:
23:58:46.0928 6108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
23:58:46.0928 6108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
23:58:46.0951 6108 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
23:58:46.0951 6108 ============================================================
23:58:47.0004 6108 C: <-> \Device\Harddisk0\DR0\Partition2
23:58:47.0075 6108 D: <-> \Device\Harddisk0\DR0\Partition3
23:58:47.0075 6108 ============================================================
23:58:47.0075 6108 Initialize success
23:58:47.0075 6108 ============================================================
23:59:01.0059 6712 Deinitialize success
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP