Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute.
Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

arestocrat virus/malware/spyware


  • Please log in to reply

#1
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
I just finished reading a post in this forum titled "Arestocrat Malware/Spyware".
This exchange describes exactly the problem I just experienced last night on my Dell Precision with Windows 7 Professional.
This is the only place on the web I have been able to find any information specific to the arestocrat virus/malware/spyware program that has infected and taken over my screen and computer.
Should I follow the steps of the other forum thread?
Should I follow the generic malware instructions for OTL also in this forum?
Or do I need to get specific interactive instructions from someone like Gringo to irradicate this off of my work laptop?

Thank you for any help you can provide! :-)

Edited by cdredmond, 29 March 2013 - 07:09 AM.

  • 0

Advertisement


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, cdredmond and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Okay, let's start. Can you boot your computer and launch any program there or this weird thing is blocking all your actions?
  • 0

#3
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
OK. I finally have an alternate system with web access. The infected system has AVG installed on it. I have successfully booted it in Safe Mode. If I boot it into standard mode, the "extorsion screen" takes over and will not let me switch to any other program or gain access to the Start button via keyboard or mouse.
  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Good! :) Let's try to follow these steps in Safe Mode with Networking:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


  • 0

#5
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Thanks Phel!

Here is the OTL.txt file:


OTL logfile created on: 3/29/2013 10:51:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\credmond\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 7.16 Gb Available Physical Memory | 89.99% Memory free
15.91 Gb Paging File | 15.15 Gb Available in Paging File | 95.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.46 Gb Total Space | 29.77 Gb Free Space | 25.13% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 241.33 Gb Free Space | 80.96% Space Free | Partition Type: NTFS
Drive S: | 392.30 Gb Total Space | 249.56 Gb Free Space | 63.61% Space Free | Partition Type: NTFS

Computer Name: BPM64LT7 | User Name: credmond | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/29 10:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\credmond\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/29 07:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/03/29 07:57:14 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/03/29 07:57:10 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (sterling_poc)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (sdata)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (planning sample)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (go_new_stores)
SRV:64bit: - [2012/01/05 15:30:21 | 000,012,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin\tm1_service_launcher.exe -- (tm1excelservice)
SRV:64bit: - [2012/01/05 14:42:37 | 001,356,800 | ---- | M] (IBM Corp.) [Auto | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1admsd.exe -- (tm1admsdx64)
SRV:64bit: - [2011/12/21 12:15:02 | 000,073,728 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\tomcat\bin\tomcat6.exe -- (pmpsvc)
SRV:64bit: - [2011/12/02 14:03:00 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/12/02 14:03:00 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/08/24 14:17:34 | 002,279,320 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2011/07/13 15:33:48 | 000,240,128 | ---- | M] (IBM Corp.) [Auto | Stopped] -- C:\Program Files\ibm\cognos\c10_64\bin64\cogbootstrapservice.exe -- (IBM Cognos)
SRV:64bit: - [2011/07/01 11:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/06/29 08:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2011/05/27 15:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 13:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/01/06 20:32:52 | 000,283,648 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/20 20:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/10 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/03/12 22:38:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/12/14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/19 15:11:46 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/19 15:11:42 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/09/28 14:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/09/09 23:29:00 | 002,216,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/08 22:02:12 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/07 10:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 14:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/17 07:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 21:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/05/26 07:10:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/26 07:10:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/05/26 05:30:32 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012/03/12 14:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 09:51:16 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/09/22 12:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/09 23:29:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/22 10:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/07/19 15:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HBtnKey.sys -- (HBtnKey)
DRV:64bit: - [2011/07/15 19:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/10 12:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/26 11:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/05/10 16:11:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/23 14:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/06 20:32:52 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/03 15:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 13:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/10 15:22:16 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/21 11:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D365721-0A74-467C-BC8D-7FDE258E1377}
IE:64bit: - HKLM\..\SearchScopes\{3D365721-0A74-467C-BC8D-7FDE258E1377}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3D365721-0A74-467C-BC8D-7FDE258E1377}
IE - HKLM\..\SearchScopes\{3D365721-0A74-467C-BC8D-7FDE258E1377}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {3D365721-0A74-467C-BC8D-7FDE258E1377}
IE - HKCU\..\SearchScopes\{31E12A73-02CA-43A0-BCDC-4A02C8A7C0C2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/12 14:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 00:10:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/01 21:48:36 | 000,000,000 | ---D | M]

[2012/07/20 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\credmond\AppData\Roaming\Mozilla\Extensions
[2012/07/20 22:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/03 10:35:58 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.25.20 Server1
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [DisplaySwitch] C:\ProgramData\DisplaySwitch.exe ()
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Users\credmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cbai.us ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: comcast.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: comcast.net ([web.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: comcast.net ([xfinity] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rackspace.com ([apps] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://support.cbai....c/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {B65B1DCC-D421-4F3C-8F8F-909BDD967120} http://support.cbai....uginManager.cab (PluginManager Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01F5147E-1852-44BE-B8AD-36DB8C87206B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD4CAB88-54FF-4394-8655-8A56B1AAEB12}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{64061048-c201-11e1-9787-9cb70dec6776}\Shell - "" = AutoRun
O33 - MountPoints2\{64061048-c201-11e1-9787-9cb70dec6776}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/14 03:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 03:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 03:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 08:53:10 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Roaming\AVG2013
[2013/03/12 08:50:53 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Roaming\TuneUp Software
[2013/03/12 08:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/12 08:50:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/12 08:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/03/12 08:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/03/12 08:41:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/12 08:41:43 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Local\MFAData
[2013/03/12 08:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/12 08:41:43 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Local\Avg2013
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/29 09:54:57 | 000,988,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/29 09:54:57 | 000,754,984 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/29 09:54:57 | 000,229,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/29 09:51:42 | 001,002,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/29 09:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/29 09:50:46 | 2113,585,151 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/29 03:12:58 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/03/29 03:12:47 | 000,350,795 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/03/29 03:02:42 | 000,058,136 | ---- | M] () -- C:\ProgramData\DisplaySwitch.exe
[2013/03/29 02:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/29 02:36:45 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/27 22:34:05 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/27 22:34:05 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/29 03:12:58 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/03/29 03:12:44 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/29 03:02:42 | 000,058,136 | ---- | C] () -- C:\ProgramData\DisplaySwitch.exe
[2013/03/12 08:50:53 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/04 14:49:46 | 000,000,259 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/02/04 14:49:46 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/02/04 14:49:41 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/02/04 14:49:41 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9840cd.dat
[2013/02/04 14:49:41 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013/02/04 14:49:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/02/04 14:49:24 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/02/04 14:49:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/07/20 10:30:51 | 000,000,112 | ---- | C] () -- C:\Windows\tm1p.INI
[2012/07/19 15:27:00 | 000,060,304 | ---- | C] () -- C:\Users\credmond\g2mdlhlpx.exe
[2012/07/14 14:18:30 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\NTEventLogAppender.dll
[2012/05/26 06:58:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/05/26 06:58:30 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/05/26 06:58:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/26 06:58:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/05/26 06:58:20 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/05/26 05:40:29 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012/05/26 05:34:38 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2012/05/26 05:34:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/12/02 10:09:30 | 000,000,039 | ---- | C] () -- C:\Users\credmond\dlmgr_.pro
[2011/11/01 10:10:26 | 000,060,304 | ---- | C] () -- C:\Users\credmond\g2mdlhlpx (1).exe
[2011/09/08 22:02:22 | 000,307,008 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/29 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\Applix
[2013/01/12 14:20:08 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\APP_NAME_NON_STRING
[2013/03/12 08:53:10 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\AVG2013
[2012/07/19 14:22:24 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\IBM
[2012/09/11 08:13:40 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\ICAClient
[2012/11/05 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\Jitsi For OnSIP
[2012/07/05 15:10:39 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\Kaseya
[2013/01/12 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\PDF Architect
[2013/02/08 15:22:46 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\pdfforge
[2012/07/14 13:59:16 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\TeamViewer
[2013/03/12 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

#6
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Here is the Extras.txt file:


OTL Extras logfile created on: 3/29/2013 10:51:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\credmond\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 7.16 Gb Available Physical Memory | 89.99% Memory free
15.91 Gb Paging File | 15.15 Gb Available in Paging File | 95.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.46 Gb Total Space | 29.77 Gb Free Space | 25.13% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 241.33 Gb Free Space | 80.96% Space Free | Partition Type: NTFS
Drive S: | 392.30 Gb Total Space | 249.56 Gb Free Space | 63.61% Space Free | Partition Type: NTFS

Computer Name: BPM64LT7 | User Name: credmond | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DC6A52-2572-4F52-BDA2-2F3589763CFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{123A40BB-A06B-4BE5-8291-CCE6EE7D359B}" = rport=445 | protocol=6 | dir=out | app=system |
"{15D326C9-8AE1-46A5-9AB4-84B8745EE9D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{487D879A-ECB0-4722-A7BB-18829F7660DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E7C78BA-BA7B-469E-8746-0F12E67981D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C1F9342-7328-453C-A31C-FC96703F6212}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E568F19-8D4F-4B18-994B-73CFCBD2C980}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5EF59902-6D2A-4C9C-9D42-5DDCB7A7F0EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62CF7CEE-AAF9-465A-9A86-D0A45B20559A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76CFFF63-6A00-46F9-A508-DFF8FAEC9AF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B28516D-7CBC-47B4-917F-B32AC4F6D626}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8BE02DA1-21B9-460D-B189-938293967169}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F40C17F-4919-4124-A7A7-FC7FABB5041D}" = lport=445 | protocol=6 | dir=in | app=system |
"{922E2C83-3739-4719-A357-24448C2689A3}" = lport=137 | protocol=17 | dir=in | app=system |
"{9F2624C9-0555-47AB-AC03-30046A038AE0}" = rport=1433 | protocol=6 | dir=out | name=sql |
"{A4B2FC35-F847-414C-B15D-0085652E5B7C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C633CEDB-C4B6-4256-A1C1-AC22CAA92C97}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2911AD1-34C0-40A4-8143-353627CB2755}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D80F366F-AE70-4B83-B584-350CA8DE7FEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DCB30664-57C7-45DE-B4B8-3D1DA3E77357}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E33D3B81-ECE3-4394-B276-D3BB15608AA3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F13D269D-FA47-4053-A250-A27D3FDC0EA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{F919A4E7-471B-4799-80AF-B011D3EBE6E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{F931D8B0-EA14-42C5-8DB9-2C3DC3144ABF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD1C8A47-2F36-4860-9647-EEF0F1F8EC82}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D9B8A4-328D-4F54-B16F-8697DE09CDD3}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{0D742186-CF78-4D87-8B99-6FEC621C1FCB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{14E40B64-4446-4B3C-97E1-0E5822C5C14B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ACDD86B-6C0A-4670-969A-B65F0D2B2089}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{1AE96370-A27A-4073-9865-D8D52E75B295}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{20937405-5105-47AA-8D99-B4E6A50416F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27DDAC8C-7800-4E60-8350-29B4A5099C6E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{280BD69F-1539-4F6E-AA63-BFAA9387C191}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{2E3EE435-0A6E-4BBF-9EBB-D794CE963E71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3D98BCBF-420C-4704-AFBA-91083BE2031B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{46533979-CFD8-4EB3-A02B-60506E1AEC1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4992FC50-B497-43C6-8177-E38EA6A8A5F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A44C6D5-7B8F-4005-AE20-2BE81534A684}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5029CBE5-3F1D-4131-980D-DBCCAD60F233}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{69F463CC-37AC-40D2-AB59-3B440029757A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7479B93F-2D3B-488F-BBB3-96F5CDD8C319}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7578FE55-C241-4B8F-9D8F-3A42E2D93E2E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{7755F790-ED52-4C3C-9384-06B686278509}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{77979F69-5357-47CD-BFBD-358E35AB3CE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AB50396-5194-4B7A-9DF5-B7671C198DE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8261ECAB-F7B3-46F2-B262-1D89515B66EA}" = protocol=6 | dir=out | app=system |
"{830DDFB2-9C78-4995-8169-9703D8BF0220}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8662583D-E606-446E-8430-3314A1836046}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8736F0EC-0416-4460-8EF6-F71EE752ED7F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8A937442-99C2-466D-A845-DD5E550DC49E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9060659B-ABA0-4102-8E98-5CEAF146EB12}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{91EED9DA-31A0-477A-816D-F37FFEA312EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A897463-BF5D-41F6-8A1D-BE11DCCD4DDA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A00F8177-3C83-47CE-9E0F-716F8C232152}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A464AFCA-CD61-4F71-BF04-869BBC18E614}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A6FC93C7-BFD3-4A1D-A133-49FC53CE01E0}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{ABB3BDA3-AAC3-4CFD-BD7B-26AC8EA314FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{AC08C586-F853-429D-99C8-AE8014C445FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD8E672E-7D3E-4315-BD08-72C19FB62285}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B5EA930A-4D23-44C1-ADFD-58A9E3141B9B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{BA50BBF0-79AB-4DBB-A34D-9DEEDC812DEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{BBA37801-54E1-4111-9B4E-91C1E9BE198E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{CC1F31BE-DAE9-4979-9607-4852AE41152C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{CC702E7D-ACCA-48DE-A24C-96CD971BA5F0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CE491B2F-EAFF-442A-A352-846412F3A933}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE8CDF82-F39C-4414-83B1-7D7595B3AF96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D34CCAF3-7DEF-4D5C-86C0-EA5D856054CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D609E16E-F2A5-4817-9A35-624B03E4C90F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE057AD2-23DD-4C05-8699-CDE781D3A226}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F507BFF1-151A-488F-89E6-99AF01C7C8EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8EED7A3-D720-4595-B758-EF30044D0698}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FADE827C-B33A-4F16-AB9C-48D542655CDD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FCE84FFA-7CA0-450C-BAC6-B773DD1F3B92}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{182ACF5E-0E71-40F3-B2BC-2F2FD6A832F6}C:\program files\ibm\cognos\c10_64\bin64\cogconfigw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\cognos\c10_64\bin64\cogconfigw.exe |
"TCP Query User{3F0DDAB7-D9D2-4E38-ABB2-86A052CD4A62}C:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe |
"TCP Query User{4510C0A6-2F88-4DF7-80AB-A7C8C6312F74}C:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe |
"TCP Query User{525CE48F-2E8B-4E73-AECF-30FBE4B011FD}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"TCP Query User{98BD8B9B-5A5A-4335-AFEB-896C0A7522DE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A4A86D6D-14F0-457F-B0EE-3C9C2DBEF274}C:\program files\jitsi for onsip\run.exe" = protocol=6 | dir=in | app=c:\program files\jitsi for onsip\run.exe |
"TCP Query User{E596AC5F-B4DA-4D34-9A98-1FF38A8DEF88}C:\users\credmond\appdata\roaming\ibm\cognos insight\bins\bin_10.1.4134.0\x64\tm1ipmp.exe" = protocol=6 | dir=in | app=c:\users\credmond\appdata\roaming\ibm\cognos insight\bins\bin_10.1.4134.0\x64\tm1ipmp.exe |
"TCP Query User{F9637EE7-FC78-40CE-AD8C-8F5773092B07}C:\users\credmond\appdata\local\temp\kvncviewer.exe" = protocol=6 | dir=in | app=c:\users\credmond\appdata\local\temp\kvncviewer.exe |
"UDP Query User{1BEE7D12-A239-42B2-BE47-62E76364E9E3}C:\program files (x86)\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"UDP Query User{56437052-BABC-4802-B051-A86CFBB63308}C:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe |
"UDP Query User{5A4D2098-12AA-4590-A288-6A55D05F2A83}C:\program files\jitsi for onsip\run.exe" = protocol=17 | dir=in | app=c:\program files\jitsi for onsip\run.exe |
"UDP Query User{6581ECF1-7EAD-4E86-9E8E-5F4F54A9B39A}C:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\cognos\tm1_64\bin64\cogconfigw.exe |
"UDP Query User{922E28EC-03FA-4111-9898-E7617CCEB828}C:\users\credmond\appdata\roaming\ibm\cognos insight\bins\bin_10.1.4134.0\x64\tm1ipmp.exe" = protocol=17 | dir=in | app=c:\users\credmond\appdata\roaming\ibm\cognos insight\bins\bin_10.1.4134.0\x64\tm1ipmp.exe |
"UDP Query User{C72D9F12-162F-4DB6-AE45-8D8114C9F615}C:\program files\ibm\cognos\c10_64\bin64\cogconfigw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\cognos\c10_64\bin64\cogconfigw.exe |
"UDP Query User{CF64CE0F-377C-4E33-B546-1C1F887F79E2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DA3917E1-4EF4-412E-8E6E-DCCDCDFFA9F7}C:\users\credmond\appdata\local\temp\kvncviewer.exe" = protocol=17 | dir=in | app=c:\users\credmond\appdata\local\temp\kvncviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{2CDF9857-2CC5-423C-8415-F2D796517C7F}" = Dell ControlVault Host Components Installer 64 bit
"{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45ABEF88-3864-41F5-8189-BB80F2C5A75C}" = AVG 2013
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 Analysis Services
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{962BAEA5-DE95-47B0-8D62-BC6DF8123C87}" = Microsoft SQL Server 2008 R2 Upgrade Advisor
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 Full text search
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 276.05
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 276.05
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 276.05
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.3.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D460E75C-75FB-4125-A93F-6BBFD1EE1446}" = Jitsi For OnSIP
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 Analysis Services
"{F2CD25EB-2FC9-4D58-812A-32BBFBF06186}" = AVG 2013
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 16.5.2.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{09531CAE-B186-49A9-B44F-C607CC54FA2A}" = PDF Architect
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel® Identity Protection Technology 1.2.22.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{53405DEC-1B44-11DF-B594-9E0C56D89593}" = IBM Cognos Insight
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61443A8C-CEDE-4E7B-A197-C2A125DEA7B8}" = IBM Cognos Performance Modeler
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"27f8ecb2c3cd8ba1" = Flow Model Packager
"9204f5692a8faf3b" = Dell System Detect
"GoToMeeting" = GoToMeeting 5.4.0.1082
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2013 11:59:44 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/11/2013 11:59:44 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/11/2013 11:59:47 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/11/2013 11:59:47 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/11/2013 11:59:47 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/11/2013 11:59:47 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/11/2013 11:59:47 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/11/2013 11:59:47 AM | Computer Name = BPM64LT7 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 3/12/2013 10:35:14 AM | Computer Name = BPM64LT7 | Source = WinMgmt | ID = 10
Description =

Error - 3/12/2013 11:48:07 AM | Computer Name = BPM64LT7 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/20/2013 2:48:55 PM | Computer Name = BPM64LT7 | Source = BROWSER | ID = 8032
Description =

Error - 2/21/2013 4:12:49 PM | Computer Name = BPM64LT7 | Source = BROWSER | ID = 8032
Description =

Error - 2/22/2013 7:54:13 PM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 2/22/2013 9:25:27 PM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 2/23/2013 1:34:22 AM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 2/23/2013 1:54:15 PM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/4/2013 2:38:59 PM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/5/2013 11:42:55 AM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/5/2013 1:27:19 PM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 3/6/2013 1:00:59 PM | Computer Name = BPM64LT7 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0


< End of report >
  • 0

#7
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Phel,

If possible, I would appreciate you including a bit of detail on what you are finding as you give me the instructions on what to perform.
I am an IT professional, so I should be able to understand most of what you can throw at me. However, this is the first virus I have ever had infect my PC in over 25 years!

I see a few services that I do not recogize. They may be valid, but I am not familiar with them. They are:

SRV:64bit: - [2010/02/10 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV:64bit: - [2011/01/06 20:32:52 | 000,283,648 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV - [2011/02/17 07:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
  • 0

#8
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

If possible, I would appreciate you including a bit of detail on what you are finding as you give me the instructions on what to perform.


Okay, we have only one ransom file, which you will see in the fix.

SRV:64bit: - [2010/02/10 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)


Related to O2Micro - harmless.

SRV:64bit: - [2011/01/06 20:32:52 | 000,283,648 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)


Related to IDT audio products - harmless.

SRV - [2011/02/17 07:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


Related to NTRU Cryptosystems software from SecurityInnovation - harmless.

SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


Related to O2Micro again - harmless.

So, I would keep all that software, because it can affect hardware.

Do you know anything about this file?

C:\users\credmond\appdata\local\temp\kvncviewer.exe

Boot your computer in the Safe Mode and follow these steps:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [DisplaySwitch] C:\ProgramData\DisplaySwitch.exe ()
    
    :Commands
    [REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC in normal mode when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Phel,
Thanks for the response and sorry for the long delay in my response.
Yesterday morning this thread was no longer listed in "My Contect". With this site moving to new hardware on Friday, I assumed this thread had been lost in the shuffle.
So, between what I thought was a lost thread and Easter weekend I am just now getting back to resolving this issue.
Answer to your first question:

Do you know anything about this file?
C:\users\credmond\appdata\local\temp\kvncviewer.exe

Answer: This is a VNC software client produced by Kaseya software. I use this to remote connect to one of my clients.
I will follow up shortly with the new logs once I have run the OTL tool with the script you have provided.
  • 0

#10
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Awesome!
OK, this first pass has stopped the pop-up screen from taking over, but I'm sure we're not out of the woods yet!
This time only one log file was produced by OTL.
Here's the log that OTL produced:

OTL.txt:
=======================================================================================================================
OTL logfile created on: 3/31/2013 2:48:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\credmond\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 51.76% Memory free
15.91 Gb Paging File | 10.55 Gb Available in Paging File | 66.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.46 Gb Total Space | 29.75 Gb Free Space | 25.11% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 241.33 Gb Free Space | 80.96% Space Free | Partition Type: NTFS

Computer Name: BPM64LT7 | User Name: credmond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/29 10:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\credmond\Downloads\OTL.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/03/12 22:38:27 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/15 14:02:14 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe
PRC - [2013/02/15 14:02:14 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe
PRC - [2013/02/15 14:02:14 | 000,040,376 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012/12/14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012/01/19 15:11:46 | 002,594,584 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/01/19 15:11:42 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/01/05 15:30:21 | 000,012,288 | ---- | M] () -- C:\Program Files\ibm\cognos\tm1_64\bin\tm1_service_launcher.exe
PRC - [2012/01/05 15:29:10 | 000,045,056 | ---- | M] (IBM Corp.) -- C:\Program Files\ibm\cognos\tm1_64\bin\TM1ExcelService.exe
PRC - [2011/12/16 13:17:32 | 000,462,974 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/09/28 14:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/09/09 23:29:00 | 002,216,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/08 22:02:12 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/10 08:05:31 | 000,022,528 | ---- | M] (IBM Corp.) -- C:\Program Files\ibm\cognos\c10_64\bin\BIBusTKServerMain.exe
PRC - [2011/07/25 07:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/07/20 15:53:21 | 000,044,032 | ---- | M] (IBM Corp.) -- C:\Program Files\ibm\cognos\c10_64\bin\BmtMDProviderMain.exe
PRC - [2011/05/12 14:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 20:24:51 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inetsrv\w3wp.exe
PRC - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/05 21:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 21:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/01 14:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/08/13 18:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/13 04:22:53 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/13 04:22:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 04:29:11 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\627ad0c3bee887395fa95e484f42cf20\IAStorUtil.ni.dll
MOD - [2013/01/10 04:29:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ec48904f58596c2fc9f1aff20cd3c3b8\IAStorCommon.ni.dll
MOD - [2013/01/10 04:24:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:24:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 04:24:07 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 04:24:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 04:24:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 04:24:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 04:23:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/07/25 07:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/24 20:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/29 07:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/03/29 07:57:14 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/03/29 07:57:10 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (sterling_poc)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (sdata)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (planning sample)
SRV:64bit: - [2012/01/05 16:06:07 | 008,838,656 | ---- | M] (IBM Corp.) [On_Demand | Stopped] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1sd.exe -- (go_new_stores)
SRV:64bit: - [2012/01/05 15:30:21 | 000,012,288 | ---- | M] () [Auto | Running] -- C:\Program Files\ibm\cognos\tm1_64\bin\tm1_service_launcher.exe -- (tm1excelservice)
SRV:64bit: - [2012/01/05 14:42:37 | 001,356,800 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\ibm\cognos\tm1_64\bin64\tm1admsd.exe -- (tm1admsdx64)
SRV:64bit: - [2011/12/21 12:15:02 | 000,073,728 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\ibm\cognos\tm1_64\tomcat\bin\tomcat6.exe -- (pmpsvc)
SRV:64bit: - [2011/12/02 14:03:00 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/12/02 14:03:00 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/08/24 14:17:34 | 002,279,320 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2011/07/13 15:33:48 | 000,240,128 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\ibm\cognos\c10_64\bin64\cogbootstrapservice.exe -- (IBM Cognos)
SRV:64bit: - [2011/07/01 11:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/06/29 08:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2011/05/27 15:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 13:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/01/06 20:32:52 | 000,283,648 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/20 20:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/10 18:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/03/12 22:38:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/12/14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/19 15:11:46 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/19 15:11:42 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/09/28 14:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/09/09 23:29:00 | 002,216,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/08 22:02:12 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/07 10:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 14:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/17 07:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 21:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/05/26 07:10:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/26 07:10:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/05/26 05:30:32 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012/03/12 14:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 09:51:16 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/09/22 12:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/09 23:29:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/22 10:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/07/19 15:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HBtnKey.sys -- (HBtnKey)
DRV:64bit: - [2011/07/15 19:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/10 12:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/26 11:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/05/10 16:11:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/23 14:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/06 20:32:52 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/03 15:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 13:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/10 15:22:16 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/21 11:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D365721-0A74-467C-BC8D-7FDE258E1377}
IE:64bit: - HKLM\..\SearchScopes\{3D365721-0A74-467C-BC8D-7FDE258E1377}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3D365721-0A74-467C-BC8D-7FDE258E1377}
IE - HKLM\..\SearchScopes\{3D365721-0A74-467C-BC8D-7FDE258E1377}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {3D365721-0A74-467C-BC8D-7FDE258E1377}
IE - HKCU\..\SearchScopes\{31E12A73-02CA-43A0-BCDC-4A02C8A7C0C2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/01/12 14:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 00:10:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/01 21:48:36 | 000,000,000 | ---D | M]

[2012/07/20 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\credmond\AppData\Roaming\Mozilla\Extensions
[2012/07/20 22:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/03 10:35:58 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.25.20 Server1
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - Startup: C:\Users\credmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cbai.us ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: comcast.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: comcast.net ([web.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: comcast.net ([xfinity] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rackspace.com ([apps] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://support.cbai....c/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {B65B1DCC-D421-4F3C-8F8F-909BDD967120} http://support.cbai....uginManager.cab (PluginManager Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01F5147E-1852-44BE-B8AD-36DB8C87206B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD4CAB88-54FF-4394-8655-8A56B1AAEB12}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{64061048-c201-11e1-9787-9cb70dec6776}\Shell - "" = AutoRun
O33 - MountPoints2\{64061048-c201-11e1-9787-9cb70dec6776}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/31 14:37:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/14 03:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 03:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 03:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 08:53:10 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Roaming\AVG2013
[2013/03/12 08:50:53 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Roaming\TuneUp Software
[2013/03/12 08:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/12 08:50:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/12 08:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/03/12 08:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/03/12 08:41:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/12 08:41:43 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Local\MFAData
[2013/03/12 08:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/12 08:41:43 | 000,000,000 | ---D | C] -- C:\Users\credmond\AppData\Local\Avg2013
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/31 14:48:07 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 14:48:07 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 14:44:59 | 000,988,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/31 14:44:59 | 000,755,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/31 14:44:59 | 000,229,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/31 14:38:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/31 14:38:42 | 2113,585,151 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/29 09:51:42 | 001,002,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/29 03:12:58 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/03/29 03:12:47 | 000,350,795 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/03/29 02:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/29 02:36:45 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/29 03:12:58 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/03/29 03:12:44 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/12 08:50:53 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/04 14:49:46 | 000,000,259 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/02/04 14:49:46 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/02/04 14:49:41 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/02/04 14:49:41 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9840cd.dat
[2013/02/04 14:49:41 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013/02/04 14:49:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/02/04 14:49:24 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/02/04 14:49:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/07/20 10:30:51 | 000,000,112 | ---- | C] () -- C:\Windows\tm1p.INI
[2012/07/19 15:27:00 | 000,060,304 | ---- | C] () -- C:\Users\credmond\g2mdlhlpx.exe
[2012/07/14 14:18:30 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\NTEventLogAppender.dll
[2012/05/26 06:58:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/05/26 06:58:30 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/05/26 06:58:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/26 06:58:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/05/26 06:58:20 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/05/26 05:40:29 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012/05/26 05:34:38 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2012/05/26 05:34:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/12/02 10:09:30 | 000,000,039 | ---- | C] () -- C:\Users\credmond\dlmgr_.pro
[2011/11/01 10:10:26 | 000,060,304 | ---- | C] () -- C:\Users\credmond\g2mdlhlpx (1).exe
[2011/09/08 22:02:22 | 000,307,008 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/29 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\Applix
[2013/01/12 14:20:08 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\APP_NAME_NON_STRING
[2013/03/12 08:53:10 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\AVG2013
[2012/07/19 14:22:24 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\IBM
[2012/09/11 08:13:40 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\ICAClient
[2012/11/05 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\Jitsi For OnSIP
[2012/07/05 15:10:39 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\Kaseya
[2013/01/12 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\PDF Architect
[2013/02/08 15:22:46 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\pdfforge
[2012/07/14 13:59:16 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\TeamViewer
[2013/03/12 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\credmond\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
=========================================================================================================
  • 0
<

Advertisement


#11
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello,

Let's check if something is left.

Follow these steps:

Step 1. MBAM scan.

Run Malwarebytes Anti-Malware.
  • Go to the Update tab.
  • Click on the Check for updates button. New small window should appear.
  • If an update is found, it will download and install the latest definitions.
  • Go back to the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log

  • 0

#12
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Phel,

Here is the MBAM log:

======================================================================================
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
credmond :: BPM64LT7 [administrator]

4/1/2013 3:06:30 PM
mbam-log-2013-04-01 (15-06-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309496
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\credmond\AppData\Local\Temp\yttyreerdffddfrf.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.

(end)
====================================================================================================================
  • 0

#13
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Here is the Log.txt from ESET Online Scanner:

=============================================
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
=============================================

Here is what displays in the ESET Online Scanner window:
=============================================
Scan results Step 4 out of 4
No threats found.
Scanned Files: 429740
Infected Files: 0
Cleaned files: 0
Total scan time: 00:42:05
Scan status: Finished
=============================================
  • 0

#14
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How is your computer running now?
  • 0

#15
cdredmond

cdredmond

    Member

  • Member
  • PipPip
  • 11 posts
Phel,

Everything is looking good.
I did a quick Scan with AVG Free version. It came up clean.
Once we are done. I plan to install a full version of Norton. However, I am open to recomendations. :-)
Any other prevention we should do? Or are we ready to uninstall some of these tools?
  • 0

Advertisement




Similar Topics: arestocrat virus/malware/spyware     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured