Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG showing trojan threats constantly [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Please run this OTL fix.

Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:Files
C:\$Recycle.bin\S-1-5-18\$7df4b1d452bd5978c5c35549945bfe7e

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

If the OTL fix runs to completion go on to Step 2. If it doesn't, stop and let me know what it was on when it got hung up.


Step-2.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • When the scan begins you will see a window like the image below. Although the program states that the scan typically doesn't take more than 10 minutes there are 50 stages or so that it goes through. On a severely infected machine it can take much longer so please be patient.

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Otl fixes log
2. The ComboFix.txt log
  • 0

Advertisements


#17
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL got hung again on [emptytemp]
  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Then try the fix without the [emptytemp] command below. And then see if ComboFix will run.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:Files
C:\$Recycle.bin\S-1-5-18\$7df4b1d452bd5978c5c35549945bfe7e

:COMMANDS
[reboot]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
  • 0

#19
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix ran, but it only took about 2 mins and there was no log file generated. Here are two files that were generated by OTL yesterday after I ran the fix you sent.

Log 1:

Files\Folders moved on Reboot...
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_BD43FA56-D4CA-47C1-BB2D-B476502EB791.0\C0145762. not found!
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_7F1630B9-40CC-40EF-80D3-C93E2647413E.0\809095A5. not found!
File move failed. C:\Users\FamilyRoom\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\temp\hsperfdata_FAMILYROOM-PC$\1860 moved successfully.
File move failed. C:\Windows\temp\fb_2552.lck scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Log 2:
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\$Recycle.bin\S-1-5-18\$7df4b1d452bd5978c5c35549945bfe7e not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 09012013_154827
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Thanks for the logs. Please get me a fresh OTL scan so we can see where we are now.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
DRIVES


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
  • 0

#21
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Newest OTL log:
OTL logfile created on: 9/2/2013 1:49:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\FamilyRoom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 81.67% Memory free
16.00 Gb Paging File | 12.91 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.88 Gb Total Space | 749.54 Gb Free Space | 81.39% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM-PC | User Name: FamilyRoom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/28 13:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FamilyRoom\Desktop\OTL.exe
PRC - [2013/08/24 13:49:56 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/13 12:52:19 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 19:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/11/14 22:44:54 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/29 21:33:46 | 000,698,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/10/23 05:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/09/24 22:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/03/10 17:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/16 01:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 01:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 01:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/24 13:49:53 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppgooglenaclpluginchrome.dll
MOD - [2013/08/24 13:49:52 | 013,594,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
MOD - [2013/08/24 13:49:51 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
MOD - [2013/08/24 13:49:01 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
MOD - [2013/08/24 13:49:00 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libegl.dll
MOD - [2013/08/24 13:48:58 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
MOD - [2013/08/14 08:35:39 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/14 08:34:37 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/08/14 07:54:02 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d23f99753f2703d5b8f68e558ca3e85c\System.Web.Services.ni.dll
MOD - [2013/08/14 07:53:46 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/08/14 07:53:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 07:53:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 07:53:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 07:53:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/14 07:53:23 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/08/14 07:53:13 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/14 07:53:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/13 03:43:50 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5de32c4f69c7141f68b383915ab87ff4\PresentationFramework.Classic.ni.dll
MOD - [2013/07/13 03:42:42 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/10/30 16:37:26 | 000,348,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2012/10/30 16:37:24 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2012/10/30 16:37:22 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/05/22 13:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 14:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 14:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 14:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 14:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 14:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2010/02/03 11:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/28 16:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 21:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/30 19:56:52 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV:64bit: - [2011/01/21 12:37:44 | 000,179,008 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2011/01/21 12:37:40 | 000,119,104 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2011/01/21 12:37:32 | 000,121,152 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/08/26 18:13:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/10/23 05:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/04 17:59:54 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/22 17:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/30 15:36:20 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/05/03 02:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/14 07:18:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/01 19:19:00 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/01/01 19:19:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/12/30 14:15:46 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/10/03 15:30:42 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/09/27 22:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 21:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/04/09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/04/09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/21 12:45:28 | 000,173,376 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2011/01/21 12:45:26 | 001,465,664 | R--- | M] (Authentium, Inc) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/08 08:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/10/16 07:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/28 17:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 17:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {295030CC-C74A-4EF6-914F-F91CBF810305}
IE:64bit: - HKLM\..\SearchScopes\{295030CC-C74A-4EF6-914F-F91CBF810305}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,DefaultScope = {21A19E1F-C698-4F18-8150-EADC5C5BF1A0}
IE - HKLM\..\SearchScopes\{21A19E1F-C698-4F18-8150-EADC5C5BF1A0}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {21A19E1F-C698-4F18-8150-EADC5C5BF1A0}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {21A19E1F-C698-4F18-8150-EADC5C5BF1A0}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..\SearchScopes,DefaultScope = {B3E71C6A-E473-4E04-A727-EC486C8E7E5F}
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..\SearchScopes\{4E5655CD-B292-4F76-90A3-CCB46D627E8E}: "URL" = http://websearch.ask...11-D22539FD5C3C
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..\SearchScopes\{B3E71C6A-E473-4E04-A727-EC486C8E7E5F}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\FamilyRoom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\FamilyRoom\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\FamilyRoom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/07 23:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 01:55:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/07 23:19:09 | 000,000,000 | ---D | M]

[2011/02/07 19:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FamilyRoom\AppData\Roaming\Mozilla\Extensions
[2011/02/07 19:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FamilyRoom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 09:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Comrade Plugin (Enabled) = C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5\
CHR - Extension: Skype Click to Call = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/29 23:51:09 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Facebook Update] C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Spotify] C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Spotify Web Helper] C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C922CD3-0950-44FE-83F9-E6F0529DBBFB}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A9C5A65-49BD-492C-9DDC-FCBB7D0C3278}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/06 00:00:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2013/09/01 16:08:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/01 15:57:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/01 15:57:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/01 15:57:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/09/01 15:56:03 | 005,116,805 | R--- | C] (Swearware) -- C:\Users\FamilyRoom\Desktop\ComboFix.exe
[2013/08/29 18:23:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\FamilyRoom\Desktop\aswMBR.exe
[2013/08/29 17:02:17 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\FamilyRoom\Desktop\tdsskiller.exe
[2013/08/29 07:56:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/29 07:55:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\FamilyRoom\Desktop\OTL.exe
[2013/08/28 17:54:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Dell
[2013/08/28 14:13:03 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\FamilyRoom\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/26 15:57:49 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software
[2013/08/26 15:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/08/26 13:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/08/17 15:44:46 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\AppData\Local\{521B17B6-6E91-48CF-9B55-13039EB2BCFB}
[2013/08/15 16:38:18 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\AppData\Local\{93A27973-C774-4C0B-9478-1387A50DE4C8}
[2013/08/14 03:05:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/14 03:05:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/14 03:05:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/14 03:05:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/14 03:05:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/14 03:05:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/14 03:05:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/14 03:05:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/14 03:05:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/14 03:05:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/14 03:05:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/14 03:05:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 03:05:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/14 03:05:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/14 03:05:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/13 18:00:56 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/13 18:00:55 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/13 18:00:55 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/13 18:00:48 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/13 18:00:48 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/13 18:00:46 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/13 18:00:46 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/13 18:00:45 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/13 18:00:45 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/13 18:00:45 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/13 18:00:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/13 18:00:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/13 18:00:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/13 18:00:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/13 18:00:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/13 18:00:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/11 08:09:38 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\AppData\Local\{11420282-3995-4012-ABBC-6539FF4E1207}
[2013/08/03 21:30:21 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\AppData\Local\SCE
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\FamilyRoom\Desktop\*.tmp files -> C:\Users\FamilyRoom\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/02 13:46:34 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/02 13:46:28 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000UA.job
[2013/09/02 13:46:28 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000Core.job
[2013/09/02 13:46:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/01 16:13:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/01 16:13:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/01 16:08:56 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 16:08:49 | 000,000,408 | ---- | M] () -- C:\Windows\SysWow64\iolo.ini
[2013/09/01 16:08:49 | 000,000,408 | ---- | M] () -- C:\Windows\SysNative\iolo.ini
[2013/09/01 16:08:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/01 16:08:22 | 2146,930,687 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 15:55:38 | 005,116,805 | R--- | M] (Swearware) -- C:\Users\FamilyRoom\Desktop\ComboFix.exe
[2013/08/29 18:18:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\FamilyRoom\Desktop\aswMBR.exe
[2013/08/29 17:01:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\FamilyRoom\Desktop\tdsskiller.exe
[2013/08/29 15:41:20 | 000,028,872 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\OTL_stuck.png
[2013/08/28 14:13:40 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/28 13:37:46 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\FamilyRoom\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/28 13:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FamilyRoom\Desktop\OTL.exe
[2013/08/26 18:30:11 | 000,040,226 | ---- | M] () -- C:\Users\FamilyRoom\Documents\cc_20130826_183007.reg
[2013/08/26 18:28:59 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/26 18:13:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/26 18:13:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/23 17:46:00 | 000,000,329 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\HP Printer Diagnostic Tools.url
[2013/08/03 21:30:05 | 000,001,356 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\Free Realms.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\FamilyRoom\Desktop\*.tmp files -> C:\Users\FamilyRoom\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/01 15:50:22 | 000,000,408 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2013/09/01 15:50:22 | 000,000,408 | ---- | C] () -- C:\Windows\SysNative\iolo.ini
[2013/08/29 15:41:20 | 000,028,872 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\OTL_stuck.png
[2013/08/28 14:13:40 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/26 18:30:10 | 000,040,226 | ---- | C] () -- C:\Users\FamilyRoom\Documents\cc_20130826_183007.reg
[2013/08/23 17:46:00 | 000,000,329 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\HP Printer Diagnostic Tools.url
[2013/08/03 21:30:05 | 000,001,356 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\Free Realms.lnk
[2013/04/05 11:14:11 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2013/02/08 22:37:09 | 000,000,258 | RHS- | C] () -- C:\Users\FamilyRoom\ntuser.pol
[2013/01/24 16:32:40 | 000,230,740 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/01 17:44:06 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-FAMILYROOM-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/12/30 23:14:13 | 000,000,000 | ---- | C] () -- C:\Users\FamilyRoom\defogger_reenable
[2012/10/09 19:22:01 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/04 21:38:43 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/03/18 16:16:20 | 000,009,750 | ---- | C] () -- C:\Users\FamilyRoom\Talent_show.aup
[2012/03/18 15:35:03 | 002,541,421 | ---- | C] () -- C:\Users\FamilyRoom\Talent_show.mp3
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/20 14:45:17 | 000,000,292 | ---- | C] () -- C:\Windows\EReg077.dat
[2012/01/20 14:00:15 | 000,000,027 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/04 17:59:49 | 000,103,784 | ---- | C] () -- C:\Users\FamilyRoom\GoToAssistDownloadHelper.exe
[2010/11/27 11:43:51 | 000,000,098 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\fusioncache.dat
[2010/10/29 00:49:41 | 000,007,605 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\Resmon.ResmonCfg
[2010/09/21 19:46:53 | 000,004,608 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 19:27:01 | 000,004,240 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\rx_audio.Cache
[2010/09/19 19:27:01 | 000,000,072 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\rx_image32.Cache

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/22 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\iolo
[2012/07/22 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\iolo
[2013/08/26 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus
[2013/07/16 16:36:03 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\adelantado_2_realore_bigfishgames_en
[2013/07/12 19:46:46 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\adelantado_big_fish_en
[2012/03/18 16:16:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Audacity
[2011/06/12 08:35:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Catalina Marketing Corp
[2010/09/05 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\CheckPoint
[2012/01/03 13:50:34 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Coby
[2012/01/12 17:20:22 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Coby Media Manager
[2011/05/14 16:31:46 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\CoffeeCup Software
[2012/07/15 08:44:59 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\FileOpen
[2011/12/03 20:44:07 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\FileZilla
[2011/03/18 19:26:05 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Gamelab
[2012/12/29 23:34:43 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\IObit
[2013/08/26 18:12:32 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\iolo
[2012/04/04 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Leadertech
[2013/03/04 16:35:24 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\MusicOasis
[2011/11/23 10:12:24 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Oberon Media
[2013/08/26 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\PCDr
[2012/02/09 21:51:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\PlayFirst
[2013/04/20 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Rovio
[2013/07/19 12:35:53 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Rovio Entertainment Ltd
[2010/09/08 00:06:30 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\SoftGrid Client
[2013/09/01 16:09:24 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Spotify
[2012/02/10 19:16:48 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\TFS2
[2011/10/13 00:10:09 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Tific
[2011/02/07 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\TomTom
[2010/09/07 23:06:33 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\TP
[2011/11/17 08:00:45 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Transparent
[2013/08/26 15:57:49 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software
[2012/12/30 22:51:59 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\WildTangent
[2010/09/30 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Windows Live Writer
[2012/02/04 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\ZumoDrive

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2012/12/30 23:23:58 | 001,897,963 | ---- | M] () -- C:\MGtools.exe
[2008/05/08 01:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 19:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< MD5 for: EXPLORER.EXE >
[2010/08/30 18:01:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/08/30 18:01:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/08/30 18:01:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/08/30 18:01:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/08/30 18:01:28 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/30 18:01:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/08/30 18:01:28 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/30 18:01:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/08/30 18:01:28 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/08/30 18:01:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/08/30 18:01:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/08/30 18:01:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.DAT >
[2012/12/14 00:08:43 | 000,001,445 | ---- | M] () MD5=18134F4CA7DBCC5437D715A28E283D86 -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2010/07/01 10:04:30 | 000,004,922 | ---- | M] () MD5=A765EAC09B03DC0424F820C2F4C1693B -- C:\Program Files (x86)\CoffeeCup Software\BACKUP\services.html

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2010/09/10 20:20:51 | 000,059,449 | ---- | M] () MD5=A5910A5D768ED083A8E85058F59E3ED9 -- C:\ProgramData\HP\Installer\Temp\services.log
[2010/09/10 20:20:51 | 000,059,449 | ---- | M] () MD5=A5910A5D768ED083A8E85058F59E3ED9 -- C:\Users\All Users\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/08/16 17:49:54 | 000,001,171 | ---- | M] () MD5=7248041E8F3F2F317988B765AB89A427 -- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VSRC8988\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2013/05/03 02:21:28 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\My Dell\images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/08/30 18:01:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/08/30 18:01:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINSOCK.TXT >
[2013/01/01 18:24:26 | 000,074,146 | ---- | M] () MD5=D44BC836B538374D8F86B2FF3894538F -- C:\MGtools\winsock.txt

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is F0E0-3790
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
07/14/2009 01:37 AM <SYMLINKD> en-US [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,919,360 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> Desktop [..]
07/14/2009 01:08 AM <JUNCTION> Documents [..]
07/14/2009 01:08 AM <JUNCTION> Favorites [..]
07/14/2009 01:08 AM <JUNCTION> Start Menu [..]
07/14/2009 01:08 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> Desktop [..]
07/14/2009 01:08 AM <JUNCTION> Documents [..]
07/14/2009 01:08 AM <JUNCTION> Favorites [..]
07/14/2009 01:08 AM <JUNCTION> Start Menu [..]
07/14/2009 01:08 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> Cookies [..]
07/14/2009 01:08 AM <JUNCTION> Local Settings [..]
07/14/2009 01:08 AM <JUNCTION> My Documents [..]
07/14/2009 01:08 AM <JUNCTION> NetHood [..]
07/14/2009 01:08 AM <JUNCTION> PrintHood [..]
07/14/2009 01:08 AM <JUNCTION> Recent [..]
07/14/2009 01:08 AM <JUNCTION> SendTo [..]
07/14/2009 01:08 AM <JUNCTION> Start Menu [..]
07/14/2009 01:08 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> History [..]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [..]
07/14/2009 01:08 AM <JUNCTION> My Pictures [..]
07/14/2009 01:08 AM <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\FamilyRoom
09/04/2010 10:26 PM <JUNCTION> Application Data [C:\Users\FamilyRoom\AppData\Roaming]
09/04/2010 10:26 PM <JUNCTION> Cookies [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Cookies]
09/04/2010 10:26 PM <JUNCTION> Local Settings [C:\Users\FamilyRoom\AppData\Local]
09/04/2010 10:26 PM <JUNCTION> My Documents [C:\Users\FamilyRoom\Documents]
09/04/2010 10:26 PM <JUNCTION> NetHood [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/04/2010 10:26 PM <JUNCTION> PrintHood [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/04/2010 10:26 PM <JUNCTION> Recent [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Recent]
09/04/2010 10:26 PM <JUNCTION> SendTo [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\SendTo]
09/04/2010 10:26 PM <JUNCTION> Start Menu [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Start Menu]
09/04/2010 10:26 PM <JUNCTION> Templates [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\FamilyRoom\AppData\Local
09/04/2010 10:26 PM <JUNCTION> Application Data [C:\Users\FamilyRoom\AppData\Local]
09/04/2010 10:26 PM <JUNCTION> History [C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\History]
09/04/2010 10:26 PM <JUNCTION> Temporary Internet Files [C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\FamilyRoom\AppData\LocalLow
09/18/2010 01:21 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\FamilyRoom\Documents
09/04/2010 10:26 PM <JUNCTION> My Music [C:\Users\FamilyRoom\Music]
09/04/2010 10:26 PM <JUNCTION> My Pictures [C:\Users\FamilyRoom\Pictures]
09/04/2010 10:26 PM <JUNCTION> My Videos [C:\Users\FamilyRoom\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
08/30/2010 03:34 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/30/2010 03:34 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/30/2010 03:34 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
08/30/2010 03:34 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/30/2010 03:34 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/30/2010 03:34 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
08/30/2010 03:34 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/30/2010 03:34 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/30/2010 03:34 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
08/30/2010 03:34 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/30/2010 03:34 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/30/2010 03:34 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea
07/13/2009 09:29 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
1 File(s) 52,224 bytes
Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
7 File(s) 1,907,712 bytes
Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
7 File(s) 1,907,712 bytes
Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
7 File(s) 1,907,712 bytes
Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
8 File(s) 1,968,640 bytes
Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
05/27/2013 01:50 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
11 File(s) 3,867,136 bytes
Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca
07/13/2009 09:41 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:39 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
8 File(s) 1,968,640 bytes
Total Files Listed:
61 File(s) 17,499,136 bytes
64 Dir(s) 805,724,631,040 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD10 01FAES-75W7A0 SATA Disk Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 921.00GB
Starting Offset: 11410604032
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D9F6664C
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:89FC8EEB
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2F5A06FD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:19C541B5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C9EC3958
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C602FACB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:02A78DF6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:298B8F0F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:241FA548
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D86B56BC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A74EDB32
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. I see the bugger now. :thumbsup: You have the newest variation of the ZeroAccess rootkit infection. But before we kill it I need to ask, what antivirus program do you have running? I see entries for Advanced System Care but that is not a real AV program and we will be removing it:

PRC - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/29 21:33:46 | 000,698,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/09/24 22:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe


Authentium Antivirus: This is an AV liscensed to many Internet Service Providers as part of their software Security Suites

SRV:64bit: - [2011/01/21 12:37:44 | 000,179,008 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2011/01/21 12:37:40 | 000,119,104 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2011/01/21 12:37:32 | 000,121,152 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)


Threat Track Security: which is part of Vipre Antivirus

DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/30 14:15:46 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)


It looks like somebody installed AVG antivirus on 8/26/3013 but I don't see any evidence of it, or any antivirus, running on the machine except IOBIT Advanced System Care. Which doesn't really offer any protection.


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Since we have already started cleaning this machine let's continue with the cleaning process, but I can't guarantee that it will be 100% secure afterward.


Step-1.

Fabar Recovery Scan

A.
Download the Tool
  • Please click here to go to the Farbar Recovery Scan Tool download page.
  • Click the Download Now(64bit Version) button and save it to your desktop.
B.
Run the Tool
Close all open Windows and browsers
  • Right click the FRST64.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above
2. The FRST.txt log
3. The Addition.txt log
  • 0

#23
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
AV question: I believe I was running System Mechanic with an AV, and before that I had ZoneAlarm for a few years but I always had issues with viruses and malware. I think the Dell Tech talked me into System Mechanic, but I haven't been impressed with that at all. I did try to download and install AVG on the 26th, but I am sure all the cleaning stuff or the virus has removed that stuff. So I am open to suggestions and not afraid to pay for a good AV.

FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 05
Ran by FamilyRoom (administrator) on FAMILYROOM-PC on 02-09-2013 15:49:10
Running from C:\Users\FamilyRoom\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(Advanced Micro Devices) c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Spotify Ltd) C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [FileOpenBroker] - C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1086848 2012-04-30] (FileOpen Systems Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Spotify Web Helper] - C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-13] (Spotify Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-09] (Facebook Inc.)
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [490880 2012-09-24] (IObit)
HKCU\...\Run: [Spotify] - C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-13] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-11-14] (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk /k:C *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
SearchScopes: HKLM - DefaultScope {295030CC-C74A-4EF6-914F-F91CBF810305} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {21A19E1F-C698-4F18-8150-EADC5C5BF1A0} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {21A19E1F-C698-4F18-8150-EADC5C5BF1A0} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {4E5655CD-B292-4F76-90A3-CCB46D627E8E} URL = http://websearch.ask...11-D22539FD5C3C
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB
Handler: cozi - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: cozi - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
CHR Plugin: (Comrade Plugin) - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Musicnotes) - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5
CHR Extension: (Skype Click to Call) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\FamilyRoom\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.)
R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2012-04-30] (FileOpen Systems Inc.)
S2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1053184 2012-12-07] (iolo technologies, LLC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1053184 2012-12-07] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-02-02] (Alcatel-Lucent)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121152 2011-01-21] (Authentium, Inc)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119104 2011-01-21] (Authentium, Inc)
S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [179008 2011-01-21] (Authentium, Inc)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{7df4b1d4-52bd-5978-c5c3-5549945bfe7e}\ \...\???\{7df4b1d4-52bd-5978-c5c3-5549945bfe7e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R2 AMP; C:\Windows\system32\Drivers\amp.sys [173376 2011-01-21] (Authentium, Inc)
S2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1465664 2011-01-21] (Authentium, Inc)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-30] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 FileDisk; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 15:48 - 2013-09-02 15:48 - 01951954 _____ (Farbar) C:\Users\FamilyRoom\Downloads\FRST64.exe
2013-09-02 15:48 - 2013-09-02 15:48 - 01951954 _____ (Farbar) C:\Users\FamilyRoom\Desktop\FRST64.exe
2013-09-02 14:07 - 2013-09-02 14:07 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL_130902.Txt
2013-09-02 14:00 - 2013-09-02 14:00 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL.Txt
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ___SD C:\32788R22FWJFW
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Windows\erdnt
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Qoobox
2013-09-01 15:56 - 2013-09-01 15:55 - 05116805 ____R (Swearware) C:\Users\FamilyRoom\Desktop\ComboFix.exe
2013-09-01 15:55 - 2013-09-01 15:55 - 05116805 _____ (Swearware) C:\Users\FamilyRoom\Downloads\ComboFix.exe
2013-09-01 15:50 - 2013-09-01 16:08 - 00000408 _____ C:\Windows\SysWOW64\iolo.ini
2013-09-01 15:50 - 2013-09-01 16:08 - 00000408 _____ C:\Windows\system32\iolo.ini
2013-08-30 06:42 - 2013-08-30 06:42 - 00010108 _____ C:\Users\FamilyRoom\Desktop\08292013_075635.log
2013-08-29 18:23 - 2013-08-29 18:18 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Desktop\aswMBR.exe
2013-08-29 17:03 - 2013-08-29 18:18 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Downloads\aswMBR.exe
2013-08-29 17:02 - 2013-08-29 17:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Desktop\tdsskiller.exe
2013-08-29 17:01 - 2013-08-29 17:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Downloads\tdsskiller.exe
2013-08-29 16:55 - 2013-09-01 15:49 - 00004850 _____ C:\Windows\PFRO.log
2013-08-29 07:56 - 2013-08-29 07:56 - 00000000 ____D C:\_OTL
2013-08-29 07:55 - 2013-08-28 13:59 - 00069028 _____ C:\Users\FamilyRoom\Desktop\Extras.Txt
2013-08-29 07:55 - 2013-08-28 13:34 - 00602112 _____ (OldTimer Tools) C:\Users\FamilyRoom\Desktop\OTL.exe
2013-08-29 07:47 - 2013-08-29 07:47 - 00295941 ____H C:\Users\FamilyRoom\Desktop\~WRL0003.tmp
2013-08-28 17:54 - 2013-08-28 17:54 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-08-28 17:39 - 2013-09-01 16:08 - 00000392 _____ C:\Windows\setupact.log
2013-08-28 14:13 - 2013-08-28 14:13 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-28 14:13 - 2013-08-28 13:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FamilyRoom\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-28 09:20 - 2013-08-28 09:20 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392 (1).exe
2013-08-27 22:18 - 2013-08-27 22:18 - 00000148 _____ C:\Users\FamilyRoom\Documents\Sierra_Piano.txt
2013-08-27 18:06 - 2013-08-27 18:06 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392.exe
2013-08-27 07:51 - 2013-08-27 07:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-26 18:50 - 2013-09-02 15:33 - 00778614 _____ C:\Windows\WindowsUpdate.log
2013-08-26 18:30 - 2013-08-26 18:30 - 00040226 _____ C:\Users\FamilyRoom\Documents\cc_20130826_183007.reg
2013-08-26 18:28 - 2013-08-26 18:28 - 04454952 _____ (Piriform Ltd) C:\Users\FamilyRoom\Downloads\ccsetup405.exe
2013-08-26 17:45 - 2013-08-26 17:45 - 00003360 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 17:45 - 2013-08-26 17:45 - 00003236 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 15:57 - 2013-08-26 15:57 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software
2013-08-26 15:54 - 2013-08-26 15:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-08-26 15:41 - 2013-08-26 15:42 - 00458052 _____ C:\Users\FamilyRoom\Documents\AVSDK5_UNINST.LOG
2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ____D C:\ProgramData\ATI
2013-08-23 17:46 - 2013-08-23 17:46 - 00000329 _____ C:\Users\FamilyRoom\Desktop\HP Printer Diagnostic Tools.url
2013-08-20 21:24 - 2013-09-01 16:34 - 00001574 _____ C:\Users\FamilyRoom\Documents\real_faith.txt
2013-08-17 15:44 - 2013-08-17 15:44 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{521B17B6-6E91-48CF-9B55-13039EB2BCFB}
2013-08-15 16:38 - 2013-08-15 16:38 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{93A27973-C774-4C0B-9478-1387A50DE4C8}
2013-08-14 03:05 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 03:05 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:05 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:05 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:05 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:05 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 03:05 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 03:05 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 03:05 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 03:05 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 03:05 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 03:05 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 18:00 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 18:00 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 18:00 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 18:00 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 18:00 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 18:00 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 18:00 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 18:00 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 18:00 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 18:00 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 18:00 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 18:00 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 18:00 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 18:00 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 18:00 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 18:00 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 18:00 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 18:00 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 18:00 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 18:00 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 18:00 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 18:00 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 18:00 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 18:00 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 18:00 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 18:00 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 18:00 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 08:09 - 2013-08-11 08:09 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{11420282-3995-4012-ABBC-6539FF4E1207}
2013-08-03 21:30 - 2013-08-03 21:30 - 00001356 _____ C:\Users\FamilyRoom\Desktop\Free Realms.lnk
2013-08-03 21:30 - 2013-08-03 21:30 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\SCE
2013-08-03 21:28 - 2013-08-03 21:28 - 00000000 ____D C:\Users\Public\Sony Online Entertainment

==================== One Month Modified Files and Folders =======

2013-09-02 15:48 - 2013-09-02 15:48 - 01951954 _____ (Farbar) C:\Users\FamilyRoom\Downloads\FRST64.exe
2013-09-02 15:48 - 2013-09-02 15:48 - 01951954 _____ (Farbar) C:\Users\FamilyRoom\Desktop\FRST64.exe
2013-09-02 15:46 - 2013-01-23 10:41 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Skype
2013-09-02 15:33 - 2013-08-26 18:50 - 00778614 _____ C:\Windows\WindowsUpdate.log
2013-09-02 15:22 - 2011-07-12 19:27 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 15:22 - 2011-07-12 19:27 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 15:13 - 2012-04-20 17:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 14:55 - 2012-10-09 11:50 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000UA.job
2013-09-02 14:07 - 2013-09-02 14:07 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL_130902.Txt
2013-09-02 14:00 - 2013-09-02 14:00 - 00218496 _____ C:\Users\FamilyRoom\Desktop\OTL.Txt
2013-09-02 13:46 - 2012-10-09 11:50 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000Core.job
2013-09-02 10:01 - 2013-05-21 13:20 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-09-02 10:01 - 2013-02-18 14:23 - 00094747 _____ C:\Windows\system32\lvcoinst.log
2013-09-01 21:17 - 2013-04-05 21:26 - 00000000 ____D C:\Users\FamilyRoom\Documents\Doctor Who
2013-09-01 16:34 - 2013-08-20 21:24 - 00001574 _____ C:\Users\FamilyRoom\Documents\real_faith.txt
2013-09-01 16:13 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 16:13 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 16:09 - 2011-09-29 08:39 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Spotify
2013-09-01 16:09 - 2010-08-30 15:48 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-01 16:09 - 2010-08-30 15:48 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-01 16:09 - 2010-08-30 15:24 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-01 16:08 - 2013-09-01 15:50 - 00000408 _____ C:\Windows\SysWOW64\iolo.ini
2013-09-01 16:08 - 2013-09-01 15:50 - 00000408 _____ C:\Windows\system32\iolo.ini
2013-09-01 16:08 - 2013-08-28 17:39 - 00000392 _____ C:\Windows\setupact.log
2013-09-01 16:08 - 2011-04-04 19:44 - 00000392 _____ C:\Windows\SysWOW64\iolo.ini.txt
2013-09-01 16:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 16:01 - 2013-01-26 15:11 - 00529408 ___SH C:\Users\FamilyRoom\Documents\Thumbs.db
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ___SD C:\32788R22FWJFW
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Windows\erdnt
2013-09-01 15:57 - 2013-09-01 15:57 - 00000000 ____D C:\Qoobox
2013-09-01 15:57 - 2009-07-14 01:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 15:55 - 2013-09-01 15:56 - 05116805 ____R (Swearware) C:\Users\FamilyRoom\Desktop\ComboFix.exe
2013-09-01 15:55 - 2013-09-01 15:55 - 05116805 _____ (Swearware) C:\Users\FamilyRoom\Downloads\ComboFix.exe
2013-09-01 15:49 - 2013-08-29 16:55 - 00004850 _____ C:\Windows\PFRO.log
2013-09-01 07:37 - 2012-01-03 20:04 - 00000000 ____D C:\Users\FamilyRoom\Documents\Teen SS
2013-09-01 00:09 - 2010-09-19 12:09 - 00000000 ____D C:\Users\FamilyRoom\Documents\Sierrainvention
2013-08-30 12:00 - 2012-10-03 17:05 - 03409230 _____ C:\Users\FamilyRoom\Documents\AWESOME HAIR STYLES.pptx
2013-08-30 06:42 - 2013-08-30 06:42 - 00010108 _____ C:\Users\FamilyRoom\Desktop\08292013_075635.log
2013-08-29 18:18 - 2013-08-29 18:23 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Desktop\aswMBR.exe
2013-08-29 18:18 - 2013-08-29 17:03 - 04745728 _____ (AVAST Software) C:\Users\FamilyRoom\Downloads\aswMBR.exe
2013-08-29 17:01 - 2013-08-29 17:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Desktop\tdsskiller.exe
2013-08-29 17:01 - 2013-08-29 17:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\FamilyRoom\Downloads\tdsskiller.exe
2013-08-29 16:54 - 2013-04-11 07:44 - 00000000 ____D C:\ProgramData\MFAData
2013-08-29 16:53 - 2013-04-11 07:44 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\Avg2013
2013-08-29 07:56 - 2013-08-29 07:56 - 00000000 ____D C:\_OTL
2013-08-29 07:47 - 2013-08-29 07:47 - 00295941 ____H C:\Users\FamilyRoom\Desktop\~WRL0003.tmp
2013-08-28 17:54 - 2013-08-28 17:54 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-08-28 17:54 - 2010-08-30 15:44 - 00000000 ____D C:\Program Files (x86)\Dell
2013-08-28 17:40 - 2010-09-04 22:25 - 00000000 ____D C:\Users\FamilyRoom
2013-08-28 15:01 - 2013-02-08 22:37 - 00000000 ____D C:\Program Files (x86)\Unfriend Checker
2013-08-28 14:13 - 2013-08-28 14:13 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-28 14:13 - 2012-12-30 23:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 13:59 - 2013-08-29 07:55 - 00069028 _____ C:\Users\FamilyRoom\Desktop\Extras.Txt
2013-08-28 13:37 - 2013-08-28 14:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FamilyRoom\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-28 13:34 - 2013-08-29 07:55 - 00602112 _____ (OldTimer Tools) C:\Users\FamilyRoom\Desktop\OTL.exe
2013-08-28 09:35 - 2011-04-04 19:39 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-08-28 09:20 - 2013-08-28 09:20 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392 (1).exe
2013-08-27 22:18 - 2013-08-27 22:18 - 00000148 _____ C:\Users\FamilyRoom\Documents\Sierra_Piano.txt
2013-08-27 18:06 - 2013-08-27 18:06 - 04491784 _____ (AVG Technologies) C:\Users\FamilyRoom\Downloads\avg_avct_stb_all_2013_3392.exe
2013-08-27 07:51 - 2013-08-27 07:51 - 00000000 _____ C:\Windows\setuperr.log
2013-08-26 18:47 - 2011-04-04 19:34 - 00000000 ____D C:\ProgramData\iolo
2013-08-26 18:39 - 2012-12-30 14:16 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-26 18:38 - 2012-12-30 14:13 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus
2013-08-26 18:36 - 2012-12-30 14:34 - 00004342 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-08-26 18:30 - 2013-08-26 18:30 - 00040226 _____ C:\Users\FamilyRoom\Documents\cc_20130826_183007.reg
2013-08-26 18:28 - 2013-08-26 18:28 - 04454952 _____ (Piriform Ltd) C:\Users\FamilyRoom\Downloads\ccsetup405.exe
2013-08-26 18:28 - 2012-12-30 23:11 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-26 18:28 - 2011-12-03 20:11 - 00000000 ____D C:\Program Files\CCleaner
2013-08-26 18:13 - 2012-04-20 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-26 18:13 - 2012-04-20 17:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-26 18:13 - 2012-04-20 17:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-26 18:12 - 2011-04-04 19:34 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\iolo
2013-08-26 17:48 - 2010-09-05 11:00 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\HpUpdate
2013-08-26 17:45 - 2013-08-26 17:45 - 00003360 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 17:45 - 2013-08-26 17:45 - 00003236 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3130090504-1924379729-1071845134-1000
2013-08-26 17:11 - 2011-11-29 07:08 - 00000000 ____D C:\Windows\system32\Macromed
2013-08-26 17:11 - 2010-08-30 15:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-08-26 17:11 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-26 17:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-26 17:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-26 17:10 - 2011-08-01 22:42 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-08-26 17:10 - 2011-04-04 19:39 - 00000000 ____D C:\Program Files\Common Files\Authentium
2013-08-26 17:10 - 2011-04-04 19:39 - 00000000 ____D C:\Program Files (x86)\iolo
2013-08-26 17:10 - 2010-09-05 10:54 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-26 17:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-26 17:09 - 2011-04-04 18:14 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\PCDr
2013-08-26 17:07 - 2012-11-14 22:43 - 00000000 ____D C:\ProgramData\Real
2013-08-26 17:07 - 2012-03-09 10:26 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-26 17:07 - 2011-08-01 22:41 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-26 17:06 - 2012-12-22 09:58 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-08-26 15:57 - 2013-08-26 15:57 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software
2013-08-26 15:54 - 2013-08-26 15:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-08-26 15:42 - 2013-08-26 15:41 - 00458052 _____ C:\Users\FamilyRoom\Documents\AVSDK5_UNINST.LOG
2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ____D C:\ProgramData\ATI
2013-08-26 13:07 - 2011-08-01 22:42 - 00000000 ____D C:\ProgramData\AMD
2013-08-26 07:01 - 2010-08-30 17:47 - 00000000 ____D C:\Windows\Panther
2013-08-24 20:38 - 2013-01-01 19:06 - 90456064 _____ C:\Windows\system32\config\software.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 18018304 _____ C:\Windows\system32\config\system.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 00528384 _____ C:\Windows\system32\config\default.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 00061440 _____ C:\Windows\system32\config\sam.iobit
2013-08-24 20:38 - 2013-01-01 19:06 - 00024576 _____ C:\Windows\system32\config\security.iobit
2013-08-23 17:46 - 2013-08-23 17:46 - 00000329 _____ C:\Users\FamilyRoom\Desktop\HP Printer Diagnostic Tools.url
2013-08-23 15:14 - 2011-01-21 21:48 - 00000000 ____D C:\Users\FamilyRoom\Documents\My Scans
2013-08-19 20:39 - 2013-05-25 14:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-18 20:33 - 2011-02-02 12:40 - 00000000 ____D C:\BigFishGamesCache
2013-08-17 15:46 - 2013-07-20 10:27 - 00025097 _____ C:\Users\FamilyRoom\Downloads\ws_simple_gallifreyan.zip
2013-08-17 15:45 - 2010-10-20 08:54 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\Windows Live
2013-08-17 15:44 - 2013-08-17 15:44 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{521B17B6-6E91-48CF-9B55-13039EB2BCFB}
2013-08-15 16:38 - 2013-08-15 16:38 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{93A27973-C774-4C0B-9478-1387A50DE4C8}
2013-08-14 09:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 03:03 - 2013-07-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 03:01 - 2010-09-18 00:33 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 08:09 - 2013-08-11 08:09 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\{11420282-3995-4012-ABBC-6539FF4E1207}
2013-08-08 20:59 - 2011-07-12 19:27 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-03 21:30 - 2013-08-03 21:30 - 00001356 _____ C:\Users\FamilyRoom\Desktop\Free Realms.lnk
2013-08-03 21:30 - 2013-08-03 21:30 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\SCE
2013-08-03 21:30 - 2011-05-17 11:35 - 00000000 ____D C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-03 21:28 - 2013-08-03 21:28 - 00000000 ____D C:\Users\Public\Sony Online Entertainment

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{7df4b1d4-52bd-5978-c5c3-5549945bfe7e}
C:\Users\FamilyRoom\GoToAssistDownloadHelper.exe
C:\Users\FAMILY~1\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe
C:\Users\FAMILY~1\AppData\Local\Temp\Low\UnityWebPlayer\UnityWebPlayerUpdate.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-09-01 00:26

==================== End Of Log ============================



Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 05
Ran by FamilyRoom at 2013-09-02 15:49:41
Running from C:\Users\FamilyRoom\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader 9.5.2 (x32 Version: 9.5.2)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Advanced SystemCare 6 (x32 Version: 6.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0928.1532.26058)
AMD Fusion Media Explorer (x32 Version: 1.0.2.0163)
AMD Fusion Utility for Desktops (x32 Version: 1.1.1)
AMD Media Foundation Decoders (Version: 1.0.70928.1539)
AMD Steady Video Plug-In (Version: 2.04.0000)
AMD VISION Engine Control Center (x32 Version: 2012.0928.1532.26058)
Angry Birds (x32 Version: 3.0.0)
Angry Birds Seasons (x32 Version: 3.3.0)
Angry Birds Space (x32 Version: 1.4.1)
Angry Birds Star Wars (x32 Version: 1.2.0)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0 (x32)
AVSDK5 (Version: 5.3.3)
Big Fish Games: Game Manager (x32 Version: 3.0.1.60)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.212.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (x32 Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058)
CCC Help Czech (x32 Version: 2012.0928.1531.26058)
CCC Help Danish (x32 Version: 2012.0928.1531.26058)
CCC Help Dutch (x32 Version: 2012.0928.1531.26058)
CCC Help English (x32 Version: 2012.0928.1531.26058)
CCC Help Finnish (x32 Version: 2012.0928.1531.26058)
CCC Help French (x32 Version: 2012.0928.1531.26058)
CCC Help German (x32 Version: 2012.0928.1531.26058)
CCC Help Greek (x32 Version: 2012.0928.1531.26058)
CCC Help Hungarian (x32 Version: 2012.0928.1531.26058)
CCC Help Italian (x32 Version: 2012.0928.1531.26058)
CCC Help Japanese (x32 Version: 2012.0928.1531.26058)
CCC Help Korean (x32 Version: 2012.0928.1531.26058)
CCC Help Norwegian (x32 Version: 2012.0928.1531.26058)
CCC Help Polish (x32 Version: 2012.0928.1531.26058)
CCC Help Portuguese (x32 Version: 2012.0928.1531.26058)
CCC Help Russian (x32 Version: 2012.0928.1531.26058)
CCC Help Spanish (x32 Version: 2012.0928.1531.26058)
CCC Help Swedish (x32 Version: 2012.0928.1531.26058)
CCC Help Thai (x32 Version: 2012.0928.1531.26058)
CCC Help Turkish (x32 Version: 2012.0928.1531.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
Civilization III Complete Edition (x32 Version: 1.00.0000)
Coby Media Manager (x32 Version: 1.0.4606)
Coupon Printer for Windows (x32 Version: 5.0.0.2)
D110 (x32 Version: 140.0.283.000)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Dock (x32)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DHTML Editing Component (x32 Version: 6.02.0001)
DirectXInstallService (x32 Version: 9.0.2)
Disney Pixar 2nd and 3rd Grade (x32)
Disney's Phonics Quest (x32)
Dora the Explorer: Animal Adventures (x32)
eaner (Version: 4.05)
eMachines Games (x32 Version: 1.0.2.5)
EMC 10 Content (x32 Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
e-Sword (x32 Version: 9.07.0002)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FileOpen Client (x64) (Version: 3.0.83.920)
FileZilla Client 3.5.0 (HKCU Version: 3.5.0)
Finding Nemo UWF (x32 Version: 1.00.0000)
Finding Nemo: Nemo's Underwater World of Fun (x32 Version: 1.00.0000)
Free Realms (HKCU)
GameSpy Comrade (x32 Version: 3.2.17.236)
Google Chrome (x32 Version: 29.0.1547.62)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GoToAssist Corporate (x32 Version: 9.1.0.615)
GPBaseService2 (x32 Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.003.001.001)
HPAppStudio (x32 Version: 140.0.95.000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
iTunes (Version: 11.0.1.12)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 25 (x32 Version: 6.0.250)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lost Lagoon 2: Cursed and Forgotten (remove only) (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Multimedia Card Reader (x32 Version: 1.7.915.93)
Musicnotes Software Suite 1.5.3 (x32 Version: 1.5.3)
My Dell (Version: 3.3.6280.92)
NETGEAR WNA3100 wireless USB 2.0 adapter (x32 Version: 1.01.206)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
PDF Creator
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000)
QualxServ Service Agreement (x32 Version: 2.0.0)
QuickTime (x32 Version: 7.73.80.64)
QuickTransfer (x32 Version: 140.0.98.000)
RAIDXpert (x32 Version: 2.4.1540.27)
Rapid Rote (x32 Version: 4.0)
Rapid Rote (x32 Version: 4.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5983)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.0)
Roxio Central Audio (x32 Version: 3.8.0)
Roxio Central Copy (x32 Version: 3.8.0)
Roxio Central Core (x32 Version: 3.8.0)
Roxio Central Data (x32 Version: 3.8.0)
Roxio Central Tools (x32 Version: 3.8.0)
Roxio Easy CD and DVD Burning (x32 Version: 10.3)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.106)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (x32 Version: 6.0.0)
Scan (x32 Version: 140.0.80.000)
Scooby-Doo™, Jinx At The Sphinx™ (x32)
Search for the Secret Keys (x32)
Shockwave (x32)
Shop for HP Supplies (Version: 14.0)
Sid Meier's Civilization 4 Gold (x32 Version: 1.72)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.3 (x32 Version: 6.3.107)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Status (x32 Version: 140.0.256.000)
swMSM (x32 Version: 12.0.0.1)
TeamViewer 7 (x32 Version: 7.0.15723)
THX TruStudio PC (x32 Version: 1.0)
TomTom HOME 2.8.2.2264 (x32 Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Tropical Fish Shop 2 (remove only) (x32)
TWC Customer Controls (x32 Version: 11)
Unity Web Player (HKCU Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VD64Inst (Version: 1.00.0000)
Virtual Villagers 5 - New Believers (x32)
Virtual Villagers 5: New Believers (remove only) (x32)
Virtual Villagers: New Believers (x32)
Virtual Villagers: The Secret City (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WebReg (x32 Version: 140.0.212.017)
WildTangent Games App (x32 Version: 4.0.10.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points =========================

26-08-2013 22:32:42 IObit Uninstaller restore point
26-08-2013 22:34:05 Removed HiJackThis
26-08-2013 22:38:36 IObit Uninstaller restore point
26-08-2013 22:39:00 Removed Ad-Aware Antivirus.
26-08-2013 22:49:40 IObit Uninstaller restore point
28-08-2013 13:26:11 Installed AVG 2013
28-08-2013 13:27:56 Installed AVG 2013
29-08-2013 11:56:46 OTL Restore Point - 8/29/2013 7:56:46 AM
29-08-2013 20:52:05 Removed AVG 2013
29-08-2013 20:53:40 Removed AVG 2013
31-08-2013 02:01:48 OTL Restore Point - 8/30/2013 10:01:47 PM
01-09-2013 11:10:48 OTL Restore Point - 9/1/2013 7:10:47 AM
01-09-2013 19:48:37 OTL Restore Point - 9/1/2013 3:48:37 PM
02-09-2013 17:50:47 OTL Restore Point - 9/2/2013 1:50:46 PM

==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-12-29 23:51 - 00000797 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost


==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {0A9F0FDC-0978-4841-A6E6-BF155341BA9A} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {0B0B68EC-B304-49A6-BE81-58E3B4785C66} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000UA => C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-09] (Facebook Inc.)
Task: {19B144C8-DAD1-47DC-9308-05E69E8B4D39} - System32\Tasks\Browser Manager => start Browser Manager
Task: {32CF1DE8-EFE0-48E5-A7C8-54B359BB0A27} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3C862013-A612-41FB-A32F-41A0914D95BF} - System32\Tasks\{083BCD45-A5F0-4524-84E6-49FACB58861C} => C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe [2013-07-13] (Spotify Ltd)
Task: {498DDB9A-FA19-47C3-9A23-2CAEE91AD800} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12] (Google Inc.)
Task: {4DECA2C9-FA7F-42CF-9BC4-7FA60CA262CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {6C1EBD7C-69F1-4FAA-B506-89055AC6A0F6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {6F32A1C0-90CB-43BA-BEAE-48C733088E1C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000Core => C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-09] (Facebook Inc.)
Task: {766F3CD0-1937-4A6D-8B58-201A25B7D5B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-26] (Adobe Systems Incorporated)
Task: {7AD79638-5191-4D2E-9303-CF2518EBCA21} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {86517AEA-B33E-4B63-A3C7-7921F41E4460} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3130090504-1924379729-1071845134-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {8F500630-7C2C-4E10-9B26-7E50DB472948} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12] (Google Inc.)
Task: {98522BD6-DDA0-4008-B039-98B44CFC1DBE} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe No File
Task: {991A3363-3F23-43FB-903C-116B97615AEE} - System32\Tasks\{2505FD4B-A6A7-42EF-BD91-92672ED04AF3} => C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe [2013-07-13] (Spotify Ltd)
Task: {A1BF1E3E-D2A6-41C1-9E0C-27F94F85F7FF} - System32\Tasks\{6B9DCC24-170E-4499-8B45-C2D7793609F7} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-24] (Google Inc.)
Task: {AB0E908E-D2AC-4E8B-B819-82662A7FBA6B} - System32\Tasks\{9501D425-25CF-4523-9F21-3ED41A585932} => C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe [2013-07-13] (Spotify Ltd)
Task: {C6ED6C8A-4B1F-4E4B-9BC4-E76D85178D09} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe No File
Task: {CCC03BCB-15AF-4F37-8694-8BA3A1AE2DA9} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2012-10-29] (IObit)
Task: {D676039C-75A6-4744-A1C3-1E49248D2560} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3130090504-1924379729-1071845134-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E49D9BDD-E888-4456-960B-C071DCBBB9C2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-07-17] (PC-Doctor, Inc.)
Task: {F43B5D83-3598-49C3-90A5-F89F7D567A1E} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File
Task: {F4F94341-7914-411B-BBD2-896CCE2F9009} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: {F8E5413E-1990-4AE5-B92C-B1AD2D5EB4AA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {F936BFD5-F0F2-4C21-B4F5-F7741BD8EA1C} - System32\Tasks\{0296AF05-65B1-4FA4-9288-712AE72144CD} => C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe [2013-07-13] (Spotify Ltd)
Task: {FA227CFD-EE37-4B3C-9ED3-9E92A9D0DBFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000Core.job => C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000UA.job => C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 20:22 - 2009-07-13 21:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-04-20 01:21 - 2012-09-27 21:11 - 00129536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2009-07-13 19:30 - 2009-07-13 21:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-07-13 19:53 - 2009-07-13 21:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dfscli.dll
2012-08-15 16:39 - 2012-07-04 18:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2009-07-13 20:40 - 2009-07-13 21:41 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2009-07-13 20:40 - 2009-07-13 21:41 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2011-06-07 19:30 - 2010-11-20 09:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2011-06-07 19:30 - 2010-11-20 09:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2009-07-13 19:19 - 2009-07-13 21:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll
2009-07-13 19:46 - 2009-07-13 21:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2010-08-30 15:37 - 2009-10-15 14:38 - 00017920 ____N (Creative Technology Ltd.) C:\Windows\system32\THXCfg64.dll
2010-08-30 15:37 - 2009-10-15 14:32 - 00021504 ____N (Creative Technology Ltd.) C:\Windows\system32\EptMon64.dll
2013-04-21 05:37 - 2013-04-21 05:37 - 09808440 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
2012-07-09 00:24 - 2012-07-09 00:24 - 00856016 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR110_CLR0400.dll
2013-07-12 14:09 - 2013-07-12 14:10 - 22589440 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d42c334cb5f55ece9de045701a3cf37f\mscorlib.ni.dll
2013-03-29 03:08 - 2013-03-29 03:08 - 01237024 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
2013-08-14 03:04 - 2013-08-14 03:04 - 13227520 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System\6bbda9be07d416e24f9d7dbc0e0abd7a\System.ni.dll
2013-08-14 03:09 - 2013-08-14 03:09 - 02268672 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\aa108a56fde0dd055d3fabf3763f80eb\System.Drawing.ni.dll
2013-08-14 03:09 - 2013-08-14 03:09 - 16835072 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\9ba510e5f45d95cd512fb5905a9d849e\System.Windows.Forms.ni.dll
2012-07-09 00:24 - 2012-07-09 00:24 - 00083896 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00097792 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00031744 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00025088 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00048128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2013-08-14 03:10 - 2013-08-14 03:10 - 01001984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt73a1fc9d#\03e7c91680c49a5091d3aae3b60d0e04\System.Runtime.Remoting.ni.dll
2013-08-14 03:07 - 2013-08-14 03:07 - 10137600 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\a9ff5c10b42f54daa132a9c96404d7cf\System.Core.ni.dll
2013-08-14 03:10 - 2013-08-14 03:10 - 17587712 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\38cd3888b1c8d84a8f232c42b27362bd\System.Web.ni.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00022016 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2013-08-14 03:08 - 2013-08-14 03:08 - 10137088 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c9ad93cbed0e929d000366c9ce23eaf3\System.Xml.ni.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00038912 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00029184 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-07-13 04:18 - 2012-07-13 04:18 - 00177664 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00035328 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00048128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00045056 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00016384 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-09-27 21:39 - 2012-09-27 21:39 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGY.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00007168 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
2013-08-14 03:07 - 2013-08-14 03:07 - 01259008 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\d76b4675660b24244ad21d19313faf36\System.Configuration.ni.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00315392 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00196608 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00006144 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00008704 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00006656 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2013-08-14 03:08 - 2013-08-14 03:08 - 05458432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\2615ac6ae2a45127d4dc1cb59a4c00e5\WindowsBase.ni.dll
2012-09-28 16:32 - 2012-09-28 16:32 - 00057856 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.WirelessDisplay.Graphics.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00035328 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.WirelessDisplay.Graphics.shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00025600 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00057344 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00158720 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects2.Runtime.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00069632 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00004608 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00110592 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00004608 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00110592 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
2012-05-14 10:35 - 2012-05-14 10:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00013312 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00014336 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00010752 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-09-28 16:43 - 2012-09-28 16:43 - 00037376 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.ImplementationNet4.dll
2012-09-28 16:43 - 2012-09-28 16:43 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-11 01:15 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-06-11 01:15 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-06-07 19:30 - 2010-11-20 09:27 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.DLL
2009-07-13 19:49 - 2009-07-13 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00503296 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00316928 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00071680 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Fusion.Aspects.Runtime.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00013312 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DPPE.Fuel.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Fets.Fuel.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00007680 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.WiFi.Fuel.Shared.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUPStates.Fuel.Shared.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Runtime.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00011264 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00012800 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00051200 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00066560 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00007680 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00385024 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2013-08-14 03:08 - 2013-08-14 03:08 - 14784000 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9f8a6496713fa8aa18481beec0d53304\PresentationCore.ni.dll
2013-08-14 03:09 - 2013-08-14 03:09 - 24338944 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\1bac8275deb2fa15b78a4b1d3b05b378\PresentationFramework.ni.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 01395712 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2013-08-14 03:09 - 2013-08-14 03:09 - 02561024 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\f7f4ebdbe8e5804a0edabb36658d4c61\System.Xaml.ni.dll
2013-03-29 03:08 - 2013-03-29 03:08 - 02123336 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
2012-07-09 00:24 - 2012-07-09 00:24 - 01079792 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00176128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 01093632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 01414144 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00444928 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00369664 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00393216 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 02400256 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00241664 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00021504 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 01260544 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.User.Fuel.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00026112 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Fets.Fuel.Dashboard.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00021504 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.WiFi.Fuel.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00048640 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DPPE.Fuel.Dashboard.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00030208 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUPStates.Fuel.Dashboard.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00037888 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Dashboard.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00040448 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-09-28 16:28 - 2012-09-28 16:28 - 00307200 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-09-27 21:41 - 2012-09-27 21:41 - 01120768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2012-09-27 21:11 - 2012-09-27 21:11 - 00103424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2012-09-27 21:25 - 2012-09-27 21:25 - 06704640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2012-09-27 21:31 - 2012-09-27 21:31 - 03127296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-08-14 03:09 - 2013-08-14 03:09 - 00335360 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\1d27da9f5e50c34aa07fb87813eb69f6\PresentationFramework.classic.ni.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00098304 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-09-28 16:31 - 2012-09-28 16:31 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00175104 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-09-28 16:30 - 2012-09-28 16:30 - 00577536 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
2012-09-28 16:27 - 2012-09-28 16:27 - 00489984 _____ (Microsoft) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Microsoft.WindowsAPICodePack.Shell.dll
2012-09-28 16:27 - 2012-09-28 16:27 - 00083456 _____ (Microsoft) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Microsoft.WindowsAPICodePack.dll
2013-08-14 03:09 - 2013-08-14 03:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio49d6fefe#\4cc4479452af91f6b981eea50869d30c\PresentationFramework-SystemXml.ni.dll
2013-08-14 03:13 - 2013-08-14 03:13 - 00334848 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsForm0b574481#\3cde0669fbf33020224b5c8dccccbfad\WindowsFormsIntegration.ni.dll
2013-08-14 03:09 - 2013-08-14 03:09 - 00146944 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\c337e97dde21ebf67c0744fe20cf6895\UIAutomationProvider.ni.dll
2012-09-28 16:29 - 2012-09-28 16:29 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2013-08-14 03:05 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\IEUI.dll
2012-03-08 18:40 - 2012-03-08 18:40 - 00150376 _____ (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsapi.dll
2009-07-13 19:39 - 2009-07-13 21:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2013-08-26 18:13 - 2013-08-26 18:13 - 00529288 _____ (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.dll
2013-08-28 14:13 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
2013-08-28 14:13 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
2010-08-30 15:24 - 2011-08-18 11:05 - 02774848 _____ (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSCheduler.dll
2012-12-29 23:34 - 2012-10-30 16:37 - 01100672 _____ (Embarcadero Technologies, Inc.) C:\Program Files (x86)\IObit\Advanced SystemCare 6\rtl120.bpl
2012-12-29 23:34 - 2012-10-30 16:37 - 00348032 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
2012-12-29 23:34 - 2012-10-30 16:37 - 00182656 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
2012-12-29 23:34 - 2012-10-30 16:37 - 02001280 _____ (Embarcadero Technologies, Inc.) C:\Program Files (x86)\IObit\Advanced SystemCare 6\vcl120.bpl
2012-12-29 23:34 - 2012-10-30 16:37 - 00050048 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2012-12-29 23:34 - 2012-10-11 21:23 - 00327040 _____ (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\taskMgr.dll
2012-12-29 23:34 - 2012-08-02 19:38 - 00065408 _____ (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\datastate.dll
2013-07-12 14:05 - 2013-04-23 18:57 - 05932696 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-07-13 03:42 - 2013-07-13 03:42 - 11499520 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
2009-07-13 16:46 - 2009-06-10 17:23 - 00074064 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
2013-01-09 16:21 - 2012-10-05 06:53 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 07989760 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 05464064 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 00978432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
2011-06-07 19:29 - 2010-11-20 09:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2012-11-14 22:45 - 2012-11-14 22:45 - 00028160 _____ (RealNetworks, Inc.) C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
2011-06-07 19:29 - 2010-11-20 09:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2012-12-11 19:20 - 2012-12-11 19:20 - 00318872 _____ (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
2011-06-07 19:29 - 2010-11-20 08:20 - 00190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00121704 _____ (Apple Inc.) C:\Program Files (x86)\Bonjour\mdnsNSP.dll
2011-06-07 19:29 - 2010-11-20 08:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2009-07-13 19:51 - 2009-07-13 21:14 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vidcap.ax
2011-06-07 19:29 - 2010-11-20 08:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kswdmcap.ax
2011-04-14 18:16 - 2011-03-11 01:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42.dll
2011-06-07 19:30 - 2010-11-20 08:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBC32.dll
2009-07-13 20:11 - 2009-07-13 21:09 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcint.dll
2013-08-14 03:05 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-28 04:00 - 2013-01-13 15:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2013-08-26 18:13 - 2013-08-26 18:13 - 16230792 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx
2010-02-28 05:13 - 2010-02-28 05:13 - 00049024 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2011-06-07 14:30 - 2011-06-07 14:30 - 00102016 _____ (Advanced Micro Devices) C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
2010-03-16 05:58 - 2010-03-16 05:58 - 00018320 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\1033\ospintl.dll
2010-12-28 00:49 - 2010-12-28 00:49 - 01366888 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\office14\riched20.dll
2011-10-04 12:32 - 2011-10-04 12:32 - 00765312 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\office14\MSPTLS.DLL
2012-09-20 14:22 - 2012-09-20 14:22 - 03429584 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 01593344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 12436480 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2013-08-14 07:54 - 2013-08-14 07:54 - 01840640 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d23f99753f2703d5b8f68e558ca3e85c\System.Web.Services.ni.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00338240 _____ (TODO: <Company name>) C:\Program Files (x86)\Dell DataSafe Online\OlbEng.dll
2010-04-06 16:12 - 2010-04-06 16:12 - 01441792 _____ (SwapDrive, Inc.) C:\Program Files (x86)\Dell DataSafe Online\BuEng.dll
2013-08-14 08:35 - 2013-08-14 08:35 - 01051136 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2011-06-07 19:30 - 2010-11-04 21:58 - 00032088 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll
2009-07-13 19:30 - 2009-07-13 21:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiutils.dll
2009-07-13 19:30 - 2009-07-13 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wbemprox.dll
2009-07-13 19:30 - 2009-07-13 21:16 - 00047616 _____ (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wbemsvc.dll
2011-06-07 19:28 - 2010-11-20 08:19 - 00606208 _____ (Microsoft Corporation) C:\Windows\sysWOW64\wbem\fastprox.dll
2011-06-07 19:29 - 2010-11-04 21:57 - 00572760 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
2009-11-18 07:42 - 2009-11-18 07:42 - 00210048 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-11-18 07:42 - 2009-11-18 07:42 - 00048128 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-11-18 07:42 - 2009-11-18 07:42 - 00154752 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2010-04-01 01:01 - 2010-04-01 01:01 - 00280424 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2010-04-01 01:01 - 2010-04-01 01:01 - 00544104 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2010-04-01 01:01 - 2010-04-01 01:01 - 00020840 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-11-18 00:39 - 2009-11-18 00:39 - 00330880 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-11-18 01:58 - 2009-11-18 01:58 - 00342656 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2010-04-01 01:01 - 2010-04-01 01:01 - 00298856 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2010-04-01 01:01 - 2010-04-01 01:01 - 01177448 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
2009-11-18 07:16 - 2009-11-18 07:16 - 00053888 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-11-18 07:16 - 2009-11-18 07:16 - 00217728 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-11-18 01:58 - 2009-11-18 01:58 - 00559232 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2011-09-19 03:00 - 2011-09-19 03:00 - 00159048 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
2010-08-06 11:15 - 2010-08-06 11:15 - 00054784 _____ (Hewlett-Packard) C:\Windows\system32\hpzipr12.dll
2009-11-18 00:39 - 2009-11-18 00:39 - 00101504 _____ (Hewlett Packard) C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
2009-11-18 07:42 - 2009-11-18 07:42 - 00128640 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxm08.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 00079872 _____ (Hewlett-Packard) C:\Windows\system32\hpzidr12.dll
2012-04-04 21:38 - 2010-02-03 11:31 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2012-12-12 14:57 - 2012-12-12 14:57 - 00148960 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01079184 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
2010-11-17 17:16 - 2010-11-17 17:16 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00124816 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00043408 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00075664 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
2012-12-12 14:57 - 2012-12-12 14:57 - 00041440 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
2012-12-12 14:57 - 2012-12-12 14:57 - 00040416 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
2012-08-11 17:43 - 2012-08-11 17:43 - 01447824 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 02463632 _____ (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 00456552 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2010-03-27 04:36 - 2010-03-27 04:36 - 00503144 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
2010-03-27 04:36 - 2010-03-27 04:36 - 00315752 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
2009-11-17 23:49 - 2009-11-17 23:49 - 00045184 _____ (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
2010-03-27 04:36 - 2010-03-27 04:36 - 00291176 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
2010-03-27 04:36 - 2010-03-27 04:36 - 00012288 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2010-03-27 04:36 - 2010-03-27 04:36 - 00209256 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll
2010-03-27 04:36 - 2010-03-27 04:36 - 00927232 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2010-03-27 04:36 - 2010-03-27 04:36 - 00063336 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll
2011-09-19 03:01 - 2011-09-19 03:01 - 03781960 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
2011-09-19 03:01 - 2011-09-19 03:01 - 00053584 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
2009-11-17 23:49 - 2009-11-17 23:49 - 00043136 _____ (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 03348480 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 12238336 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
2013-08-14 07:53 - 2013-08-14 07:53 - 14340096 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
2013-07-12 14:05 - 2013-04-19 18:55 - 01737376 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
2010-08-30 15:24 - 2011-08-01 13:54 - 00026432 _____ (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2011-09-17 19:59 - 2011-08-01 13:54 - 00017216 _____ (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll
2013-07-13 03:43 - 2013-07-13 03:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5de32c4f69c7141f68b383915ab87ff4\PresentationFramework.Classic.ni.dll
2010-08-30 15:24 - 2011-08-18 11:05 - 00262464 _____ (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll
2013-08-14 08:34 - 2013-08-14 08:34 - 02297856 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
2013-03-29 03:02 - 2013-03-29 03:02 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2009-07-13 19:27 - 2009-07-13 21:16 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uiautomationcore.dll
2013-03-29 03:02 - 2013-03-29 03:02 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\MSHTMLMedia.dll
2009-07-13 19:31 - 2009-07-13 21:16 - 00187392 _____ (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wbemdisp.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:02A78DF6
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:1F96ED45
AlternateDataStreams: C:\ProgramData\TEMP:241FA548
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:298B8F0F
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB
AlternateDataStreams: C:\ProgramData\TEMP:9857FAE3
AlternateDataStreams: C:\ProgramData\TEMP:A18D1A5B
AlternateDataStreams: C:\ProgramData\TEMP:A74EDB32
AlternateDataStreams: C:\ProgramData\TEMP:C602FACB
AlternateDataStreams: C:\ProgramData\TEMP:C9EC3958
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D86B56BC
AlternateDataStreams: C:\ProgramData\TEMP:D9F6664C
AlternateDataStreams: C:\ProgramData\TEMP:FF9C44FE
AlternateDataStreams: C:\Users\FamilyRoom\Documents\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Active Malware Protection Support Driver
Description: Active Malware Protection Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AMPSE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 10:01:05 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (09/02/2013 07:49:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28143797

Error: (09/02/2013 07:49:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28143797

Error: (09/02/2013 07:49:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2013 11:55:05 PM) (Source: Google Update) (User: FamilyRoom-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (09/01/2013 08:20:07 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (09/01/2013 08:19:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9875347

Error: (09/01/2013 08:19:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9875347

Error: (09/01/2013 08:19:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2013 04:09:28 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()


System errors:
=============
Error: (09/02/2013 03:49:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:48:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:47:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:46:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:46:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:45:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:44:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:43:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:42:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/02/2013 03:41:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (09/02/2013 10:01:05 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 1600000000213A0000213A0000980B0000

Error: (09/02/2013 07:49:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28143797

Error: (09/02/2013 07:49:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28143797

Error: (09/02/2013 07:49:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2013 11:55:05 PM) (Source: Google Update)(User: FamilyRoom-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (09/01/2013 08:20:07 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (09/01/2013 08:19:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9875347

Error: (09/01/2013 08:19:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9875347

Error: (09/01/2013 08:19:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2013 04:09:28 PM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()


CodeIntegrity Errors:
===================================
Date: 2011-04-04 19:20:33.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 18:45:16.209
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 18:33:37.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 17:57:41.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 17:31:32.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 17:24:19.381
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 17:00:01.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 16:40:57.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 16:33:02.752
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-04-04 14:54:19.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8191.3 MB
Available physical RAM: 5835.47 MB
Total Pagefile: 16380.78 MB
Available Pagefile: 13593.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.88 GB) (Free:750.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I see the System Mechanic AV now. But this system has so many antivirus program services, drivers and processes I think we will need to make sure everyone is uninstalled and the remnants killed before we can put an AV back on the system.
I am going to look back through the logs and see if I can find them all and get a starting point.

In the meantime there is a file on your desktop named Extras.txt. Please post the contents of that file in a reply here while I am deciphering the logs.

Thanks
  • 0

#25
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL Extras logfile created on: 8/28/2013 1:45:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 3.30 Gb Available Physical Memory | 41.29% Memory free
16.00 Gb Paging File | 13.11 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.88 Gb Total Space | 751.48 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 702.83 Mb Total Space | 453.93 Mb Free Space | 64.59% Space Free | Partition Type: UDF
Drive E: | 1.89 Gb Total Space | 1.76 Gb Free Space | 93.43% Space Free | Partition Type: FAT

Computer Name: FAMILYROOM-PC | User Name: FamilyRoom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{B239E0BC-D88A-47B1-935B-9707C7EB9CC9}" = FileOpen Client (x64)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E74BF83C-2CA5-48EF-901F-959309E7D9EC}" = AVG 2013
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"PC-Doctor for Windows" = My Dell
"PDF Creator" = PDF Creator
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28226DF6-3F3B-4BCC-9E97-FD11A461FEB4}" = Rapid Rote
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D2CAE5D-FFCF-4D97-B7D6-F1AB49A00EEA}" = Coby Media Manager
"{2D943F95-2C76-4951-9AEF-0977AF5DE11A}" = AMD Fusion Media Explorer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}" = Angry Birds
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{561AA971-37EB-4D63-9FB9-810B663B5CC7}" = Angry Birds Space
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A11AC02-C461-42B2-B575-B29FB884FBFB}" = e-Sword
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{7F752BAB-4AFD-4138-983D-7E9E7CFE077D}" = GameSpy Comrade
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}" = Dora the Explorer: Animal Adventures
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo UWF
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF9986A7-3FD2-11D6-B234-0050DACD394D}" = Disney Pixar 2nd and 3rd Grade
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C336AA55-BBA3-4908-886F-25CF6D302D13}" = Angry Birds Star Wars
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8736F91-44EF-4E78-8215-8E1A2401F6F4}" = Angry Birds Seasons
"{CA0AD614-3FD5-11D6-B234-0050DACD394D}" = Search for the Secret Keys
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB79F660-2822-11D5-B232-0050DACD394D}" = Disney's Phonics Quest
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"am-virtualvillagers5newbelievers" = Virtual Villagers 5 - New Believers
"Audacity_is1" = Audacity 2.0
"BFGC" = Big Fish Games: Game Manager
"BFG-Virtual Villagers - New Believers" = Virtual Villagers: New Believers
"BFG-Virtual Villagers - The Secret City" = Virtual Villagers: The Secret City
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"Dell Dock" = Dell Dock
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HP Photo Creations" = HP Photo Creations
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo: Nemo's Underwater World of Fun
"Lost Lagoon 2: Cursed and Forgotten" = Lost Lagoon 2: Cursed and Forgotten (remove only)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Rapid Rote" = Rapid Rote
"RealPlayer 15.0" = RealPlayer
"Scooby-Doo™, Jinx At The Sphinx™" = Scooby-Doo™, Jinx At The Sphinx™
"Shockwave" = Shockwave
"TeamViewer 7" = TeamViewer 7
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Tropical Fish Shop 2" = Tropical Fish Shop 2 (remove only)
"Virtual Villagers 5: New Believers" = Virtual Villagers 5: New Believers (remove only)
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"WTA-f337a265-30d4-42df-84f5-868c444f4053" = Bob the Builder Can-Do-Zoo

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.0
"SOE-Free Realms" = Free Realms
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2013 9:19:05 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33564145

Error - 8/28/2013 9:19:05 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33564145

Error - 8/28/2013 9:19:06 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/28/2013 9:19:06 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33565144

Error - 8/28/2013 9:19:06 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33565144

Error - 8/28/2013 9:19:07 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/28/2013 9:19:07 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33566142

Error - 8/28/2013 9:19:07 AM | Computer Name = FamilyRoom-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33566142

Error - 8/28/2013 10:06:07 AM | Computer Name = FamilyRoom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 8/28/2013 1:25:25 PM | Computer Name = FamilyRoom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

[ Dell Events ]
Error - 12/30/2010 11:58:24 PM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/30/2010 11:58:24 PM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/15/2011 1:13:07 AM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/15/2011 1:13:07 AM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/17/2011 2:57:44 PM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/17/2011 2:57:44 PM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/20/2011 7:52:17 PM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/20/2011 7:52:17 PM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/3/2011 9:08:51 PM | Computer Name = FamilyRoom-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ iolo Applications Events ]
Error - 1/18/2013 11:52:13 PM | Computer Name = FamilyRoom-PC | Source = System Shield | ID = 11
Description =

Error - 5/12/2013 10:55:35 PM | Computer Name = FamilyRoom-PC | Source = System Shield | ID = 11
Description =

Error - 5/20/2013 1:36:35 PM | Computer Name = FamilyRoom-PC | Source = System Shield | ID = 11
Description =

[ System Events ]
Error - 8/28/2013 1:50:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:51:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:52:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:53:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:54:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:55:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:56:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:57:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:58:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2013 1:59:00 PM | Computer Name = FamilyRoom-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060


< End of report >
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. Further research shows that the Authentium software was probably part of the System Mechanic antivirus. Here is what I'm thinking. ComboFix either won't run or it doesn't appear to completely run. The zeroaccess rootkit might be causing this but ComboFix has been updated to kill this infection, so this is most likely caused by an antivirus program that hasn't been disabled. And since there remnants of so many of them I need some additional information. In the meantime we will see if a FRST fix to kill the rootkit will run.

1.
Did you install just the System Mechanic antivirus or did you install System Mechanic Professional with antivirus? I'm asking because I don't see either one in the list of installed programs in either the OTL log or the FRST log. And I don't see an entry for an Internet Suite that might have been provided by your ISP.
2.
Do you still have the System Mechanic (iolo) antivirus icon in the system tray (that's beside the clock)?
3.
Do you have the AVG icon in the system tray?
4.
Did you install just the Trend Micro firewall or the Trend Micro Titanium (that's the antivirus and firewall)? If you installed Trend Micro Titanium can you tell me which version (2013, 2012, 2011 etc;)

The FRST log shows a restore point for the removal of the AVG antivirus software and the IOBIT Advanced System Care software but the OTL log shows them in the list of installed programs on the machine.

Would you please look in the Programs and Features section of the Control Panel and see if you have any of the following:
iolo antivirus or System Mechanic Professional
AVG 2013
Advanced System Care 6
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Anything that says "Security Suite" that may have been provided by your Internet Service Provider.
Trend Micro firewall or Trend Micro Titanium.


Step-1.

Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Download the attached fixlist.txt file and save it to the same location where the program is. (It should be the desktop) The file must be saved to the same location as the FRST64.exe file or the fix won't run.
  • Please re-open the Farbar Scan tool. To do that:
  • Right click the FRST64.exe file and click Run as Administrator to run the program. OK any UAC prompts.
  • Press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Please post it in your next reply.
    The Fixlog.txt file can also be found in the same location that the program was run from.

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above.
2. The Fixlog.txt log
  • 0

#27
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1.
I ran the System Mechanic Professional for almost two years.
2.
I no longer have the System Mechanic icon in the system tray, and the only evidence I see of it is a folder under All Programs. Nothing appears on the control panel
3.
I do not have AVG icon in the system tray, nor is it showing up anywhere else.
4.
I don't remember installing Trend Micro ever.

No logs for you. The FRST starts up and after about 10 secs switches to Not Responding.
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

1.
I ran the System Mechanic Professional for almost two years.
2.
I no longer have the System Mechanic icon in the system tray, and the only evidence I see of it is a folder under All Programs. Nothing appears on the control panel
3.
I do not have AVG icon in the system tray, nor is it showing up anywhere else.
4.
I don't remember installing Trend Micro ever.

Trend Micro is Zone Alarm. Did you have the Firewall or the antivirus or both?

No logs for you. The FRST starts up and after about 10 secs switches to Not Responding.

So the FRST scan will run but nor the fix. Strange. I've never run into this before. It must be the antivirus remnants left on the system. Let's get rid of them and then see what we can do.


Step-1.

Go to this page and download BitRemover to your desktop but Do NOT run it yet.


Step-2.

A
Uninstall IOBIT Products and AVG Secure Search Toolbar

Advanced System Care and all the IOBIT products consume resources unnecessarily and often try to get you to buy the paid version to fix any real issue.
We have alternates that we will use and recommend that do not do that.
The software that we use and recommend does not load at start up so it does not use system resources. It's free and we believe it works ws well as, or better than most other products.

  • Please click the Start Orb, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
  • In the list of programs installed, locate the following program:

    Advanced System Care 6
    AVG Secure Search Toolbar
    or AVG SafeGuard Toolbar
  • Right click the program and click Uninstall
  • After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
  • Reboot the computer.
B
Uninstall System Mechanic or iolo Antivirus

If iolo AntiVirus has been installed as a component of System Mechanic Professional, a complete uninstallation will be necessary to remove iolo AntiVirus from your PC. The following instructions will guide you through this process.

NOTE: If System Mechanic Professional is running, close it.
If iolo AntiVirus is running, you must first close it by right-clicking on the icon in the Windows system tray and selecting Shut down iolo AntiVirus.
  • Click Start>All Programs>System Mechanic Professional>Uninstall System Mechanic Professional
    • If there isn't a System Mechanic Professional item in the All Programs menu please got to the C:\Program Files(86)\System Mechanic Professional folder and see if there is a file named unwise.exe or uninstall.exe. If there is, right click it and click Run as Administrator to run the uninstaller.
  • Follow the instructions to uninstall.
  • When the uninstall process has completed, restart your computer as prompted.

IF you can't find either of these for System Mechanic Pro then look in the All Programs menu for iolo Antivirus and click Uninstall iolo Antivirus. IF there isn't anything there go to C:\Program Files(86)\iolo and see if there is a unwise.exe file or uninstall.exe file. If there is, right click it and click Run as Administrator to run the uninstaller.

C
The Iobit removal tool

Close all open windows and browsers.
Run BitRemover.exe to remove Iobit. Reboot as requested and reboot after completion before the next step.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2012/12/11 19:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/29 21:33:46 | 000,698,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/09/24 22:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
MOD - [2012/10/30 16:37:26 | 000,348,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2012/10/30 16:37:24 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2012/10/30 16:37:22 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
SRV:64bit: - [2011/01/21 12:37:44 | 000,179,008 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2011/01/21 12:37:40 | 000,119,104 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2011/01/21 12:37:32 | 000,121,152 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/12/07 00:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
DRV:64bit: - [2011/01/21 12:45:28 | 000,173,376 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2011/01/21 12:45:26 | 001,465,664 | R--- | M] (Authentium, Inc) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2013/04/11 11:06:54 | 000,039,504 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/30 14:15:46 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {295030CC-C74A-4EF6-914F-F91CBF810305}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {21A19E1F-C698-4F18-8150-EADC5C5BF1A0}
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[2013/08/26 15:57:49 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\AppData\Roaming\TuneUp Software
[2013/08/26 15:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/01 16:08:49 | 000,000,408 | ---- | M] () -- C:\Windows\SysWow64\iolo.ini
[2013/09/01 16:08:49 | 000,000,408 | ---- | M] () -- C:\Windows\SysNative\iolo.ini
[2012/07/22 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\iolo
[2012/07/22 21:25:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\iolo
[2013/08/26 18:38:24 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Ad-Aware Antivirus
[2012/12/29 23:34:43 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\IObit
[2013/08/26 18:12:32 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\iolo

:FILES
ipconfig /flushdns /c
C:\Program Files\Common Files\Authentium
C:\Program Files (x86)\iolo
C:\Program Files (x86)\IObit

:COMMANDS
[reboot]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-4.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the 64 bits (x64): download button and save the RogueKillerX64.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-5.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-6

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if you were able to uninstall any programs
2. The OFL fixes log
3. The asMBR log
4. The RKreport.txt log
5. The AdwCleaner[R0].txt log
  • 0

#29
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok, I am getting flustered. :wacko: I can't do any of step 1 except uninstall Adv Care 6 and AVG. There is still a folder for Adv Care5 and Adv Care 6 in the programs folder. I have both an IObit and IOLO folder but neither contains an unwise or uninstall .exe.......
I used both firewall and AV for probably 2 years before I switched to system mechanic pro. Only thing in the TrendMicro folder now is HiJackthis(?don't no why that would be there since it is not trend micro that i know of)

Edited by k_barta2005, 04 September 2013 - 05:48 AM.

  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Trend Micro used to develop or host the HijackThis program....so that makes sense.
Did you try to run the OTL fix?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP