Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dots on my startup screen


  • Please log in to reply

#1
CypherzOrion

CypherzOrion

    New Member

  • Member
  • Pip
  • 9 posts
Hey guys, I am a some what noob in regards to pc. It has been a long time since I have fixed anything, hardware and software. I never seen this dots before. There are blue dots on my start up. I was just sitting at the pc doing some research and they popped up.
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_qfe.130704-0421)
Language: English (Regional Setting: English)
System Manufacturer: Dell Inc
System Model: XPS 630i
BIOS: Phoenix - AwardBIOS v6.00PG
Processor: Intel® Core™2 Quad CPU Q9650 @ 3.00GHz (4 CPUs)
Memory: 3326MB RAM
Page File: 1380MB used, 5782MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Reboot and when you see the Dell log, hit F2. That should take you to the BIOS/CMOS setup screen. Do you see blue dots there too?
  • 0

#3
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
the dots didnt show on bios nor safety mode, but when i restarted it was all clear until i opened up facebook. It only showed for one second during the load up, on the mouse.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
If they don't show up in Safe Mode then it might be the video driver. In Safe Mode you get the low resolution video which doesn't really use the driver.
Go to the PC maker's website and get the latest video or graphics driver.


Could also be some other program that doesn't start in Safe Mode. Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it no spots then go back into msconfig and turn on a few items each
time until you find the culprit. If it doesn't help then go back into msconfig and select normal boot.

Other possibilities:

Heat - could it be overheating? If it's new enough you can use Speedfan:

http://www.almico.com/sfdownload.php

Download, save and Install it then run it.

It will tell you your temps. Desktops should run under 40 laptops under 55

Memory could be bad. Run memtest: http://www.memtest.org/

Possible disk error:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Could also be adware:


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#5
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
all that stuff you asked me to download ended up being some random [bleep] lol. i scanned the system and updated drivers but still here. i think the temp inside is 70F.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
The links are all good so it may be that you have malware that is sending you to the wrong sites. 70 C is too hot so it may need cleaning. You might want to post in our malware forum.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
We have been moved to the Malware forum so I am now allowed to have you run OTL so I can see what is going on on your PC:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#8
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Vino's Event Viewer v01c run on Windows XP in German
Report run at 18/10/2013 7:34:14 PM

Note: All dates below are in the format dd / mm / yyyy

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
'System' Log - Error Type
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
'System' Log - Warning Type
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
  • 0

#9
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
all the core temps are 40-50...
  • 0

#10
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Cipherz Orion on 18.10.2013 at 19:52:14.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4181863819-524837170-1318864477-1005\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4181863819-524837170-1318864477-1005\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BA122B0D-231A-4988-B887-DCC90E24DF8A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9A69337C-7B4B-418C-BDB9-35BA4107B6F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\aol toolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files\aol toolbar"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Cipherz Orion\Application Data\mozilla\firefox\profiles\ny5j9vem.default-1373242454265\prefs.js

user_pref("extensions.dokotoolbar.tb_url", "hxxp://www.doko-search.com/?q={searchTerms}&babsrc=TB_ss&mntrId=3A50001F3F005A74&affID=125836&tsp=5039");
user_pref("extensions.dokotoolbar.tlbrSrchUrl", "hxxp://www.doko-search.com/?q={searchTerms}&babsrc=TB_ss&mntrId=3A50001F3F005A74&affID=125836&tsp=5039");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.10.2013 at 20:03:29.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#11
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 18.10.2013 8:09:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Cipherz Orion\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yyyy

3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.35% Memory free
6.99 Gb Paging File | 5.66 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): C:\pagefile.sys 4000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 688.81 Gb Total Space | 522.75 Gb Free Space | 75.89% Space Free | Partition Type: NTFS

Computer Name: CIPHERZ | User Name: Cipherz Orion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.10.18 20:05:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cipherz Orion\My Documents\Downloads\OTL(1).exe
PRC - [2013.10.17 15:29:20 | 000,264,816 | ---- | M] (Dell) -- C:\Documents and Settings\Cipherz Orion\Local Settings\Apps\2.0\8P6A28DR.PRC\6DLY3QET.ZLZ\dell..tion_0f612f649c4a10af_0005.0003_d2152cbf7ce307ec\DellSystemDetect.exe
PRC - [2013.09.17 16:34:47 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.09.16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013.09.06 12:30:16 | 000,273,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2013.02.19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2013.02.19 14:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013.02.19 14:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012.11.11 09:57:26 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Cipherz Orion\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe
PRC - [2010.03.08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1341253372\ee\aolsoftware.exe
PRC - [2009.08.17 10:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009.08.17 10:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.08.17 10:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009.02.04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008.11.03 10:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008.08.18 20:01:52 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2008.04.14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2006.11.03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005.03.09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2013.10.12 05:35:52 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\7b73f7e38201072133ea521fa104e260\System.Deployment.ni.dll
MOD - [2013.10.12 05:35:31 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013.10.11 15:08:18 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013.10.11 15:07:38 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013.09.17 16:34:47 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.08.14 08:45:33 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013.08.14 08:44:43 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a06f7104593927a9e9be4afd4199b404\Microsoft.VisualBasic.ni.dll
MOD - [2013.08.14 08:40:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013.08.14 08:40:32 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\40ea80adb0fbe21bc953ac641f033a04\System.Web.Services.ni.dll
MOD - [2013.08.14 08:40:26 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013.08.14 08:40:14 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013.08.14 08:40:08 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013.08.14 08:39:08 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013.08.14 08:38:17 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013.08.14 08:38:04 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013.07.11 13:35:52 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013.07.11 13:34:22 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012.11.16 15:44:36 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009.08.17 10:26:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009.07.29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008.11.03 10:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2008.11.03 10:54:00 | 000,262,384 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2008.11.03 10:54:00 | 000,132,336 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2008.11.03 10:54:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2008.11.03 10:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008.11.03 10:54:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2013.10.10 04:53:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.17 16:34:47 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.09.16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.09.06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.25 23:02:14 | 000,279,488 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013.02.19 14:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2013.02.19 14:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013.02.19 14:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012.10.18 06:06:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012.08.31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.01.15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006.10.23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2005.03.09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090227.004\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090227.004\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.10.18 11:06:54 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.19 14:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2013.02.19 14:11:42 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2013.02.19 14:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013.02.19 14:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013.02.19 14:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2013.02.19 14:09:10 | 000,084,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2013.02.19 14:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013.02.19 14:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013.02.19 14:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013.02.19 14:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013.02.12 16:46:28 | 000,040,648 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2013.01.03 16:49:42 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012.12.29 16:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012.11.16 17:04:28 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012.05.14 02:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012.04.20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010.10.22 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2010.10.22 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.09.09 20:57:58 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.02.11 10:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.02.11 10:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008.01.15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008.01.14 23:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.01.14 23:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.01.14 23:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2003.01.10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [1996.04.03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 49 35 D5 3D 3B CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.17 16:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.07 16:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013.08.21 16:45:22 | 000,000,000 | ---D | M]

[2012.06.28 06:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cipherz Orion\Application Data\Mozilla\Extensions
[2013.10.18 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cipherz Orion\Application Data\Mozilla\Firefox\Profiles\ny5j9vem.default-1373242454265\extensions
[2013.10.18 05:43:31 | 000,006,227 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Application Data\Mozilla\Firefox\Profiles\ny5j9vem.default-1373242454265\searchplugins\dokotoolbar.xml
[2013.10.18 16:19:21 | 000,003,746 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Application Data\Mozilla\Firefox\Profiles\ny5j9vem.default-1373242454265\searchplugins\safeguard-secure-search.xml
[2013.10.18 05:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013.09.17 16:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.09.17 16:34:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013.07.14 08:55:43 | 000,000,019 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1341253372\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSystemDetect] C:\Documents and Settings\Cipherz Orion\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Cipherz Orion\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Cipherz Orion\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{215E46ED-9ACF-4868-9B71-2E6874D845FE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{215E46ED-9ACF-4868-9B71-2E6874D845FE}: NameServer = 208.122.23.22,208.122.23.23
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{35d67fa5-c08b-11e1-8eeb-0022192f57c1}\Shell - "" = AutoRun
O33 - MountPoints2\{35d67fa5-c08b-11e1-8eeb-0022192f57c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35d67fa5-c08b-11e1-8eeb-0022192f57c1}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.10.18 19:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013.10.18 19:52:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.10.18 19:42:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.10.18 19:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Start Menu\Programs\SpeedFan
[2013.10.18 19:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.10.18 16:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2013.10.18 11:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\AVG SafeGuard toolbar
[2013.10.18 11:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Application Data\AVG SafeGuard toolbar
[2013.10.18 11:07:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013.10.18 11:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013.10.18 11:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013.10.18 11:06:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013.10.18 08:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2013.10.18 08:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013.10.18 06:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2013.10.18 05:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Application Data\0D0S1L2Z1P1B
[2013.10.18 05:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\cache
[2013.10.18 05:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\My Documents\Mobogenie
[2013.10.18 05:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\Mobogenie
[2013.10.18 05:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Application Data\Mipony
[2013.10.18 04:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2013.10.18 04:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2013.10.18 04:08:20 | 000,103,040 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AtihdXP3.sys
[2013.10.18 04:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.10.18 04:06:05 | 000,000,000 | ---D | C] -- C:\AMD
[2013.10.18 00:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.10.18 00:10:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.10.18 00:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.10.18 00:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\My Documents\files torrent
[2013.10.18 00:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\My Documents\torrent files
[2013.10.17 15:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Application Data\Dell
[2013.10.17 15:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2013.10.17 15:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013.10.17 15:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Application Data\PCDr
[2013.10.17 15:40:56 | 000,000,000 | ---D | C] -- C:\temp
[2013.10.17 15:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Start Menu\Programs\Dell
[2013.10.17 15:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\Deployment
[2013.10.14 04:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013.10.14 04:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.10.14 04:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.10.14 04:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.10.11 14:50:53 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013.10.11 14:50:53 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013.10.10 04:53:29 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013.10.09 17:34:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cipherz Orion\Start Menu\Programs\Administrative Tools
[2013.10.09 08:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.10.09 07:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cipherz Orion\My Documents\jnlk
[2013.10.08 17:18:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.10.18 19:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.10.18 19:49:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013.10.18 19:47:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.10.18 19:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.10.18 19:46:38 | 3487,006,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.18 19:21:36 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\SpeedFan.lnk
[2013.10.18 19:21:36 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2013.10.18 16:24:44 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013.10.18 16:24:44 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.10.18 11:07:25 | 000,003,746 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013.10.18 11:06:54 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013.10.18 11:06:31 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Find Drivers with DriverAgent.lnk
[2013.10.18 08:50:16 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2013.10.18 08:23:04 | 000,946,191 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\bookmarks-2013-10-18.json
[2013.10.18 08:15:07 | 000,047,508 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1376543_613596935349061_689329481_n.jpg
[2013.10.18 05:30:20 | 000,067,596 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\km,kl,ol.JPG
[2013.10.18 05:21:02 | 000,113,910 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1383148_10151642232596470_2053947796_n.jpg
[2013.10.18 02:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CIPHERZ-Hella Is Super Bella.job
[2013.10.18 00:10:41 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.10.17 16:01:56 | 000,020,520 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382985_192261487624281_298767974_n.jpg
[2013.10.17 16:01:32 | 000,045,344 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1395308_537629429646969_381926334_n.jpg
[2013.10.17 15:58:32 | 000,120,412 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\jhm,jmnbmnb.JPG
[2013.10.17 15:50:39 | 000,042,092 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1385649_669179509782165_1732045275_n.jpg
[2013.10.17 15:49:55 | 000,027,033 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\944582_333302790147424_1221231580_n.jpg
[2013.10.17 15:48:20 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013.10.17 15:48:19 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013.10.17 15:26:23 | 000,140,718 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1378794_618461454864412_1798325428_n.jpg
[2013.10.17 14:38:59 | 000,108,532 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382932_10151640634451470_25558404_n.jpg
[2013.10.17 05:10:56 | 000,079,114 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\1375861_10151638393646470_2047688065_n.jpg
[2013.10.17 02:56:19 | 000,093,088 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1380788_10151964100805070_1426987001_n.jpg
[2013.10.16 16:20:21 | 000,056,324 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1374157_651627874881787_1643821727_n.jpg
[2013.10.16 16:18:02 | 000,068,649 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1378250_647891715244977_1274925045_n.jpg
[2013.10.16 13:45:48 | 000,031,647 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382266_10101830877568638_1468273820_n.jpg
[2013.10.16 05:32:55 | 027,976,522 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Jurassic World - Pitch Trailer.failed-conv.mp4
[2013.10.16 05:09:13 | 055,441,332 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Hercules_ The Legend Begins Trailer 2014 Movie - Official [H.failed-conv.mp4
[2013.10.16 03:36:52 | 000,197,063 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\cirque-du-soleil-iris-41-1024x682.jpg
[2013.10.15 17:48:04 | 000,037,444 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1374736_557985660935033_188163858_n.jpg
[2013.10.15 16:44:36 | 000,014,190 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1376653_697892560240423_498112652_n.jpg
[2013.10.15 16:31:16 | 000,067,494 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1379842_694100917269105_1127089280_n.jpg
[2013.10.15 16:11:20 | 000,083,902 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\582770_266930616757027_1261553319_n.jpg
[2013.10.15 16:07:30 | 000,284,945 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1374047_443733492410071_1781352753_n.png
[2013.10.15 15:08:45 | 000,096,900 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\564059_439784999463723_1948799052_n.jpg
[2013.10.15 15:07:01 | 000,021,228 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1378596_439894682786088_1414523277_n.jpg
[2013.10.15 14:46:56 | 000,061,846 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1375956_558743164198959_975575652_n.jpg
[2013.10.15 05:27:32 | 003,657,191 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Lektion47_Partizip I_.failed-conv.mp4
[2013.10.14 21:26:09 | 000,047,812 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\993421_557423144324618_1758056575_n.jpg
[2013.10.14 21:25:20 | 000,056,483 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1381393_717177014977196_1006302051_n.jpg
[2013.10.14 21:23:47 | 000,084,637 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\541901_10151930726575310_58896112_n.jpg
[2013.10.14 21:22:20 | 000,056,905 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1395177_10151651140576244_1082766152_n.jpg
[2013.10.14 05:53:22 | 137,581,626 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\JURASSIC PARK 1-3 - DINOSAURS COMPILATION.failed-conv.mp4
[2013.10.14 05:51:36 | 000,086,848 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1376382_439078492867707_1474342241_n.jpg
[2013.10.14 05:51:13 | 000,045,232 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1380179_439082546200635_1467079066_n.jpg
[2013.10.14 04:56:17 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013.10.13 11:14:31 | 000,036,860 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382238_10201607119634019_1662081543_n.jpg
[2013.10.13 11:13:27 | 000,046,622 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1381649_526420760777671_892192597_n.jpg
[2013.10.13 10:05:48 | 009,840,458 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\The neverending story - Original german cinema trailer.failed-conv.mp4
[2013.10.13 10:01:09 | 000,059,672 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\Michael_Ende_by_Christine_Meile_1962.jpg
[2013.10.13 09:44:33 | 289,734,644 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Alien Planet _Full Documentary_.failed-conv.mp4
[2013.10.13 07:26:17 | 000,049,432 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1377224_692968434064454_1575630583_n.jpg
[2013.10.13 07:25:35 | 000,049,277 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1379337_605356599523057_1209528707_n.jpg
[2013.10.13 07:25:07 | 000,110,367 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1381387_744003278959733_631733858_n.jpg
[2013.10.13 07:16:22 | 000,124,613 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\Two_pie_graphs_about_the_composition_of_the_human_body.png
[2013.10.13 06:51:25 | 000,050,699 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382979_447351965381557_65903560_n.jpg
[2013.10.12 05:35:06 | 003,723,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.10.11 15:07:51 | 000,467,218 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.10.11 15:07:51 | 000,080,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.10.11 15:04:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.10.10 16:45:15 | 000,051,270 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\994015_554357387964527_1213117274_n.jpg
[2013.10.10 16:44:26 | 000,066,216 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1393063_10151869867770139_990338279_n.jpg
[2013.10.10 15:45:01 | 000,128,639 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1383009_616983271677647_1712499234_n.jpg
[2013.10.10 14:20:40 | 000,036,351 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1385733_595038333892419_572769587_n.jpg
[2013.10.10 04:53:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.10.10 04:53:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.10.10 04:53:29 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013.10.09 17:39:08 | 000,127,153 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1393598_538928372852541_1778620533_n.jpg
[2013.10.09 16:56:51 | 000,079,518 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1379403_661935207172829_1121552990_n.jpg
[2013.10.09 16:54:06 | 000,058,563 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1234146_545883112162756_2040812440_n.jpg
[2013.10.09 16:53:32 | 000,017,118 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\1000633_10200575540123550_2027390101_n.jpg
[2013.10.09 16:00:07 | 000,130,274 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\599393_10100260986902188_2097157114_n.jpg
[2013.10.09 15:11:42 | 000,075,229 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\1381236_10201240010135397_1383796504_n.jpg
[2013.10.09 15:10:34 | 000,126,809 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\971713_591836867533938_1277853619_n.jpg
[2013.10.09 12:35:58 | 000,940,440 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Desktop\bookmarks-2013-10-09.json
[2013.10.09 06:58:07 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013.09.23 14:33:58 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013.09.23 14:33:58 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013.09.23 14:33:58 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013.09.23 14:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013.09.23 14:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013.09.23 14:33:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013.09.23 14:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013.09.23 14:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013.09.23 14:33:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013.09.23 14:33:57 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013.09.23 14:33:57 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.09.23 14:33:57 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013.09.23 14:33:57 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013.09.23 14:33:57 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013.09.23 14:33:57 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013.09.23 14:33:57 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013.09.23 14:33:57 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013.09.23 14:33:57 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013.09.23 14:33:57 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013.09.23 14:33:57 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013.09.23 14:33:57 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013.09.23 14:33:57 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013.09.23 14:33:57 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013.09.23 14:33:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013.09.23 14:33:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013.09.23 14:33:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013.09.23 14:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013.09.23 14:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013.09.23 14:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2013.09.23 14:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2013.09.23 14:06:48 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.10.18 19:21:36 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\SpeedFan.lnk
[2013.10.18 19:20:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2013.10.18 16:24:44 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013.10.18 11:07:01 | 000,003,746 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013.10.18 11:06:31 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Find Drivers with DriverAgent.lnk
[2013.10.18 08:50:16 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2013.10.18 08:23:01 | 000,946,191 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\bookmarks-2013-10-18.json
[2013.10.18 08:15:04 | 000,047,508 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1376543_613596935349061_689329481_n.jpg
[2013.10.18 05:22:38 | 000,067,596 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\km,kl,ol.JPG
[2013.10.18 05:18:14 | 000,113,910 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1383148_10151642232596470_2053947796_n.jpg
[2013.10.18 00:10:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.10.17 23:22:28 | 3487,006,720 | -HS- | C] () -- C:\hiberfil.sys
[2013.10.17 16:29:14 | 000,443,424 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013.10.17 16:01:56 | 000,020,520 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382985_192261487624281_298767974_n.jpg
[2013.10.17 16:01:31 | 000,045,344 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1395308_537629429646969_381926334_n.jpg
[2013.10.17 15:58:31 | 000,120,412 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\jhm,jmnbmnb.JPG
[2013.10.17 15:50:29 | 000,042,092 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1385649_669179509782165_1732045275_n.jpg
[2013.10.17 15:49:54 | 000,027,033 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\944582_333302790147424_1221231580_n.jpg
[2013.10.17 15:48:19 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013.10.17 15:48:18 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013.10.17 15:26:23 | 000,140,718 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1378794_618461454864412_1798325428_n.jpg
[2013.10.17 14:38:57 | 000,108,532 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382932_10151640634451470_25558404_n.jpg
[2013.10.17 05:10:56 | 000,079,114 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\1375861_10151638393646470_2047688065_n.jpg
[2013.10.17 02:56:14 | 000,093,088 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1380788_10151964100805070_1426987001_n.jpg
[2013.10.16 16:20:20 | 000,056,324 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1374157_651627874881787_1643821727_n.jpg
[2013.10.16 16:18:01 | 000,068,649 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1378250_647891715244977_1274925045_n.jpg
[2013.10.16 13:45:48 | 000,031,647 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382266_10101830877568638_1468273820_n.jpg
[2013.10.16 05:31:52 | 027,976,522 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Jurassic World - Pitch Trailer.failed-conv.mp4
[2013.10.16 05:07:48 | 055,441,332 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Hercules_ The Legend Begins Trailer 2014 Movie - Official [H.failed-conv.mp4
[2013.10.16 03:36:52 | 000,197,063 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\cirque-du-soleil-iris-41-1024x682.jpg
[2013.10.15 17:48:04 | 000,037,444 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1374736_557985660935033_188163858_n.jpg
[2013.10.15 16:44:36 | 000,014,190 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1376653_697892560240423_498112652_n.jpg
[2013.10.15 16:31:16 | 000,067,494 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1379842_694100917269105_1127089280_n.jpg
[2013.10.15 16:11:20 | 000,083,902 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\582770_266930616757027_1261553319_n.jpg
[2013.10.15 16:07:30 | 000,284,945 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1374047_443733492410071_1781352753_n.png
[2013.10.15 15:08:44 | 000,096,900 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\564059_439784999463723_1948799052_n.jpg
[2013.10.15 15:07:01 | 000,021,228 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1378596_439894682786088_1414523277_n.jpg
[2013.10.15 14:46:56 | 000,061,846 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1375956_558743164198959_975575652_n.jpg
[2013.10.15 05:27:18 | 003,657,191 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Lektion47_Partizip I_.failed-conv.mp4
[2013.10.14 21:26:09 | 000,047,812 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\993421_557423144324618_1758056575_n.jpg
[2013.10.14 21:25:20 | 000,056,483 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1381393_717177014977196_1006302051_n.jpg
[2013.10.14 21:23:46 | 000,084,637 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\541901_10151930726575310_58896112_n.jpg
[2013.10.14 21:22:19 | 000,056,905 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1395177_10151651140576244_1082766152_n.jpg
[2013.10.14 05:51:35 | 000,086,848 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1376382_439078492867707_1474342241_n.jpg
[2013.10.14 05:51:12 | 000,045,232 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1380179_439082546200635_1467079066_n.jpg
[2013.10.14 05:44:26 | 137,581,626 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\JURASSIC PARK 1-3 - DINOSAURS COMPILATION.failed-conv.mp4
[2013.10.14 04:56:17 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013.10.13 11:14:31 | 000,036,860 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382238_10201607119634019_1662081543_n.jpg
[2013.10.13 11:13:27 | 000,046,622 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1381649_526420760777671_892192597_n.jpg
[2013.10.13 10:05:29 | 009,840,458 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\The neverending story - Original german cinema trailer.failed-conv.mp4
[2013.10.13 10:01:09 | 000,059,672 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\Michael_Ende_by_Christine_Meile_1962.jpg
[2013.10.13 09:34:15 | 289,734,644 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\Alien Planet _Full Documentary_.failed-conv.mp4
[2013.10.13 07:26:17 | 000,049,432 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1377224_692968434064454_1575630583_n.jpg
[2013.10.13 07:25:35 | 000,049,277 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1379337_605356599523057_1209528707_n.jpg
[2013.10.13 07:25:07 | 000,110,367 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1381387_744003278959733_631733858_n.jpg
[2013.10.13 07:16:22 | 000,124,613 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\Two_pie_graphs_about_the_composition_of_the_human_body.png
[2013.10.13 06:51:24 | 000,050,699 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1382979_447351965381557_65903560_n.jpg
[2013.10.10 16:45:15 | 000,051,270 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\994015_554357387964527_1213117274_n.jpg
[2013.10.10 16:44:26 | 000,066,216 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1393063_10151869867770139_990338279_n.jpg
[2013.10.10 15:45:00 | 000,128,639 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1383009_616983271677647_1712499234_n.jpg
[2013.10.10 14:20:40 | 000,036,351 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1385733_595038333892419_572769587_n.jpg
[2013.10.09 17:39:08 | 000,127,153 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1393598_538928372852541_1778620533_n.jpg
[2013.10.09 16:56:50 | 000,079,518 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1379403_661935207172829_1121552990_n.jpg
[2013.10.09 16:54:05 | 000,058,563 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\My Documents\1234146_545883112162756_2040812440_n.jpg
[2013.10.09 16:53:30 | 000,017,118 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\1000633_10200575540123550_2027390101_n.jpg
[2013.10.09 16:00:06 | 000,130,274 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\599393_10100260986902188_2097157114_n.jpg
[2013.10.09 15:11:42 | 000,075,229 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\1381236_10201240010135397_1383796504_n.jpg
[2013.10.09 15:10:33 | 000,126,809 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\971713_591836867533938_1277853619_n.jpg
[2013.10.09 12:35:57 | 000,940,440 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Desktop\bookmarks-2013-10-09.json
[2012.09.08 10:00:46 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2012.08.10 23:55:06 | 000,168,170 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\SCScrnShot_081012_235506.pcx
[2012.07.04 05:08:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.02 14:20:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012.07.01 19:29:08 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.28 05:39:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.27 14:08:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Cipherz Orion\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008.04.25 17:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 15:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: SCSI
Media Type: Fixed\thard disk media
Model: ST375063 0AS SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 63.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 689.00GB
Starting Offset: 65802240
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 739674754560
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012.09.18 20:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\.minecraft
[2013.10.18 05:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\0D0S1L2Z1P1B
[2013.10.09 08:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Adobe
[2012.07.02 14:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\AOL
[2013.09.19 03:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Apple Computer
[2009.05.15 06:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\ATI
[2013.10.18 11:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\AVG SafeGuard toolbar
[2013.01.18 08:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\CyberLink
[2013.10.17 15:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Dell
[2012.07.01 19:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\DivX
[2012.11.20 10:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Dropbox
[2008.04.25 17:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Identities
[2009.05.15 06:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Macromedia
[2012.07.01 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Malwarebytes
[2013.10.09 05:18:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Microsoft
[2013.10.18 06:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Mipony
[2012.07.02 14:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Mozilla
[2013.10.17 15:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\PCDr
[2012.07.02 21:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Roxio
[2012.10.11 10:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Skype
[2013.09.16 05:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Spotify
[2013.10.09 08:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.05.15 06:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Sun
[2013.10.18 00:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\uTorrent
[2012.07.03 17:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\vlc
[2012.07.08 19:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Western Digital
[2009.05.15 06:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Windows Desktop Search
[2012.06.27 17:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cipherz Orion\Application Data\Windows Search

< MD5 for: ATAPI.SYS >
[2008.04.14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008.04.14 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008.06.20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008.06.20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008.04.14 08:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008.06.20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008.04.14 08:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008.04.14 08:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008.04.14 08:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008.04.14 08:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008.04.14 08:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\dllcache\rsvpsp.dll
[2008.04.14 08:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009.02.06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009.02.06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2008.04.14 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.04.14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008.04.14 08:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2008.04.14 08:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 3A50-BCAC
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
11.10.2013 03:07 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
11.10.2013 03:07 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 560,807,444,480 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: \accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: \accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: \accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: \aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOLDES~1.7\aol.exe -hb [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOLDES~1.7\aol.exe -rb [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOLDES~1.7\aol.exe -sb [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\shell\open\command\\: C:\PROGRA~1\AOLDES~1.7\aol.exe -z"%1" [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.09.17 16:34:46 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.09.17 16:34:46 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.09.17 16:34:46 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013.09.17 16:34:47 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013.09.17 16:34:47 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013.09.17 16:34:47 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\shell\open\command\\: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: \accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: \accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: \accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: \aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOLDES~1.7\aol.exe -hb [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOLDES~1.7\aol.exe -rb [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOLDES~1.7\aol.exe -sb [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aolfile_HTM\shell\open\command\\: C:\PROGRA~1\AOLDES~1.7\aol.exe -z"%1" [2012.04.20 18:50:43 | 000,042,320 | ---- | M] (AOL Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.09.17 16:34:46 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.09.17 16:34:46 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.09.17 16:34:46 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013.09.17 16:34:47 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013.09.17 16:34:47 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013.09.17 16:34:47 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.VK7OOPDOUZHBI4RRBGWT5E6R3U\shell\open\command\\: "C:\Documents and Settings\Hella Is Super Bella\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013.01.17 10:07:20 | 001,294,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013.09.23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008.04.14 08:00:00 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2008.04.14 08:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2008.04.14 08:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009.11.20 07:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010.12.21 08:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010.07.12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009.11.20 07:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2008.04.14 08:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2008.04.14 08:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008.04.14 08:00:00 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.EXE
[2008.04.14 08:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2008.04.14 08:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2008.04.14 08:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2008.04.14 08:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2008.04.14 08:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2008.04.14 08:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2008.04.14 08:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2008.04.14 08:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2008.04.14 08:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2008.04.14 08:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2008.04.14 08:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2008.04.14 08:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2008.04.14 08:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2008.04.14 08:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2008.04.14 08:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2008.04.14 08:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2008.04.14 08:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2008.04.14 08:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2008.04.14 08:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2008.04.14 08:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2008.04.14 08:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2008.04.14 08:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2008.04.14 08:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2008.04.14 08:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2008.04.14 08:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2008.04.14 08:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2008.04.14 08:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2008.04.14 08:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2008.04.14 08:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2008.04.14 08:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2008.04.14 08:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2008.04.14 08:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2008.04.14 08:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2008.04.14 08:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2008.04.14 08:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2008.04.14 08:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2008.04.14 08:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2008.04.14 08:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2008.04.14 08:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2008.04.14 08:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2008.04.14 08:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2008.04.14 08:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2008.04.14 08:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2008.04.14 08:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2008.04.14 08:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2008.04.14 08:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2008.04.14 08:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2008.04.14 08:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2008.04.14 08:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2008.04.14 08:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2008.04.14 08:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2008.04.14 08:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2008.04.14 08:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2008.04.14 08:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2008.04.14 08:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2008.04.14 08:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2008.04.14 08:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2008.04.14 08:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2008.04.14 08:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2008.04.14 08:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2008.04.14 08:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2008.04.14 08:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2008.04.14 08:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2008.04.14 08:00:00 | 000,002,687 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >
  • 0

#12
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL Extras logfile created on: 18.10.2013 8:09:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Cipherz Orion\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yyyy

3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.35% Memory free
6.99 Gb Paging File | 5.66 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): C:\pagefile.sys 4000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 688.81 Gb Total Space | 522.75 Gb Free Space | 75.89% Space Free | Partition Type: NTFS

Computer Name: CIPHERZ | User Name: Cipherz Orion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1341253372\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1341253372\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7\waol.exe" = C:\Program Files\AOL Desktop 9.7\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Cipherz Orion\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Cipherz Orion\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Documents and Settings\Cipherz Orion\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Cipherz Orion\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Documents and Settings\Hella Is Super Bella\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Hella Is Super Bella\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\Hella Is Super Bella\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Hella Is Super Bella\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{13F7898A-F39E-F19C-BF0A-3A2422C4579F}" = CCC Help Dutch
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1B325F70-A984-421E-8407-06683E6EF03B}" = QuickShare
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38AB97EF-3D06-194B-6407-6D4ACE925738}" = CCC Help Russian
"{3B244431-0C71-8044-F336-FA2280604BB7}" = Catalyst Control Center Localization All
"{3CE9BA35-F974-595D-CD27-3480976B8791}" = CCC Help Chinese Traditional
"{3F4417E8-D9BB-2552-986D-232EDC2A8CC0}" = CCC Help Czech
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A07805-6BBB-0451-C259-DF42F010509C}" = AMD Catalyst Install Manager
"{4625C99C-A9F8-D444-6352-092AD46734BD}" = CCC Help Italian
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B67EE2A-2C42-B70B-AC3F-B26DF1E64C4F}" = ccc-utility
"{4B6F5F7F-85C1-0397-57C4-E9F8CAD4F7FF}" = CCC Help French
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5635429F-0E24-476F-6011-C87CB0CEEBEF}" = CCC Help Turkish
"{579EDD1B-20D0-0D10-D1FA-C519ED99A6AC}" = Catalyst Control Center Graphics Previews Common
"{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"{5A2A1EDC-925A-D527-04B5-73F3F1FDBE24}" = Catalyst Control Center InstallProxy
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7D3C830F-83DA-62EF-D144-B14050D2F257}" = CCC Help Chinese Standard
"{7E24775F-4A1A-8C37-AA6E-C4F0D9CE6B3F}" = CCC Help German
"{86197EF8-3D51-E4B6-7323-09986A560470}" = CCC Help Portuguese
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB88B36-A320-6325-8DBE-0C4B8DBAB286}" = CCC Help Norwegian
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{934F70BF-37F9-3C35-4D22-DD8AB0146EFF}" = CCC Help Greek
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD06DFF-E96F-942E-8145-7FD3BEC9326B}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3CD98E8-DA7A-CDC4-8367-E5FE201E6611}" = CCC Help Japanese
"{B4AD27A4-886B-CB7B-F929-2ABD9AF8E2CA}" = CCC Help English
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3D5225A-5794-702D-41EB-37069A5B23C8}" = CCC Help Spanish
"{C468065B-7A72-FDD9-B16C-398F596886E8}" = CCC Help Swedish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAB3C20-F0BC-14C5-2CC5-09F1B35A28EC}" = CCC Help Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D680339B-4B93-2BAD-1A56-B647E77D8909}" = CCC Help Korean
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA033D67-F1DA-EAF9-8C16-F4C434E4F238}" = Catalyst Control Center
"{DC31C62B-4845-E020-DF6F-0F1E4F479E04}" = CCC Help Danish
"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
"{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6A761AF-107F-B8B8-B6BC-4CE8758C247D}" = CCC Help Hungarian
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE422A03-5747-271C-68EB-4BFE2C604FA0}" = CCC Help Finnish
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"AVMWLANCLI" = AVM FRITZ!WLAN
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"Dell Video Chat" = Dell Video Chat
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Doko Chrome Toolbar" = Doko Chrome Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"IrfanView" = IrfanView (remove only)
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Player - Codec Pack" = Media Player Codec Pack 4.0.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = My Dell
"SpeedFan" = SpeedFan (remove only)
"StarCraft" = StarCraft
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"AOL Toolbar" = AOL Toolbar
"Dropbox" = Dropbox
"Mipony Download Manager Packages" = Mipony Download Manager Packages
"Spotify" = Spotify
"Zip Extractor Packages" = Zip Extractor Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 1:16:28 PM | Computer Name = CIPHERZ | Source = ESENT | ID = 447
Description = SearchIndexer (1876) A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 78, PgnoRoot: 79008) of database C:\Documents and Settings\All
Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (99353
=> 99085, 78878).

Error - 17.10.2013 3:32:15 PM | Computer Name = CIPHERZ | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error
(7A05B998) (80131506)

Error - 17.10.2013 3:32:17 PM | Computer Name = CIPHERZ | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, stamp 4802526c,
faulting module mscorwks.dll, version 2.0.50727.3649, stamp 5174dcd3, debug? 0,
fault address 0x001eb998.

[ System Events ]
Error - 18.10.2013 5:53:03 AM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 18.10.2013 5:53:08 AM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 18.10.2013 7:15:31 AM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the libusbd service.

Error - 18.10.2013 4:17:11 PM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 18.10.2013 4:17:18 PM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 18.10.2013 4:20:00 PM | Computer Name = CIPHERZ | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 18.10.2013 5:20:16 PM | Computer Name = CIPHERZ | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{215E46ED-9ACF-4868-9B71.
The
master browser is stopping or an election is being forced.

Error - 18.10.2013 7:46:46 PM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 18.10.2013 7:46:46 PM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.0.12 service failed to start due to the following
error: %%2

Error - 18.10.2013 7:46:51 PM | Computer Name = CIPHERZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX


< End of report >
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 11

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the ask toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the Norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Run the Avg Removal tool.

Run the Norton removal tool.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090227.004\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090227.004\NAVENG.SYS -- (NAVENG)
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
[2013.10.18 05:43:31 | 000,006,227 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Application Data\Mozilla\Firefox\Profiles\ny5j9vem.default-1373242454265\searchplugins\dokotoolbar.xml
[2013.10.18 16:19:21 | 000,003,746 | ---- | M] () -- C:\Documents and Settings\Cipherz Orion\Application Data\Mozilla\Firefox\Profiles\ny5j9vem.default-1373242454265\searchplugins\safeguard-secure-search.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
[2013.10.18 11:07:25 | 000,003,746 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013.10.17 15:48:20 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013.10.17 15:48:19 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


See if the Fixit on http://support.micro...windows_search/ will run on your PC. Can't tell if it works on XP but if not it will tell you.



You have a problem with .Net .NET Framework 2.0

Uninstall both:
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1

and reboot. Open IE and click on Tools or Security and then on Windows Update. Choose the Custom option. It should offer you several .net updates probably under the optional updates. Install them.

If you haven't done a defrag in a while then do so:

http://support.microsoft.com/kb/314848


Download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close all browsers and Skype. Click on Optimize. When it finishes click on Exit.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them. How is it running now? Are you still seeing spots?
  • 0

#14
CypherzOrion

CypherzOrion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
still seeing spots...i will buy this Sapphire ATI HD 7750 and Corsair Vengeance and windows 8 pro upgrade.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP