Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Removed [Solved]


  • This topic is locked This topic is locked

#1
JohnGo

JohnGo

    Member

  • Member
  • PipPipPip
  • 219 posts
Dell Inspiron 3520/Windows 8

This laptop belongs to a friend who is a student. It had become slow to operate so I ran Malwarebytes 3 times. The first 2 runs removed a total of 136 items. The third run was clean. The speed seems to be reasonable at this time.

While working with the computer, I think I find an excessive amount of bloatware installed. I would like to know if I could get assistance on removing this.

Thanks,
John Go
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello JohnGo and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 2

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 4

Please don't forget to include these items in your reply:

  • adwCleaner log
  • JRT log
  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Disregard this post

Edited by JohnGo, 09 January 2014 - 08:53 PM.

  • 0

#4
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
# AdwCleaner v3.016 - Report created 09/01/2014 at 14:23:46
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : bittany - BRITTANY
# Running from : C:\Users\bittany\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\RebateInformer
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\eSafe
Folder Found C:\ProgramData\WPM
Folder Found C:\Users\bittany\AppData\LocalLow\Delta

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604 )
Shortcut Found : C:\Users\bittany\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604 )
Shortcut Found : C:\Users\bittany\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604
Key Found : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\eSafeSecControl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\Software\supWPM
Key Found : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update SaltarSmart
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{7b0cf048-099d-48e0-93a6-9812fac2b75a}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604&type=default&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604&type=default&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604&type=default&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=ST500LM012XHN-M500MBB_S2X1JA0CB38895B38895&ts=1384118604&type=default&q={searchTerms}

*************************

AdwCleaner[R0].txt - [6203 octets] - [09/01/2014 14:19:32]
AdwCleaner[R1].txt - [6091 octets] - [09/01/2014 14:23:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6151 octets] ##########
  • 0

#5
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
# AdwCleaner v3.016 - Report created 09/01/2014 at 20:08:45
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : bittany - BRITTANY
# Running from : C:\Users\bittany\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\RebateInformer
Folder Deleted : C:\Users\bittany\AppData\LocalLow\Delta
File Deleted : C:\END

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\bittany\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\bittany\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{7b0cf048-099d-48e0-93a6-9812fac2b75a}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update SaltarSmart
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\supWPM

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

*************************

AdwCleaner[R0].txt - [6203 octets] - [09/01/2014 14:19:32]
AdwCleaner[R1].txt - [6263 octets] - [09/01/2014 14:23:46]
AdwCleaner[S0].txt - [4241 octets] - [09/01/2014 20:08:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4301 octets] ##########
  • 0

#6
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by bittany on Thu 01/09/2014 at 20:58:38.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-487370699-4034750501-1619664526-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/09/2014 at 21:06:35.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
OTL logfile created on: 1/9/2014 9:42:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bittany\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 65.09% Memory free
4.55 Gb Paging File | 3.20 Gb Available in Paging File | 70.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.62 Gb Total Space | 423.61 Gb Free Space | 92.77% Space Free | Partition Type: NTFS

Computer Name: BRITTANY | User Name: bittany | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 21:14:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bittany\Desktop\OTL.exe
PRC - [2012/07/22 19:37:50 | 000,077,824 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/09 13:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/09 13:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/06/01 20:47:48 | 000,143,888 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/13 22:09:11 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8089e3484b45e44781f0c7a1a78881d5\System.IdentityModel.ni.dll
MOD - [2013/11/13 22:09:05 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\d8755f81e94bff4954c305caf7a93a05\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/11/13 21:57:35 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll
MOD - [2013/11/13 21:57:05 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\6b40a60180e23feff705e28e351e10e1\System.ServiceModel.ni.dll
MOD - [2013/10/30 21:18:45 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\e1c6945213ca43ec9769fe95576962ce\System.Runtime.Serialization.ni.dll
MOD - [2013/10/30 21:18:34 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c508451271803f1677317735db499f5c\System.Configuration.ni.dll
MOD - [2013/10/30 21:18:23 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll
MOD - [2013/09/08 23:55:50 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\15412a4711e5447bd0a45681c8e355ab\IAStorUtil.ni.dll
MOD - [2013/09/08 23:55:41 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3df2fdd27a3e685ce5dda8bce4956e5b\SMDiagnostics.ni.dll
MOD - [2013/09/08 23:55:40 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d438e7ec4899763070e7b5db3f166373\System.ServiceModel.Internals.ni.dll
MOD - [2013/08/29 07:33:24 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/08/19 09:41:35 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll
MOD - [2013/08/19 09:40:03 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/08/03 09:17:16 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\0a71c7804f1648e41fafdd407af38c96\IAStorCommon.ni.dll
MOD - [2013/07/25 13:30:24 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 18:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 16:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 22:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/25 05:13:37 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/12/25 05:13:13 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/08/06 19:16:40 | 000,007,168 | ---- | M] (Cirrus Logic) [Auto | Stopped] -- c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe -- (CirrusAudioService)
SRV:64bit: - [2012/08/06 19:12:02 | 000,099,696 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AECLSr64.exe -- (AECLFilters)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/12/25 05:13:13 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/05 23:12:10 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/31 19:10:26 | 000,207,488 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/22 19:37:50 | 000,077,824 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/09 13:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/06/19 14:33:06 | 000,173,056 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/10 05:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 00:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 20:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 00:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 18:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 16:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/25 05:13:13 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/12/25 05:13:13 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/26 23:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/05 23:12:34 | 009,004,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/06 19:12:02 | 000,041,328 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CSLFDx64.sys -- (CirrusLFD)
DRV:64bit: - [2012/08/05 00:22:10 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2012/07/31 18:52:00 | 000,574,616 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/07/31 18:51:50 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/07/31 18:51:48 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/07/31 18:51:48 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/07/31 18:51:46 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/07/31 18:51:46 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/07/31 18:51:46 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/07/31 18:51:46 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 01:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/07/11 09:04:30 | 000,445,304 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/29 16:18:42 | 000,211,768 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/06/29 16:18:38 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 20:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012/06/12 23:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{B31AFBB7-19CE-4E57-8D42-74D6032C80C1}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{B31AFBB7-19CE-4E57-8D42-74D6032C80C1}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {B31AFBB7-19CE-4E57-8D42-74D6032C80C1}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2013/08/12 19:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bittany\AppData\Roaming\mozilla\Extensions
[2013/08/12 19:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [Dell Audio] c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A99F7FD-9620-409B-A915-002F6CA8E79A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E536FA1-8DCD-4FD1-A301-C55742E133D8}: DhcpNameServer = 172.21.1.171
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/09 21:14:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bittany\Desktop\OTL.exe
[2014/01/09 20:58:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/09 20:55:22 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\bittany\Desktop\JRT.exe
[2014/01/09 20:14:09 | 000,000,000 | R--D | C] -- C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/01/09 14:09:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/07 19:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/07 12:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/01/07 12:08:49 | 000,000,000 | ---D | C] -- C:\Users\bittany\AppData\Roaming\PCDr
[2014/01/07 02:39:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\log
[2014/01/06 21:29:23 | 000,000,000 | ---D | C] -- C:\Users\bittany\AppData\Roaming\Malwarebytes
[2014/01/06 21:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/06 21:27:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 21:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/06 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bittany\AppData\Local\Programs
[2014/01/06 19:51:20 | 000,000,000 | ---D | C] -- C:\Users\bittany\AppData\Local\Windows Live

========== Files - Modified Within 30 Days ==========

[2014/01/09 21:14:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bittany\Desktop\OTL.exe
[2014/01/09 20:55:22 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\bittany\Desktop\JRT.exe
[2014/01/09 20:14:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 20:12:56 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/09 20:12:51 | 3321,122,816 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/09 20:08:45 | 000,000,989 | ---- | M] () -- C:\Users\bittany\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/09 20:08:44 | 003,963,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/09 20:08:44 | 001,179,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/09 20:08:44 | 000,005,598 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 14:01:45 | 001,233,962 | ---- | M] () -- C:\Users\bittany\Desktop\AdwCleaner.exe
[2014/01/07 20:07:34 | 000,087,998 | ---- | M] () -- C:\Users\bittany\Documents\cc_20140107_200709.reg
[2014/01/07 19:54:07 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/07 10:44:56 | 000,291,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 21:27:37 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2014/01/09 14:01:45 | 001,233,962 | ---- | C] () -- C:\Users\bittany\Desktop\AdwCleaner.exe
[2014/01/07 20:07:21 | 000,087,998 | ---- | C] () -- C:\Users\bittany\Documents\cc_20140107_200709.reg
[2014/01/07 19:54:07 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/07 10:44:48 | 000,291,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 23:04:30 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/01/06 21:27:37 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 13:45:04 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/12/25 04:53:58 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/12/25 04:53:46 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/25 03:48:25 | 000,866,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/05 23:12:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/08/12 19:03:59 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 00:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 23:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/29 08:07:38 | 000,000,000 | ---D | M] -- C:\Users\bittany\AppData\Roaming\Leadertech
[2013/11/10 15:32:54 | 000,000,000 | ---D | M] -- C:\Users\bittany\AppData\Roaming\OpenWebKitSharp Strings
[2014/01/07 12:08:49 | 000,000,000 | ---D | M] -- C:\Users\bittany\AppData\Roaming\PCDr

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2013/05/16 13:02:02 | 000,095,092 | ---- | M] () -- C:\updater.exe

< MD5 for: EXPLORER.EXE >
[2013/06/01 05:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 05:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/10/02 01:49:45 | 000,191,929 | ---- | M] () MD5=238857D81B6E905D80A046F762166FD3 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/10/02 01:49:50 | 000,190,101 | ---- | M] () MD5=331875701DC47916A3AD2894A2B289F9 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/10/02 01:49:32 | 000,193,351 | ---- | M] () MD5=36949CE1F046713967C95778B377B200 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/09/09 00:25:00 | 000,220,310 | ---- | M] () MD5=47E113C17D96AFCCA1D65985906C24DF -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/09/09 00:24:55 | 000,221,955 | ---- | M] () MD5=49F2A8F1C3C9276A4A6F281131A8B39E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/09/09 00:25:05 | 000,220,321 | ---- | M] () MD5=72F2739EAC2D80511D49BE380D6A53E6 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/10/02 01:49:38 | 000,191,911 | ---- | M] () MD5=9DBE2873172F7F20F9141D152E1B96A4 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/06/01 04:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 04:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
[2013/09/09 00:25:09 | 000,217,360 | ---- | M] () MD5=EFE74148439250FCC14F237F0A7280DE -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe

< MD5 for: SERVICES.EXE >
[2013/09/09 10:09:47 | 000,038,189 | ---- | M] () MD5=6368061AD9EE9E90BC49C3C509D5094B -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012/12/25 05:13:13 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012/12/25 05:13:13 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/09/09 10:09:48 | 000,001,252 | ---- | M] () MD5=98E887455E9DA20A0BBA17F65930F215 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe

< MD5 for: SVCHOST.EXE >
[2012/07/25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2013/09/09 10:12:25 | 000,000,609 | ---- | M] () MD5=73B590D72B76AEDB28AAD763B1EE4873 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012/12/25 05:13:22 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/12/25 05:13:22 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2013/09/09 10:12:25 | 000,002,873 | ---- | M] () MD5=E93DC3DDB25F97FF9DB2A904E56FD3D8 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/12/25 05:13:13 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/12/25 05:13:13 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012/12/25 05:13:22 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

< MD5 for: USERINIT.EXE >
[2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/10/02 01:33:04 | 000,053,876 | ---- | M] () MD5=3EE4B78E60E3C867D3416108657CA39E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/10/02 01:33:06 | 000,053,884 | ---- | M] () MD5=894A14FE32B1ED8FFB24096237CEE325 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2013/10/02 01:33:07 | 000,001,620 | ---- | M] () MD5=9DD83F29DEFE08A4DD1A745526E5472F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/10/02 01:33:03 | 000,053,889 | ---- | M] () MD5=F56F8BD6F448170739BADCDB6E7271EB -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe

< %systemroot%\*. /mp /s >

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 6A8D-6D3A
Directory of C:\
07/26/2012 01:22 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/26/2012 01:22 AM <JUNCTION> Application Data [C:\ProgramData]
07/26/2012 01:22 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/26/2012 01:22 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/26/2012 01:22 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 01:22 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/26/2012 01:22 AM <SYMLINKD> All Users [C:\ProgramData]
07/26/2012 01:22 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/26/2012 01:22 AM <JUNCTION> Application Data [C:\ProgramData]
07/26/2012 01:22 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/26/2012 01:22 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/26/2012 01:22 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 01:22 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\bittany
04/26/2013 05:41 PM <JUNCTION> Application Data [C:\Users\bittany\AppData\Roaming]
04/26/2013 05:41 PM <JUNCTION> Cookies [C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Cookies]
04/26/2013 05:41 PM <JUNCTION> Local Settings [C:\Users\bittany\AppData\Local]
04/26/2013 05:41 PM <JUNCTION> My Documents [C:\Users\bittany\Documents]
04/26/2013 05:41 PM <JUNCTION> NetHood [C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/26/2013 05:41 PM <JUNCTION> PrintHood [C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/26/2013 05:41 PM <JUNCTION> Recent [C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Recent]
04/26/2013 05:41 PM <JUNCTION> SendTo [C:\Users\bittany\AppData\Roaming\Microsoft\Windows\SendTo]
04/26/2013 05:41 PM <JUNCTION> Start Menu [C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Start Menu]
04/26/2013 05:41 PM <JUNCTION> Templates [C:\Users\bittany\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\bittany\AppData\Local
04/26/2013 05:41 PM <JUNCTION> Application Data [C:\Users\bittany\AppData\Local]
04/26/2013 05:41 PM <JUNCTION> History [C:\Users\bittany\AppData\Local\Microsoft\Windows\History]
04/26/2013 05:41 PM <JUNCTION> Temporary Internet Files [C:\Users\bittany\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\bittany\Documents
04/26/2013 05:41 PM <JUNCTION> My Music [C:\Users\bittany\Music]
04/26/2013 05:41 PM <JUNCTION> My Pictures [C:\Users\bittany\Pictures]
04/26/2013 05:41 PM <JUNCTION> My Videos [C:\Users\bittany\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/26/2012 01:22 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/26/2012 01:22 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/26/2012 01:22 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/26/2012 01:22 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/26/2012 01:22 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/26/2012 01:22 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/26/2012 01:22 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/26/2012 01:22 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/26/2012 01:22 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/26/2012 01:22 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/26/2012 01:22 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/26/2012 01:22 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/26/2012 01:22 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/26/2012 01:22 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/26/2012 01:22 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/26/2012 01:22 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/26/2012 01:22 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/26/2012 01:22 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/26/2012 01:22 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
48 Dir(s) 454,701,891,584 bytes free

< End of report >
  • 0

#8
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
OTL Extras logfile created on: 1/9/2014 9:42:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bittany\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 65.09% Memory free
4.55 Gb Paging File | 3.20 Gb Available in Paging File | 70.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456.62 Gb Total Space | 423.61 Gb Free Space | 92.77% Space Free | Partition Type: NTFS

Computer Name: BRITTANY | User Name: bittany | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A31F6B5E-8052-4CEF-92F7-F9A37079641D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B0108826-0D8D-40FA-AF4A-565880E6A1EC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014FEBFA-1AD2-40A1-B4D5-43B13D8EA206}" = dir=out | name=dell shop |
"{05072C7E-F120-4534-A505-914321BA1B6B}" = dir=out | name=amazon for windows |
"{0680C5FB-03CD-4E2B-90A6-95D88D863860}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{1843303A-0F6E-4FCF-8FF6-055241133CBE}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{2E7A833C-AFD4-42CA-83F8-87D0CD90483B}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{338E4022-29CD-4D17-9B04-DF93F53F8A92}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{46C54A98-C67C-41CA-A618-397F7DA36CFB}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{4733F6B4-CB64-40AC-8476-68236CC6472B}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{48C6E783-9B9E-4D7E-BB6A-F84432C69E1E}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{492320E3-ADEE-474B-A574-6B5485FCE338}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4A483FAB-C3F2-405E-81D5-6DDED1F41DB2}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{54C9312C-6158-4B67-8E26-7FC326FFE8E6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{54CD07DB-5C89-4A6C-83E6-3EB5BE94D147}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"{55D7A30C-B6ED-438C-BDE1-EB234697B69B}" = dir=out | name=mcafee security advisor for dell |
"{5D33E8B0-151A-43C5-A1C6-4E2575BAA3C1}" = dir=out | name=ebay |
"{62B2DABE-572F-4A4B-A589-1768EFA271ED}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{690124BC-F84E-4323-B824-BADB6B7E5858}" = dir=in | name=ebay |
"{696D91D2-3B04-4029-9A12-44F34E03D301}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{72218E1D-AF21-4D1F-A409-0AB3F83C31C3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{79637054-B8A9-4D90-9432-60D134BFEF94}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7CA8B860-3AF5-431E-8D4A-83ACD2D96DA7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{837D2F5A-F22D-4A43-82C8-EAE877877EBD}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{839B7B66-8F74-4D44-8ACA-2216404D73EE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{89B456B8-D879-4BE9-9E64-211ABBCE77D4}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{89EAA3DE-A233-4ACB-A7EC-5EAF0D324EFE}" = dir=in | name=skype |
"{8A58E025-FCC2-40D4-AB6F-0ED409375ECC}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{9126348A-0CEC-45FE-A37F-E9501F9BDCE2}" = dir=out | name=kindle |
"{9C6B3E27-761F-43DA-A89A-6C8701BDD3B4}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\win7ui.exe |
"{A3192325-1E7C-46FB-9C4E-396058DDFE47}" = dir=out | name=windows_ie_ac_001 |
"{AE6A53E6-3E1A-48DD-B9BA-1566F82B64EF}" = dir=out | name=skype |
"{BB6CBFDB-028B-478C-89E7-3FED981D1701}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{C1FBFB4D-3A74-4B36-826F-23397655D8D5}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{CA68F5CB-CA02-4957-9E68-F3984F1E5F99}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{CEB68551-EA39-49FF-A737-580878C6B508}" = dir=in | name=kindle |
"{D05AC7FE-C39C-41D1-B15D-E519AF7C77CF}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{D63F6535-957B-4138-98E2-8222ABA89597}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F5B64220-62D6-4518-83BF-1DB0FE059ECA}" = dir=in | name=amazon for windows |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{327AD405-F05D-4AB9-81DB-CA6964C5D7C8}" = Cirrus Logic Audio Panel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}" = Dell Digital Delivery
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"DMUninstaller" = DMUninstaller
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Olive" = Olive v1.2.6.2
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2014 11:27:01 PM | Computer Name = brittany | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/6/2014 11:27:01 PM | Computer Name = brittany | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/7/2014 8:12:19 AM | Computer Name = brittany | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Exception has been thrown by the target
of an invocation. at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[]
arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object
obj, Object[] parameters, Object[] arguments) at System.Delegate.DynamicInvokeImpl(Object[]
args) at Microsoft.Win32.SystemEvents.SystemEventInvokeInfo.InvokeCallback(Object
arg) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Int32 numArgs) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object
source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error - 1/7/2014 8:13:36 AM | Computer Name = brittany | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/7/2014 8:13:36 AM | Computer Name = brittany | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/7/2014 8:21:17 AM | Computer Name = brittany | Source = CirrusAudioService | ID = 0
Description = Service cannot be started. System.TypeLoadException: Could not load
type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=null'. at CirrusService.ServiceContractImpl..ctor()

at CirrusService.CirrusService.CreateServiceHost() at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

Error - 1/7/2014 8:25:33 AM | Computer Name = brittany | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/7/2014 8:25:33 AM | Computer Name = brittany | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/7/2014 8:30:59 AM | Computer Name = brittany | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39,
time stamp: 0x4ffe56d2 Faulting module name: MSVCR90.dll, version: 9.0.30729.6871,
time stamp: 0x4fee5fd5 Exception code: 0x40000015 Fault offset: 0x000000000004267f
Faulting
process id: 0xd9c Faulting application start time: 0x01cf0ba44d4a119d Faulting application
path: C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5x Faulting module path:
C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll
Report
Id: 8f59a050-7797-11e3-becc-9c2a7027e736 Faulting package full name: Faulting package-relative
application ID:

Error - 1/7/2014 11:01:07 AM | Computer Name = brittany | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39,
time stamp: 0x4ffe56d2 Faulting module name: MSVCR90.dll, version: 9.0.30729.6871,
time stamp: 0x4fee5fd5 Exception code: 0x40000015 Fault offset: 0x000000000004267f
Faulting
process id: 0x21c Faulting application start time: 0x01cf0bb94a25bb81 Faulting application
path: C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5x Faulting module path:
C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll
Report
Id: 88851a2f-77ac-11e3-becc-9c2a7027e736 Faulting package full name: Faulting package-relative
application ID:

[ System Events ]
Error - 12/15/2013 9:35:00 PM | Computer Name = brittany | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/15/2013 9:47:08 PM | Computer Name = brittany | Source = Service Control Manager | ID = 7022
Description = The Wsys Service service hung on starting.

Error - 12/17/2013 8:31:43 PM | Computer Name = brittany | Source = Service Control Manager | ID = 7022
Description = The Wsys Service service hung on starting.

Error - 12/17/2013 8:33:59 PM | Computer Name = brittany | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/17/2013 8:46:49 PM | Computer Name = brittany | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:44:41 PM on ?12/?17/?2013 was unexpected.

Error - 12/17/2013 8:47:46 PM | Computer Name = brittany | Source = Service Control Manager | ID = 7022
Description = The Wsys Service service hung on starting.

Error - 12/17/2013 8:50:42 PM | Computer Name = brittany | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:46:49 PM on ?12/?17/?2013 was unexpected.

Error - 12/17/2013 8:51:42 PM | Computer Name = brittany | Source = Service Control Manager | ID = 7022
Description = The Wsys Service service hung on starting.

Error - 12/17/2013 8:54:22 PM | Computer Name = brittany | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/31/2013 3:34:57 PM | Computer Name = brittany | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:50:42 PM on ?12/?17/?2013 was unexpected.


< End of report >
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi JohnGo,

adwCleaner and JRT did great job. How is your system now? Any problems?
  • 0

#10
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
No problems. It is doing much better.
  • 0

#11
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
The laptop seems to be working fine now. I need to return it today to the owner to return to school with, I thank you very much for your instruction and for the helpful work that geeks-to-go provides.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi JohnGo,

Your logs and system are clean now. I'm glad we fix up your computer.

If you can please run Step 1 to remove all my programs.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#13
JohnGo

JohnGo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Sorry I had to let the computer go before you finished. I deleted everything we used that was obvious, however I will get the computer back in a few days and run the cleanup you specify.

Thank You
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP