Solved Google redirect

jtroy

Posts: 19   +0
Would like to see what is causing google to redirect to bizarre sites. Thanks!
I followed the 5 step process for virus/malware removal.
Here are the log results:

Malwarebytes:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Janice :: JANICE-LAPTOP [administrator]

Protection: Enabled

6/2/2012 2:43:28 PM
mbam-log-2012-06-02 (14-43-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217864
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-02 16:12:48
Windows 6.1.7601 Service Pack 1
Running: nrstm4nn.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289f9d9da
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289f9d9da (not active ControlSet)

---- EOF - GMER 1.0.15 ----

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Janice at 16:16:17 on 2012-06-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3209 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mysanantonio.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Facebook Update] "C:\Users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A6DD405A-7ACB-4817-B32E-BB12E2129D3D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A6DD405A-7ACB-4817-B32E-BB12E2129D3D}\1456279616C6 : DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.1
TCP: Interfaces\{A6DD405A-7ACB-4817-B32E-BB12E2129D3D}\34142554D234F42505 : DhcpNameServer = 172.16.220.2 172.16.220.3
TCP: Interfaces\{A6DD405A-7ACB-4817-B32E-BB12E2129D3D}\C696E6B6379737 : DhcpNameServer = 192.168.15.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\rik40xt4.default\
FF - prefs.js: browser.startup.homepage - mysanantonio.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Janice\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-30 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-12-30 151552]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2010-12-17 53920]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-29 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-3-29 134920]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-30 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-2 654408]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2011-10-31 176128]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-6 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-22 1692480]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-22 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/22 17:25:28;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-18 1038088]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-02 19:35:40 -------- d-----w- C:\Users\Janice\AppData\Roaming\Malwarebytes
2012-06-02 19:33:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-02 19:33:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 19:33:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-02 18:44:32 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-02 17:56:09 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D692745-8FA2-49FF-BF37-3D77DF999BD5}\offreg.dll
2012-06-02 17:55:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-02 17:55:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-02 17:55:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-02 17:55:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-02 17:55:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-02 17:55:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-02 17:55:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-01 11:47:00 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0D692745-8FA2-49FF-BF37-3D77DF999BD5}\mpengine.dll
2012-05-23 19:56:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-23 12:25:17 98816 ----a-w- C:\Windows\sed.exe
2012-05-23 12:25:17 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-23 12:25:17 256000 ----a-w- C:\Windows\PEV.exe
2012-05-23 12:25:17 208896 ----a-w- C:\Windows\MBR.exe
2012-05-15 00:40:50 -------- d-----w- C:\Users\Janice\AppData\Local\BMExplorer
2012-05-14 20:15:21 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-14 20:15:20 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-14 20:15:19 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-14 20:15:19 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-14 20:15:19 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-14 20:14:20 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-14 20:14:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 20:54:33 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 20:54:32 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 20:54:32 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 20:54:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 20:54:31 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 20:54:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-06-02 18:44:10 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-02 18:41:56 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 18:41:56 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 01:43:15 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-03 03:34:53 0 ----a-w- C:\Windows\SysWow64\sho6892.tmp
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:31 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:03:29 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-03-06 23:02:45 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
.
============= FINISH: 16:17:00.35 ===============

ATTACH:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2011 3:54:36 PM
System Uptime: 6/2/2012 11:23:50 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 0YH79Y
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 428.455 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {34446e8e-37b4-4b16-9da6-bea2db33465a}
Description: Bluetooth Server
Device ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&145C6171&0&000000000000_00000000
Manufacturer: Intel Corporation
Name: Bluetooth Server
PNP Device ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&145C6171&0&000000000000_00000000
Service: btmaux
.
==== System Restore Points ===================
.
RP84: 5/14/2012 10:35:37 PM - Windows Update
RP85: 5/18/2012 7:06:55 PM - Windows Update
RP86: 5/23/2012 6:34:28 AM - Windows Update
RP87: 5/27/2012 8:13:47 PM - Windows Update
RP88: 6/1/2012 6:46:32 AM - Windows Update
RP89: 6/2/2012 1:43:55 PM - Installed Java(TM) 7 Update 4
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.3) MUI
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.6
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
avast! Internet Security
Connect
Cozi
Creative Memories StoryBook Creator Plus 3
CyberLink PowerDVD 9.6
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Driver Download Manager
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell KM632 Wireless Keyboard Caps Lock Indicator
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
Digital Line Detect
DirectX 9 Runtime
eBay
Facebook Video Calling 1.2.0.159
GoToAssist 8.0.0.514
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) WiDi
Internet Explorer
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 4
Junk Mail filter update
kuler
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
PDF Settings CS4
Photoshop Camera Raw
PhotoShowExpress
Pixel Bender Toolkit
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Suite Shared Configuration CS4
swMSM
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 7:37:16 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
6/2/2012 3:00:38 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/1/2012 6:41:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
6/1/2012 6:41:37 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2012 4:00:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Boot Cleaner -
I forgot to run this as an administrator - sorry! Do I need to redo? I had already finished the aswMBR step when I realized it. Also, the boot cleaner created a bootkit_remover_debug_log on my desktop. Do you need the contents of that log pasted here?

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`e8800000

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

aswMBR
I downloaded and clicked scan (there was no indication to download Avast virus definitions).
It started scanning then for some reason my computer rebooted. It didn't appear that the scan completed. There was no MBR.dat file on my desktop. I ran the aswMRB again and all went well. Here's the log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 08:43:33
-----------------------------
08:43:33.482 OS Version: Windows x64 6.1.7601 Service Pack 1
08:43:33.483 Number of processors: 4 586 0x2A07
08:43:33.484 ComputerName: JANICE-LAPTOP UserName: Janice
08:43:35.536 Initialize success
08:43:35.733 AVAST engine defs: 12060300
08:44:40.638 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:44:40.648 Disk 0 Vendor: WDC_WD64 03.0 Size: 610480MB BusType: 3
08:44:40.685 Disk 0 MBR read successfully
08:44:40.691 Disk 0 MBR scan
08:44:40.699 Disk 0 Windows VISTA default MBR code
08:44:40.705 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
08:44:40.713 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
08:44:40.737 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 590375 MB offset 41172992
08:44:40.758 Disk 0 scanning C:\Windows\system32\drivers
08:44:48.342 Service scanning
08:45:07.968 Modules scanning
08:45:07.986 Disk 0 trace - called modules:
08:45:08.014 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:45:08.027 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e24060]
08:45:08.039 3 CLASSPNP.SYS[fffff88001b8343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006b8d050]
08:45:09.352 AVAST engine scan C:\Windows
08:45:12.053 AVAST engine scan C:\Windows\system32
08:47:36.467 AVAST engine scan C:\Windows\system32\drivers
08:47:46.755 AVAST engine scan C:\Users\Janice
08:50:03.867 Disk 0 MBR has been saved successfully to "C:\Users\Janice\Desktop\MBR.dat"
08:50:03.872 The log file has been saved successfully to "C:\Users\Janice\Desktop\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Another symptom that I thought was a non-issue anymore is that my laptop has problems connecting to our home wifi (even though 2 of our other computers could. My daughter has another Dell - same exact one as mine - and it was having issues connecting, too. Rebooting router/modem helped both of our laptops temporarily, but then I'd lose connection again) I thought this was not an issue anymore because I've been able to connect for the past week or so without problem. But it reoccurred after running the scans prior to TDSS Killer. I rebooted the router and modem and I'm back online.

The TDSS Killer detected no threats. The log was too long, so I'll paste the log in a separate post.
 
First half of TDSS Killer log. Will send 2nd half in another post.

13:45:57.0118 13504 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:45:58.0879 13504 ============================================================
13:45:58.0879 13504 Current date / time: 2012/06/03 13:45:58.0879
13:45:58.0879 13504 SystemInfo:
13:45:58.0879 13504
13:45:58.0879 13504 OS Version: 6.1.7601 ServicePack: 1.0
13:45:58.0879 13504 Product type: Workstation
13:45:58.0879 13504 ComputerName: JANICE-LAPTOP
13:45:58.0880 13504 UserName: Janice
13:45:58.0880 13504 Windows directory: C:\Windows
13:45:58.0880 13504 System windows directory: C:\Windows
13:45:58.0880 13504 Running under WOW64
13:45:58.0880 13504 Processor architecture: Intel x64
13:45:58.0880 13504 Number of processors: 4
13:45:58.0880 13504 Page size: 0x1000
13:45:58.0880 13504 Boot type: Normal boot
13:45:58.0880 13504 ============================================================
13:45:59.0290 13504 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:45:59.0296 13504 ============================================================
13:45:59.0296 13504 \Device\Harddisk0\DR0:
13:45:59.0296 13504 MBR partitions:
13:45:59.0296 13504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
13:45:59.0296 13504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48113AB0
13:45:59.0296 13504 ============================================================
13:45:59.0318 13504 C: <-> \Device\Harddisk0\DR0\Partition1
13:45:59.0318 13504 ============================================================
13:45:59.0318 13504 Initialize success
13:45:59.0318 13504 ============================================================
13:46:02.0385 14240 ============================================================
13:46:02.0385 14240 Scan started
13:46:02.0385 14240 Mode: Manual;
13:46:02.0385 14240 ============================================================
13:46:02.0983 14240 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:46:02.0989 14240 1394ohci - ok
13:46:03.0072 14240 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:46:03.0080 14240 ACPI - ok
13:46:03.0123 14240 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:46:03.0126 14240 AcpiPmi - ok
13:46:03.0194 14240 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
13:46:03.0196 14240 adfs - ok
13:46:03.0368 14240 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
13:46:03.0392 14240 Adobe Version Cue CS4 - ok
13:46:03.0485 14240 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:46:03.0487 14240 AdobeARMservice - ok
13:46:03.0741 14240 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:46:03.0743 14240 AdobeFlashPlayerUpdateSvc - ok
13:46:04.0007 14240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:46:04.0019 14240 adp94xx - ok
13:46:04.0113 14240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:46:04.0121 14240 adpahci - ok
13:46:04.0159 14240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:46:04.0186 14240 adpu320 - ok
13:46:04.0261 14240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:46:04.0264 14240 AeLookupSvc - ok
13:46:04.0367 14240 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:46:04.0370 14240 AERTFilters - ok
13:46:04.0481 14240 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:46:04.0494 14240 AFD - ok
13:46:04.0556 14240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:46:04.0559 14240 agp440 - ok
13:46:04.0592 14240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:46:04.0596 14240 ALG - ok
13:46:04.0625 14240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:46:04.0626 14240 aliide - ok
13:46:04.0630 14240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:46:04.0633 14240 amdide - ok
13:46:04.0651 14240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:46:04.0654 14240 AmdK8 - ok
13:46:04.0680 14240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:46:04.0681 14240 AmdPPM - ok
13:46:04.0727 14240 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:46:04.0731 14240 amdsata - ok
13:46:04.0768 14240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:46:04.0773 14240 amdsbs - ok
13:46:04.0795 14240 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:46:04.0796 14240 amdxata - ok
13:46:04.0858 14240 AMPPAL (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
13:46:04.0863 14240 AMPPAL - ok
13:46:04.0873 14240 AMPPALP (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
13:46:04.0878 14240 AMPPALP - ok
13:46:05.0018 14240 AMPPALR3 (2cc0cbf2707be4d5b6ce6b87d9da2f97) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:46:05.0030 14240 AMPPALR3 - ok
13:46:05.0119 14240 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:46:05.0125 14240 ApfiltrService - ok
13:46:05.0170 14240 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:46:05.0173 14240 AppID - ok
13:46:05.0210 14240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:46:05.0213 14240 AppIDSvc - ok
13:46:05.0256 14240 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:46:05.0260 14240 Appinfo - ok
13:46:05.0396 14240 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:46:05.0399 14240 Apple Mobile Device - ok
13:46:05.0473 14240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:46:05.0476 14240 arc - ok
13:46:05.0493 14240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:46:05.0496 14240 arcsas - ok
13:46:05.0620 14240 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:46:05.0623 14240 aspnet_state - ok
13:46:05.0690 14240 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
13:46:05.0692 14240 aswFsBlk - ok
13:46:05.0784 14240 aswFW (ffe56ac75a257141561daf42c3f7d16b) C:\Windows\system32\drivers\aswFW.sys
13:46:05.0788 14240 aswFW - ok
13:46:05.0857 14240 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys
13:46:05.0859 14240 aswKbd - ok
13:46:05.0904 14240 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
13:46:05.0906 14240 aswMonFlt - ok
13:46:05.0935 14240 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
13:46:05.0936 14240 aswNdis - ok
13:46:05.0993 14240 aswNdis2 (36dbcb80e0af1dc228f495faf00a4bc8) C:\Windows\system32\drivers\aswNdis2.sys
13:46:06.0000 14240 aswNdis2 - ok
13:46:06.0044 14240 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
13:46:06.0046 14240 aswRdr - ok
13:46:06.0150 14240 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
13:46:06.0155 14240 aswSnx - ok
13:46:06.0252 14240 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
13:46:06.0258 14240 aswSP - ok
13:46:06.0296 14240 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
13:46:06.0298 14240 aswTdi - ok
13:46:06.0353 14240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:46:06.0355 14240 AsyncMac - ok
13:46:06.0396 14240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:46:06.0399 14240 atapi - ok
13:46:06.0448 14240 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
13:46:06.0449 14240 AthBTPort - ok
13:46:06.0547 14240 Atheros Bt&Wlan Coex Agent (67b8bd46e8626c348688930244761dab) C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
13:46:06.0550 14240 Atheros Bt&Wlan Coex Agent - ok
13:46:06.0600 14240 AtherosSvc (8430ed17cef0d7878b25776e02508957) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
13:46:06.0602 14240 AtherosSvc - ok
13:46:06.0682 14240 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:46:06.0696 14240 AudioEndpointBuilder - ok
13:46:06.0703 14240 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:46:06.0707 14240 AudioSrv - ok
13:46:06.0834 14240 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:46:06.0836 14240 avast! Antivirus - ok
13:46:06.0912 14240 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
13:46:06.0915 14240 avast! Firewall - ok
13:46:06.0970 14240 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:46:06.0974 14240 AxInstSV - ok
13:46:07.0087 14240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:46:07.0098 14240 b06bdrv - ok
13:46:07.0162 14240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:46:07.0166 14240 b57nd60a - ok
13:46:07.0190 14240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:46:07.0213 14240 BDESVC - ok
13:46:07.0239 14240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:46:07.0241 14240 Beep - ok
13:46:07.0345 14240 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:46:07.0360 14240 BFE - ok
13:46:07.0467 14240 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:46:07.0484 14240 BITS - ok
13:46:07.0542 14240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:46:07.0544 14240 blbdrive - ok
13:46:07.0765 14240 Bluetooth Device Monitor (0f46d2845bd7ddaca52340ecc2b65da3) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:46:07.0780 14240 Bluetooth Device Monitor - ok
13:46:07.0954 14240 Bluetooth Media Service (3341de556ec28252d603277609eef8bf) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:46:07.0965 14240 Bluetooth Media Service - ok
13:46:08.0122 14240 Bluetooth OBEX Service (5d5c3ec9be1107dedf0feb55b7f3bd77) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:46:08.0138 14240 Bluetooth OBEX Service - ok
13:46:08.0286 14240 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:46:08.0293 14240 Bonjour Service - ok
13:46:08.0451 14240 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:46:08.0454 14240 bowser - ok
13:46:08.0508 14240 bpenum (597fffac47605337b1c719b4975238f0) C:\Windows\system32\DRIVERS\bpenum.sys
13:46:08.0512 14240 bpenum - ok
13:46:08.0543 14240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:46:08.0545 14240 BrFiltLo - ok
13:46:08.0555 14240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:46:08.0557 14240 BrFiltUp - ok
13:46:08.0602 14240 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:46:08.0606 14240 BridgeMP - ok
13:46:08.0654 14240 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:46:08.0661 14240 Browser - ok
13:46:08.0706 14240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:46:08.0709 14240 Brserid - ok
13:46:08.0739 14240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:46:08.0741 14240 BrSerWdm - ok
13:46:08.0746 14240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:46:08.0747 14240 BrUsbMdm - ok
13:46:08.0754 14240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:46:08.0755 14240 BrUsbSer - ok
13:46:08.0843 14240 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys
13:46:08.0848 14240 BTATH_A2DP - ok
13:46:08.0904 14240 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
13:46:08.0906 14240 BTATH_BUS - ok
13:46:08.0968 14240 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
13:46:08.0972 14240 BTATH_HCRP - ok
13:46:08.0984 14240 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
13:46:08.0985 14240 BTATH_LWFLT - ok
13:46:09.0030 14240 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
13:46:09.0033 14240 BTATH_RCP - ok
13:46:09.0089 14240 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
13:46:09.0091 14240 BthEnum - ok
13:46:09.0126 14240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:46:09.0129 14240 BTHMODEM - ok
13:46:09.0170 14240 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:46:09.0171 14240 BthPan - ok
13:46:09.0245 14240 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
13:46:09.0254 14240 BTHPORT - ok
13:46:09.0302 14240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:46:09.0306 14240 bthserv - ok
13:46:09.0423 14240 BTHSSecurityMgr (d6ceec2f878149e4db9fe93fa5d8fe60) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:46:09.0426 14240 BTHSSecurityMgr - ok
13:46:09.0441 14240 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
13:46:09.0444 14240 BTHUSB - ok
13:46:09.0462 14240 btmaudio - ok
13:46:09.0493 14240 btmaux (ab0a33001fe7ebb209d9d52ced11be1a) C:\Windows\system32\DRIVERS\btmaux.sys
13:46:09.0495 14240 btmaux - ok
13:46:09.0553 14240 btmhsf (5ba4c6f82a5ca3307c0579d9f7b36e28) C:\Windows\system32\DRIVERS\btmhsf.sys
13:46:09.0560 14240 btmhsf - ok
13:46:09.0592 14240 catchme - ok
13:46:09.0637 14240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:46:09.0640 14240 cdfs - ok
13:46:09.0686 14240 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:46:09.0688 14240 cdrom - ok
13:46:09.0725 14240 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:46:09.0727 14240 CertPropSvc - ok
13:46:09.0742 14240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:46:09.0745 14240 circlass - ok
13:46:09.0805 14240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:46:09.0814 14240 CLFS - ok
13:46:09.0931 14240 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
13:46:09.0937 14240 CLKMSVC10_9EC60124 - ok
13:46:10.0035 14240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:46:10.0039 14240 clr_optimization_v2.0.50727_32 - ok
13:46:10.0123 14240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:46:10.0127 14240 clr_optimization_v2.0.50727_64 - ok
13:46:10.0222 14240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:46:10.0226 14240 clr_optimization_v4.0.30319_32 - ok
13:46:10.0271 14240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:46:10.0274 14240 clr_optimization_v4.0.30319_64 - ok
13:46:10.0399 14240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:46:10.0401 14240 CmBatt - ok
13:46:10.0423 14240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:46:10.0425 14240 cmdide - ok
13:46:10.0508 14240 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:46:10.0518 14240 CNG - ok
13:46:10.0557 14240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:46:10.0559 14240 Compbatt - ok
13:46:10.0591 14240 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:46:10.0594 14240 CompositeBus - ok
13:46:10.0613 14240 COMSysApp - ok
13:46:10.0628 14240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:46:10.0631 14240 crcdisk - ok
13:46:10.0697 14240 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:46:10.0703 14240 CryptSvc - ok
13:46:10.0778 14240 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:46:10.0781 14240 CtClsFlt - ok
13:46:10.0954 14240 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:46:10.0963 14240 cvhsvc - ok
13:46:11.0045 14240 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:46:11.0063 14240 DcomLaunch - ok
13:46:11.0120 14240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:46:11.0137 14240 defragsvc - ok
13:46:11.0222 14240 DellDigitalDelivery (af8b8377e5b7defaad3cdaad766f07d6) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
13:46:11.0226 14240 DellDigitalDelivery - ok
13:46:11.0307 14240 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:46:11.0311 14240 DfsC - ok
13:46:11.0393 14240 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:46:11.0402 14240 Dhcp - ok
13:46:11.0419 14240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:46:11.0420 14240 discache - ok
13:46:11.0460 14240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:46:11.0463 14240 Disk - ok
13:46:11.0632 14240 DMAgent (fd6780d8e79a4a0037dbcb339582f091) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
13:46:11.0641 14240 DMAgent - ok
13:46:11.0693 14240 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:46:11.0701 14240 Dnscache - ok
13:46:11.0740 14240 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:46:11.0749 14240 dot3svc - ok
13:46:11.0782 14240 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:46:11.0784 14240 DPS - ok
13:46:11.0813 14240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:46:11.0814 14240 drmkaud - ok
13:46:11.0935 14240 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:46:11.0950 14240 DXGKrnl - ok
13:46:11.0977 14240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:46:11.0979 14240 EapHost - ok
13:46:12.0285 14240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:46:12.0368 14240 ebdrv - ok
13:46:12.0510 14240 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:46:12.0516 14240 EFS - ok
13:46:12.0640 14240 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:46:12.0658 14240 ehRecvr - ok
13:46:12.0686 14240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:46:12.0688 14240 ehSched - ok
13:46:12.0780 14240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:46:12.0788 14240 elxstor - ok
13:46:12.0801 14240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:46:12.0804 14240 ErrDev - ok
13:46:12.0890 14240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:46:12.0901 14240 EventSystem - ok
13:46:13.0148 14240 EvtEng (532b8ff8e07f3772b086620377654f95) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:46:13.0172 14240 EvtEng - ok
13:46:13.0333 14240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:46:13.0339 14240 exfat - ok
13:46:13.0376 14240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:46:13.0378 14240 fastfat - ok
13:46:13.0485 14240 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:46:13.0511 14240 Fax - ok
13:46:13.0525 14240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:46:13.0529 14240 fdc - ok
13:46:13.0548 14240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:46:13.0550 14240 fdPHost - ok
13:46:13.0560 14240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:46:13.0562 14240 FDResPub - ok
13:46:13.0583 14240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:46:13.0586 14240 FileInfo - ok
13:46:13.0606 14240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:46:13.0609 14240 Filetrace - ok
13:46:13.0764 14240 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:46:13.0783 14240 FLEXnet Licensing Service - ok
13:46:13.0966 14240 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:46:13.0971 14240 FLEXnet Licensing Service 64 - ok
13:46:14.0110 14240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:46:14.0114 14240 flpydisk - ok
13:46:14.0179 14240 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:46:14.0186 14240 FltMgr - ok
13:46:14.0332 14240 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:46:14.0352 14240 FontCache - ok
13:46:14.0449 14240 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:46:14.0451 14240 FontCache3.0.0.0 - ok
13:46:14.0521 14240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:46:14.0524 14240 FsDepends - ok
13:46:14.0567 14240 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:46:14.0569 14240 Fs_Rec - ok
13:46:14.0622 14240 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:46:14.0628 14240 fvevol - ok
13:46:14.0653 14240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:46:14.0655 14240 gagp30kx - ok
13:46:14.0686 14240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:46:14.0688 14240 GEARAspiWDM - ok
13:46:14.0797 14240 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:46:14.0798 14240 GoToAssist - ok
13:46:14.0900 14240 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:46:14.0919 14240 gpsvc - ok
13:46:14.0938 14240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:46:14.0939 14240 hcw85cir - ok
13:46:15.0017 14240 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:46:15.0021 14240 HdAudAddService - ok
13:46:15.0061 14240 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:46:15.0065 14240 HDAudBus - ok
13:46:15.0073 14240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:46:15.0075 14240 HidBatt - ok
13:46:15.0104 14240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:46:15.0108 14240 HidBth - ok
13:46:15.0133 14240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:46:15.0136 14240 HidIr - ok
13:46:15.0153 14240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:46:15.0159 14240 hidserv - ok
13:46:15.0202 14240 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:46:15.0204 14240 HidUsb - ok
13:46:15.0243 14240 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:46:15.0266 14240 hkmsvc - ok
13:46:15.0309 14240 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:46:15.0319 14240 HomeGroupListener - ok
13:46:15.0374 14240 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:46:15.0385 14240 HomeGroupProvider - ok
13:46:15.0411 14240 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:46:15.0413 14240 HpSAMD - ok
13:46:15.0501 14240 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:46:15.0519 14240 HTTP - ok
13:46:15.0529 14240 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:46:15.0530 14240 hwpolicy - ok
13:46:15.0579 14240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:46:15.0583 14240 i8042prt - ok
13:46:15.0670 14240 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
13:46:15.0672 14240 iaStor - ok
13:46:15.0761 14240 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:46:15.0762 14240 IAStorDataMgrSvc - ok
13:46:15.0840 14240 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:46:15.0850 14240 iaStorV - ok
13:46:15.0906 14240 iBtFltCoex (806422f30df9ce8307457485779c77b7) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:46:15.0910 14240 iBtFltCoex - ok
13:46:16.0072 14240 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:46:16.0086 14240 idsvc - ok
13:46:16.0874 14240 igfx (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:46:17.0089 14240 igfx - ok
13:46:17.0241 14240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:46:17.0244 14240 iirsp - ok
13:46:17.0338 14240 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:46:17.0368 14240 IKEEXT - ok
13:46:17.0435 14240 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
13:46:17.0440 14240 Impcd - ok
13:46:17.0488 14240 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
13:46:17.0491 14240 intaud_WaveExtensible - ok
13:46:17.0745 14240 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
13:46:17.0757 14240 IntcAzAudAddService - ok
13:46:17.0927 14240 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:46:17.0935 14240 IntcDAud - ok
13:46:17.0966 14240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:46:17.0967 14240 intelide - ok
13:46:18.0004 14240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:46:18.0005 14240 intelppm - ok
13:46:18.0036 14240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:46:18.0058 14240 IPBusEnum - ok
13:46:18.0077 14240 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:46:18.0081 14240 IpFilterDriver - ok
13:46:18.0157 14240 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:46:18.0172 14240 iphlpsvc - ok
13:46:18.0185 14240 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:46:18.0189 14240 IPMIDRV - ok
13:46:18.0217 14240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:46:18.0219 14240 IPNAT - ok
13:46:18.0408 14240 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:46:18.0422 14240 iPod Service - ok
13:46:18.0443 14240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:46:18.0444 14240 IRENUM - ok
13:46:18.0463 14240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:46:18.0466 14240 isapnp - ok
13:46:18.0515 14240 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:46:18.0522 14240 iScsiPrt - ok
13:46:18.0561 14240 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
13:46:18.0563 14240 iwdbus - ok
13:46:18.0589 14240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:46:18.0592 14240 kbdclass - ok
13:46:18.0625 14240 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:46:18.0628 14240 kbdhid - ok
13:46:18.0665 14240 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:46:18.0670 14240 KeyIso - ok
13:46:18.0695 14240 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:46:18.0697 14240 KSecDD - ok
13:46:18.0725 14240 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:46:18.0727 14240 KSecPkg - ok
13:46:18.0744 14240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:46:18.0745 14240 ksthunk - ok
13:46:18.0790 14240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:46:18.0800 14240 KtmRm - ok
13:46:18.0884 14240 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:46:18.0897 14240 LanmanServer - ok
13:46:18.0927 14240 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:46:18.0932 14240 LanmanWorkstation - ok
13:46:18.0969 14240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:46:18.0973 14240 lltdio - ok
13:46:19.0029 14240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:46:19.0037 14240 lltdsvc - ok
13:46:19.0058 14240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:46:19.0061 14240 lmhosts - ok
13:46:19.0201 14240 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:46:19.0207 14240 LMS - ok
13:46:19.0262 14240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:46:19.0266 14240 LSI_FC - ok
13:46:19.0288 14240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:46:19.0293 14240 LSI_SAS - ok
13:46:19.0321 14240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:46:19.0325 14240 LSI_SAS2 - ok
13:46:19.0356 14240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:46:19.0358 14240 LSI_SCSI - ok
13:46:19.0386 14240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:46:19.0390 14240 luafv - ok
13:46:19.0452 14240 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:46:19.0454 14240 MBAMProtector - ok
13:46:19.0570 14240 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:46:19.0581 14240 MBAMService - ok
13:46:19.0629 14240 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:46:19.0644 14240 Mcx2Svc - ok
13:46:19.0666 14240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:46:19.0669 14240 megasas - ok
13:46:19.0720 14240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:46:19.0724 14240 MegaSR - ok
13:46:19.0774 14240 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:46:19.0777 14240 MEIx64 - ok
13:46:19.0831 14240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:46:19.0838 14240 MMCSS - ok
13:46:19.0862 14240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:46:19.0865 14240 Modem - ok
13:46:19.0890 14240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:46:19.0892 14240 monitor - ok
13:46:19.0916 14240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:46:19.0917 14240 mouclass - ok
13:46:19.0951 14240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:46:19.0954 14240 mouhid - ok
13:46:19.0987 14240 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:46:19.0991 14240 mountmgr - ok
13:46:20.0024 14240 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:46:20.0035 14240 mpio - ok
13:46:20.0053 14240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:46:20.0054 14240 mpsdrv - ok
13:46:20.0177 14240 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:46:20.0199 14240 MpsSvc - ok
13:46:20.0228 14240 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:46:20.0232 14240 MRxDAV - ok
13:46:20.0277 14240 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:46:20.0283 14240 mrxsmb - ok
13:46:20.0331 14240 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:46:20.0339 14240 mrxsmb10 - ok
13:46:20.0376 14240 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:46:20.0378 14240 mrxsmb20 - ok
13:46:20.0406 14240 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:46:20.0409 14240 msahci - ok
13:46:20.0445 14240 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:46:20.0450 14240 msdsm - ok
13:46:20.0492 14240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:46:20.0502 14240 MSDTC - ok
13:46:20.0527 14240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:46:20.0530 14240 Msfs - ok
13:46:20.0547 14240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:46:20.0548 14240 mshidkmdf - ok
13:46:20.0558 14240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:46:20.0559 14240 msisadrv - ok
13:46:20.0614 14240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:46:20.0631 14240 MSiSCSI - ok
13:46:20.0638 14240 msiserver - ok
13:46:20.0674 14240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:46:20.0677 14240 MSKSSRV - ok
13:46:20.0707 14240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:46:20.0710 14240 MSPCLOCK - ok
13:46:20.0718 14240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:46:20.0720 14240 MSPQM - ok
13:46:20.0775 14240 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:46:20.0784 14240 MsRPC - ok
13:46:20.0809 14240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:46:20.0810 14240 mssmbios - ok
 
2nd half of TDSS Killer log:

13:46:20.0830 14240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:46:20.0833 14240 MSTEE - ok
13:46:20.0854 14240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:46:20.0857 14240 MTConfig - ok
13:46:20.0882 14240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:46:20.0885 14240 Mup - ok
13:46:21.0035 14240 MyWiFiDHCPDNS (265937bc59819df1dab65e27c60f94c0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:46:21.0049 14240 MyWiFiDHCPDNS - ok
13:46:21.0135 14240 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:46:21.0151 14240 napagent - ok
13:46:21.0293 14240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:46:21.0306 14240 NativeWifiP - ok
13:46:21.0438 14240 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:46:21.0458 14240 NDIS - ok
13:46:21.0477 14240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:46:21.0478 14240 NdisCap - ok
13:46:21.0517 14240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:46:21.0520 14240 NdisTapi - ok
13:46:21.0546 14240 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:46:21.0550 14240 Ndisuio - ok
13:46:21.0580 14240 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:46:21.0584 14240 NdisWan - ok
13:46:21.0608 14240 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:46:21.0611 14240 NDProxy - ok
13:46:21.0622 14240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:46:21.0625 14240 NetBIOS - ok
13:46:21.0668 14240 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:46:21.0671 14240 NetBT - ok
13:46:21.0719 14240 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:46:21.0721 14240 Netlogon - ok
13:46:21.0792 14240 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:46:21.0800 14240 Netman - ok
13:46:21.0924 14240 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:21.0945 14240 NetMsmqActivator - ok
13:46:21.0952 14240 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:21.0957 14240 NetPipeActivator - ok
13:46:22.0029 14240 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:46:22.0054 14240 netprofm - ok
13:46:22.0060 14240 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:22.0062 14240 NetTcpActivator - ok
13:46:22.0064 14240 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:22.0065 14240 NetTcpPortSharing - ok
13:46:22.0685 14240 NETwNs64 (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
13:46:22.0881 14240 NETwNs64 - ok
13:46:23.0001 14240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:46:23.0004 14240 nfrd960 - ok
13:46:23.0075 14240 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:46:23.0088 14240 NlaSvc - ok
13:46:23.0109 14240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:46:23.0111 14240 Npfs - ok
13:46:23.0124 14240 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:46:23.0127 14240 nsi - ok
13:46:23.0144 14240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:46:23.0145 14240 nsiproxy - ok
13:46:23.0332 14240 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:46:23.0382 14240 Ntfs - ok
13:46:23.0523 14240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:46:23.0526 14240 Null - ok
13:46:23.0575 14240 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:46:23.0579 14240 nusb3hub - ok
13:46:23.0635 14240 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:46:23.0641 14240 nusb3xhc - ok
13:46:23.0691 14240 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:46:23.0697 14240 nvraid - ok
13:46:23.0727 14240 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:46:23.0730 14240 nvstor - ok
13:46:23.0777 14240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:46:23.0782 14240 nv_agp - ok
13:46:23.0805 14240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:46:23.0809 14240 ohci1394 - ok
13:46:23.0911 14240 OSDSvc (fbe1d971eb64abf4ce37b519307c94f1) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
13:46:23.0915 14240 OSDSvc - ok
13:46:23.0985 14240 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:46:24.0005 14240 ose - ok
13:46:24.0461 14240 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:46:24.0563 14240 osppsvc - ok
13:46:24.0724 14240 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:46:24.0728 14240 p2pimsvc - ok
13:46:24.0769 14240 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:46:24.0787 14240 p2psvc - ok
13:46:24.0845 14240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:46:24.0847 14240 Parport - ok
13:46:24.0902 14240 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:46:24.0905 14240 partmgr - ok
13:46:24.0943 14240 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:46:24.0954 14240 PcaSvc - ok
13:46:25.0013 14240 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:46:25.0019 14240 pci - ok
13:46:25.0043 14240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:46:25.0046 14240 pciide - ok
13:46:25.0080 14240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:46:25.0083 14240 pcmcia - ok
13:46:25.0100 14240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:46:25.0101 14240 pcw - ok
13:46:25.0172 14240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:46:25.0182 14240 PEAUTH - ok
13:46:25.0284 14240 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:46:25.0291 14240 PerfHost - ok
13:46:25.0460 14240 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:46:25.0498 14240 pla - ok
13:46:25.0572 14240 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:46:25.0589 14240 PlugPlay - ok
13:46:25.0605 14240 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:46:25.0612 14240 PNRPAutoReg - ok
13:46:25.0675 14240 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:46:25.0687 14240 PNRPsvc - ok
13:46:25.0804 14240 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:46:25.0819 14240 PolicyAgent - ok
13:46:25.0867 14240 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:46:25.0873 14240 Power - ok
13:46:25.0961 14240 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:46:25.0966 14240 PptpMiniport - ok
13:46:25.0988 14240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:46:25.0990 14240 Processor - ok
13:46:26.0044 14240 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:46:26.0056 14240 ProfSvc - ok
13:46:26.0097 14240 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:46:26.0103 14240 ProtectedStorage - ok
13:46:26.0137 14240 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:46:26.0145 14240 Psched - ok
13:46:26.0200 14240 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:46:26.0202 14240 PxHlpa64 - ok
13:46:26.0362 14240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:46:26.0406 14240 ql2300 - ok
13:46:26.0562 14240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:46:26.0567 14240 ql40xx - ok
13:46:26.0625 14240 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:46:26.0648 14240 QWAVE - ok
13:46:26.0659 14240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:46:26.0663 14240 QWAVEdrv - ok
13:46:26.0685 14240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:46:26.0686 14240 RasAcd - ok
13:46:26.0731 14240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:46:26.0738 14240 RasAgileVpn - ok
13:46:26.0771 14240 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:46:26.0805 14240 RasAuto - ok
13:46:26.0831 14240 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:46:26.0836 14240 Rasl2tp - ok
13:46:26.0886 14240 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:46:26.0896 14240 RasMan - ok
13:46:26.0927 14240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:46:26.0931 14240 RasPppoe - ok
13:46:26.0960 14240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:46:26.0964 14240 RasSstp - ok
13:46:27.0010 14240 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:46:27.0021 14240 rdbss - ok
13:46:27.0037 14240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:46:27.0039 14240 rdpbus - ok
13:46:27.0059 14240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:46:27.0062 14240 RDPCDD - ok
13:46:27.0101 14240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:46:27.0103 14240 RDPENCDD - ok
13:46:27.0123 14240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:46:27.0126 14240 RDPREFMP - ok
13:46:27.0190 14240 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:46:27.0196 14240 RDPWD - ok
13:46:27.0247 14240 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:46:27.0255 14240 rdyboost - ok
13:46:27.0459 14240 RegSrvc (7196be857e29007470ff9b689c7f29a7) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:46:27.0474 14240 RegSrvc - ok
13:46:27.0518 14240 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:46:27.0523 14240 RemoteAccess - ok
13:46:27.0566 14240 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:46:27.0584 14240 RemoteRegistry - ok
13:46:27.0676 14240 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:46:27.0684 14240 RFCOMM - ok
13:46:27.0908 14240 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:46:27.0938 14240 RoxMediaDB12OEM - ok
13:46:27.0997 14240 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:46:28.0002 14240 RoxWatch12 - ok
13:46:28.0151 14240 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:46:28.0161 14240 RpcEptMapper - ok
13:46:28.0195 14240 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:46:28.0201 14240 RpcLocator - ok
13:46:28.0287 14240 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:46:28.0301 14240 RpcSs - ok
13:46:28.0373 14240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:46:28.0377 14240 rspndr - ok
13:46:28.0437 14240 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
13:46:28.0443 14240 RSUSBSTOR - ok
13:46:28.0541 14240 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:46:28.0544 14240 RTL8167 - ok
13:46:28.0576 14240 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:46:28.0582 14240 SamSs - ok
13:46:28.0619 14240 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:46:28.0623 14240 sbp2port - ok
13:46:28.0838 14240 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:46:28.0856 14240 SBSDWSCService - ok
13:46:28.0897 14240 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:46:28.0914 14240 SCardSvr - ok
13:46:28.0972 14240 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:46:28.0975 14240 scfilter - ok
13:46:29.0090 14240 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:46:29.0113 14240 Schedule - ok
13:46:29.0151 14240 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:46:29.0154 14240 SCPolicySvc - ok
13:46:29.0192 14240 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:46:29.0209 14240 SDRSVC - ok
13:46:29.0270 14240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:46:29.0272 14240 secdrv - ok
13:46:29.0320 14240 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:46:29.0323 14240 seclogon - ok
13:46:29.0344 14240 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:46:29.0347 14240 SENS - ok
13:46:29.0373 14240 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:46:29.0376 14240 SensrSvc - ok
13:46:29.0406 14240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:46:29.0409 14240 Serenum - ok
13:46:29.0434 14240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:46:29.0438 14240 Serial - ok
13:46:29.0459 14240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:46:29.0461 14240 sermouse - ok
13:46:29.0491 14240 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:46:29.0513 14240 SessionEnv - ok
13:46:29.0540 14240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:46:29.0542 14240 sffdisk - ok
13:46:29.0561 14240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:46:29.0564 14240 sffp_mmc - ok
13:46:29.0578 14240 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:46:29.0581 14240 sffp_sd - ok
13:46:29.0594 14240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:46:29.0595 14240 sfloppy - ok
13:46:29.0717 14240 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:46:29.0730 14240 Sftfs - ok
13:46:29.0861 14240 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:46:29.0872 14240 sftlist - ok
13:46:29.0919 14240 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:46:29.0925 14240 Sftplay - ok
13:46:29.0940 14240 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:46:29.0943 14240 Sftredir - ok
13:46:30.0191 14240 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:46:30.0199 14240 SftService - ok
13:46:31.0851 14240 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:46:31.0853 14240 Sftvol - ok
13:46:32.0588 14240 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:46:32.0621 14240 sftvsa - ok
13:46:33.0483 14240 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:46:33.0527 14240 SharedAccess - ok
13:46:34.0194 14240 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:46:34.0229 14240 ShellHWDetection - ok
13:46:34.0363 14240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:46:34.0406 14240 SiSRaid2 - ok
13:46:34.0605 14240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:46:34.0637 14240 SiSRaid4 - ok
13:46:34.0852 14240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:46:34.0897 14240 Smb - ok
13:46:34.0995 14240 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:46:35.0005 14240 SNMPTRAP - ok
13:46:35.0051 14240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:46:35.0053 14240 spldr - ok
13:46:36.0155 14240 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:46:36.0194 14240 Spooler - ok
13:46:37.0785 14240 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:46:37.0886 14240 sppsvc - ok
13:46:38.0543 14240 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:46:38.0547 14240 sppuinotify - ok
13:46:38.0669 14240 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:46:38.0689 14240 srv - ok
13:46:38.0777 14240 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:46:38.0804 14240 srv2 - ok
13:46:38.0840 14240 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:46:38.0842 14240 srvnet - ok
13:46:38.0901 14240 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:46:38.0932 14240 SSDPSRV - ok
13:46:38.0974 14240 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:46:38.0977 14240 SstpSvc - ok
13:46:39.0005 14240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:46:39.0006 14240 stexstor - ok
13:46:39.0116 14240 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:46:39.0139 14240 stisvc - ok
13:46:39.0223 14240 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:46:39.0227 14240 stllssvr - ok
13:46:39.0269 14240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:46:39.0271 14240 swenum - ok
13:46:39.0362 14240 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:46:39.0378 14240 swprv - ok
13:46:39.0642 14240 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:46:39.0673 14240 SysMain - ok
13:46:39.0856 14240 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:46:39.0860 14240 TabletInputService - ok
13:46:39.0910 14240 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:46:39.0924 14240 TapiSrv - ok
13:46:39.0946 14240 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:46:39.0956 14240 TBS - ok
13:46:40.0353 14240 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:46:40.0429 14240 Tcpip - ok
13:46:40.0781 14240 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:46:40.0790 14240 TCPIP6 - ok
13:46:40.0893 14240 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:46:40.0897 14240 tcpipreg - ok
13:46:40.0923 14240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:46:40.0926 14240 TDPIPE - ok
13:46:40.0964 14240 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:46:40.0967 14240 TDTCP - ok
13:46:41.0020 14240 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:46:41.0022 14240 tdx - ok
13:46:41.0039 14240 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:46:41.0040 14240 TermDD - ok
13:46:41.0133 14240 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:46:41.0156 14240 TermService - ok
13:46:41.0173 14240 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:46:41.0183 14240 Themes - ok
13:46:41.0218 14240 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:46:41.0220 14240 THREADORDER - ok
13:46:41.0244 14240 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:46:41.0278 14240 TrkWks - ok
13:46:41.0354 14240 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:46:41.0358 14240 TrustedInstaller - ok
13:46:41.0387 14240 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:46:41.0388 14240 tssecsrv - ok
13:46:41.0443 14240 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:46:41.0447 14240 TsUsbFlt - ok
13:46:41.0472 14240 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:46:41.0475 14240 TsUsbGD - ok
13:46:41.0527 14240 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:46:41.0531 14240 tunnel - ok
13:46:41.0558 14240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:46:41.0561 14240 uagp35 - ok
13:46:41.0616 14240 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:46:41.0621 14240 udfs - ok
13:46:41.0658 14240 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:46:41.0678 14240 UI0Detect - ok
13:46:41.0705 14240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:46:41.0710 14240 uliagpkx - ok
13:46:41.0733 14240 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:46:41.0734 14240 umbus - ok
13:46:41.0744 14240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:46:41.0746 14240 UmPass - ok
13:46:42.0043 14240 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:46:42.0054 14240 UNS - ok
13:46:42.0251 14240 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:46:42.0266 14240 upnphost - ok
13:46:42.0366 14240 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
13:46:42.0371 14240 usbccgp - ok
13:46:42.0407 14240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:46:42.0411 14240 usbcir - ok
13:46:42.0431 14240 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:46:42.0434 14240 usbehci - ok
13:46:42.0517 14240 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:46:42.0526 14240 usbhub - ok
13:46:42.0561 14240 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:46:42.0565 14240 usbohci - ok
13:46:42.0589 14240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:46:42.0593 14240 usbprint - ok
13:46:42.0614 14240 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:46:42.0616 14240 USBSTOR - ok
13:46:42.0647 14240 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:46:42.0651 14240 usbuhci - ok
13:46:42.0707 14240 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:46:42.0713 14240 usbvideo - ok
13:46:42.0743 14240 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:46:42.0746 14240 UxSms - ok
13:46:42.0784 14240 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:46:42.0786 14240 VaultSvc - ok
13:46:42.0807 14240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:46:42.0808 14240 vdrvroot - ok
13:46:42.0860 14240 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:46:42.0870 14240 vds - ok
13:46:42.0890 14240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:46:42.0894 14240 vga - ok
13:46:42.0915 14240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:46:42.0917 14240 VgaSave - ok
13:46:42.0952 14240 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:46:42.0959 14240 vhdmp - ok
13:46:42.0974 14240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:46:42.0977 14240 viaide - ok
13:46:43.0011 14240 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:46:43.0014 14240 volmgr - ok
13:46:43.0074 14240 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:46:43.0083 14240 volmgrx - ok
13:46:43.0130 14240 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:46:43.0138 14240 volsnap - ok
13:46:43.0159 14240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:46:43.0162 14240 vsmraid - ok
13:46:43.0355 14240 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:46:43.0407 14240 VSS - ok
13:46:43.0542 14240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:46:43.0545 14240 vwifibus - ok
13:46:43.0579 14240 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:46:43.0583 14240 vwififlt - ok
13:46:43.0618 14240 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:46:43.0621 14240 vwifimp - ok
13:46:43.0696 14240 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:46:43.0718 14240 W32Time - ok
13:46:43.0738 14240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:46:43.0740 14240 WacomPen - ok
13:46:43.0785 14240 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:46:43.0786 14240 WANARP - ok
13:46:43.0789 14240 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:46:43.0790 14240 Wanarpv6 - ok
13:46:43.0957 14240 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:46:43.0976 14240 WatAdminSvc - ok
13:46:44.0153 14240 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:46:44.0219 14240 wbengine - ok
13:46:44.0361 14240 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:46:44.0387 14240 WbioSrvc - ok
13:46:44.0451 14240 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:46:44.0474 14240 wcncsvc - ok
13:46:44.0492 14240 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:46:44.0511 14240 WcsPlugInService - ok
13:46:44.0560 14240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:46:44.0563 14240 Wd - ok
13:46:44.0649 14240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:46:44.0656 14240 Wdf01000 - ok
13:46:44.0684 14240 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:46:44.0695 14240 WdiServiceHost - ok
13:46:44.0702 14240 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:46:44.0711 14240 WdiSystemHost - ok
13:46:44.0756 14240 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:46:44.0776 14240 WebClient - ok
13:46:44.0814 14240 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:46:44.0830 14240 Wecsvc - ok
13:46:44.0854 14240 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:46:44.0857 14240 wercplsupport - ok
13:46:44.0898 14240 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:46:44.0924 14240 WerSvc - ok
13:46:44.0995 14240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:46:44.0998 14240 WfpLwf - ok
13:46:45.0195 14240 WiMAXAppSrv (49f06c7d5517de53d848f38b9ae86a7c) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
13:46:45.0209 14240 WiMAXAppSrv - ok
13:46:45.0264 14240 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:46:45.0269 14240 WimFltr - ok
13:46:45.0291 14240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:46:45.0294 14240 WIMMount - ok
13:46:45.0301 14240 WinDefend - ok
13:46:45.0317 14240 WinHttpAutoProxySvc - ok
13:46:45.0406 14240 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:46:45.0413 14240 Winmgmt - ok
13:46:45.0651 14240 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:46:45.0705 14240 WinRM - ok
13:46:45.0898 14240 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:46:45.0927 14240 Wlansvc - ok
13:46:46.0009 14240 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:46:46.0013 14240 wlcrasvc - ok
13:46:46.0453 14240 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:46:46.0463 14240 wlidsvc - ok
13:46:46.0657 14240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:46:46.0659 14240 WmiAcpi - ok
13:46:46.0758 14240 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:46:46.0773 14240 wmiApSrv - ok
13:46:46.0839 14240 WMPNetworkSvc - ok
13:46:46.0885 14240 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:46:46.0889 14240 WPCSvc - ok
13:46:46.0911 14240 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:46:46.0944 14240 WPDBusEnum - ok
13:46:46.0975 14240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:46:46.0978 14240 ws2ifsl - ok
13:46:47.0010 14240 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:46:47.0014 14240 wscsvc - ok
13:46:47.0017 14240 WSearch - ok
13:46:47.0229 14240 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:46:47.0294 14240 wuauserv - ok
13:46:47.0454 14240 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:46:47.0458 14240 WudfPf - ok
13:46:47.0513 14240 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:46:47.0519 14240 WUDFRd - ok
13:46:47.0558 14240 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:46:47.0566 14240 wudfsvc - ok
13:46:47.0596 14240 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:46:47.0601 14240 WwanSvc - ok
13:46:47.0666 14240 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:46:47.0991 14240 \Device\Harddisk0\DR0 - ok
13:46:47.0997 14240 Boot (0x1200) (d747d307a98412ec78297122d7ab9b2f) \Device\Harddisk0\DR0\Partition0
13:46:48.0000 14240 \Device\Harddisk0\DR0\Partition0 - ok
13:46:48.0020 14240 Boot (0x1200) (6fe66090d9e96e0d99773981cebdaf3a) \Device\Harddisk0\DR0\Partition1
13:46:48.0022 14240 \Device\Harddisk0\DR0\Partition1 - ok
13:46:48.0022 14240 ============================================================
13:46:48.0022 14240 Scan finished
13:46:48.0022 14240 ============================================================
13:46:48.0030 13000 Detected object count: 0
13:46:48.0030 13000 Actual detected object count: 0
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-06-03.04 - Janice 06/03/2012 15:47:48.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3985 [GMT -5:00]
Running from: c:\users\Janice\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 20:53 . 2012-06-03 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-02 19:35 . 2012-06-02 19:35 -------- d-----w- c:\users\Janice\AppData\Roaming\Malwarebytes
2012-06-02 19:33 . 2012-06-02 19:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-02 19:33 . 2012-06-02 19:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-02 19:33 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 18:44 . 2012-06-02 18:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-02 18:44 . 2012-06-02 18:44 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 17:55 . 2012-06-02 17:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-02 17:55 . 2012-06-02 17:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-02 17:55 . 2012-06-02 17:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-02 17:55 . 2012-06-02 17:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-02 17:55 . 2012-06-02 17:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-02 17:55 . 2012-06-02 17:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-02 17:55 . 2012-06-02 17:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-02 17:55 . 2012-06-02 17:55 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-01 11:47 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D692745-8FA2-49FF-BF37-3D77DF999BD5}\mpengine.dll
2012-05-15 03:37 . 2012-05-15 03:37 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 03:37 . 2012-05-15 03:37 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-15 00:40 . 2012-05-15 00:40 -------- d-----w- c:\users\Janice\AppData\Local\BMExplorer
2012-05-14 20:15 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-14 20:15 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-14 20:15 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-14 20:15 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-14 20:15 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-14 20:14 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-14 20:14 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 20:54 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 20:54 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 20:54 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 20:54 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 20:54 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 20:54 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 18:44 . 2011-10-22 21:52 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 18:41 . 2012-04-01 22:13 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 18:41 . 2011-10-22 21:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 01:43 . 2012-04-13 22:43 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-03 03:34 . 2012-04-03 03:34 0 ----a-w- c:\windows\SysWow64\sho6892.tmp
2012-03-06 23:15 . 2011-12-01 03:48 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-12-01 03:48 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-12-01 03:49 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-01 03:49 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-06 23:04 . 2011-12-01 03:49 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-12-01 03:49 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:03 . 2011-12-01 03:49 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-06 23:02 . 2012-03-03 01:34 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-03-06 23:02 . 2012-03-03 01:34 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-12-01 03:49 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-12-01 03:49 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-12-01 03:49 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_12.31.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-23 11:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-23 11:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-23 11:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-08 01:00 . 2012-05-30 02:02 87952 c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe
- 2012-02-21 14:03 . 2012-02-21 14:03 86016 c:\windows\SysWOW64\Adobe\Shockwave 11\SwMenu.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 86016 c:\windows\SysWOW64\Adobe\Shockwave 11\SwMenu.dll
- 2012-02-21 13:46 . 2012-02-21 13:46 73408 c:\windows\SysWOW64\Adobe\Shockwave 11\gtapi.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 73408 c:\windows\SysWOW64\Adobe\Shockwave 11\gtapi.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 64512 c:\windows\SysWOW64\Adobe\Shockwave 11\gcapi_dll.dll
- 2012-02-21 13:46 . 2012-02-21 13:46 64512 c:\windows\SysWOW64\Adobe\Shockwave 11\gcapi_dll.dll
- 2012-02-21 14:04 . 2012-02-21 14:04 12800 c:\windows\SysWOW64\Adobe\Shockwave 11\DynaPlayer.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 12800 c:\windows\SysWOW64\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-11-21 03:09 . 2012-06-03 12:55 56852 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-03 19:53 40220 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-10-31 20:51 . 2012-05-23 11:30 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-31 20:51 . 2012-06-03 19:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-31 20:51 . 2012-05-23 11:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-31 20:51 . 2012-06-03 19:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-23 11:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-03 19:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-03 19:49 . 2012-06-03 19:49 1856 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-05-22 02:35 . 2012-05-22 02:35 1856 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-11-02 02:52 . 2012-06-03 19:53 9246 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2121233622-237679639-1210101675-1000_UserData.bin
+ 2012-05-28 03:13 . 2012-05-28 03:13 9560 c:\windows\system32\NetworkList\Icons\{5D5757A9-E53D-42CC-A56C-18D859C2AF22}_48.bin
+ 2012-05-28 03:13 . 2012-05-28 03:13 4280 c:\windows\system32\NetworkList\Icons\{5D5757A9-E53D-42CC-A56C-18D859C2AF22}_32.bin
+ 2012-05-28 03:13 . 2012-05-28 03:13 2456 c:\windows\system32\NetworkList\Icons\{5D5757A9-E53D-42CC-A56C-18D859C2AF22}_24.bin
- 2012-05-23 11:28 . 2012-05-23 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-03 19:49 . 2012-06-03 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-03 19:49 . 2012-06-03 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-23 11:28 . 2012-05-23 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-02 18:41 . 2012-06-02 18:41 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
- 2012-04-01 22:13 . 2012-05-06 01:43 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-01 22:13 . 2012-06-02 18:41 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-02 18:44 . 2012-06-02 18:44 227784 c:\windows\SysWOW64\javaws.exe
+ 2011-11-24 13:18 . 2012-06-02 18:44 174024 c:\windows\SysWOW64\javaw.exe
+ 2011-11-24 13:18 . 2012-06-02 18:44 174024 c:\windows\SysWOW64\java.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 284088 c:\windows\SysWOW64\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 114176 c:\windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe
- 2012-02-21 14:03 . 2012-02-21 14:03 114176 c:\windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe
- 2012-02-21 14:04 . 2012-02-21 14:04 434176 c:\windows\SysWOW64\Adobe\Shockwave 11\Proj.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 434176 c:\windows\SysWOW64\Adobe\Shockwave 11\Proj.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 366592 c:\windows\SysWOW64\Adobe\Shockwave 11\Plugin.dll
- 2012-02-21 13:50 . 2012-02-21 13:50 990208 c:\windows\SysWOW64\Adobe\Shockwave 11\iml32.dll
+ 2012-04-26 12:54 . 2012-04-26 12:54 990208 c:\windows\SysWOW64\Adobe\Shockwave 11\iml32.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 544256 c:\windows\SysWOW64\Adobe\Shockwave 11\Control.dll
+ 2012-04-26 13:12 . 2012-04-26 13:12 113592 c:\windows\SysWOW64\Adobe\Director\SWDNLD.EXE
- 2012-02-02 13:56 . 2012-02-02 13:56 113592 c:\windows\SysWOW64\Adobe\Director\SWDNLD.EXE
- 2012-02-02 13:56 . 2012-02-02 13:56 281016 c:\windows\SysWOW64\Adobe\Director\SwDir.dll
+ 2012-04-26 13:12 . 2012-04-26 13:12 281016 c:\windows\SysWOW64\Adobe\Director\SwDir.dll
- 2012-02-21 14:04 . 2012-02-21 14:04 145920 c:\windows\SysWOW64\Adobe\Director\np32dsw.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 145920 c:\windows\SysWOW64\Adobe\Director\np32dsw.dll
+ 2011-11-06 12:54 . 2012-06-02 04:02 310634 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-11-06 17:46 . 2012-06-03 18:21 329176 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-23 12:03 660770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-02 21:15 660770 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-02 21:15 121408 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-23 12:03 121408 c:\windows\system32\perfc009.dat
+ 2012-06-02 18:41 . 2012-06-02 18:41 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
+ 2009-07-14 05:01 . 2012-06-03 19:49 970432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-22 02:35 970432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-02 18:44 . 2012-06-02 18:44 179200 c:\windows\Installer\1526d92.msi
+ 2012-06-02 18:43 . 2012-06-02 18:43 867328 c:\windows\Installer\1526d82.msi
+ 2012-06-02 17:58 . 2012-06-02 17:58 897024 c:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
+ 2012-06-02 18:41 . 2012-06-02 18:41 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2012-04-26 13:11 . 2012-04-26 13:11 1040824 c:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1165635.exe
- 2012-02-21 13:46 . 2012-02-21 13:46 2376368 c:\windows\SysWOW64\Adobe\Shockwave 11\gt.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 2376368 c:\windows\SysWOW64\Adobe\Shockwave 11\gt.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 1231360 c:\windows\SysWOW64\Adobe\Shockwave 11\gi.dll
+ 2012-04-26 12:55 . 2012-04-26 12:55 1742336 c:\windows\SysWOW64\Adobe\Shockwave 11\dirapi.dll
- 2012-02-21 13:52 . 2012-02-21 13:52 1742336 c:\windows\SysWOW64\Adobe\Shockwave 11\dirapi.dll
- 2011-10-22 22:03 . 2012-05-21 22:49 2720160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-22 22:03 . 2012-06-03 04:42 2720160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-02 18:41 . 2012-06-02 18:41 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
+ 2011-10-31 23:00 . 2012-06-03 19:49 11586984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2121233622-237679639-1210101675-1000-8192.dat
+ 2011-10-31 23:00 . 2012-05-31 03:25 16272428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2121233622-237679639-1210101675-1000-4096.dat
- 2011-10-31 23:00 . 2012-05-20 20:28 16272428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2121233622-237679639-1210101675-1000-4096.dat
- 2011-10-31 23:00 . 2012-04-26 03:23 10105456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2121233622-237679639-1210101675-1000-12288.dat
+ 2011-10-31 23:00 . 2012-06-03 04:42 10105456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2121233622-237679639-1210101675-1000-12288.dat
+ 2012-06-02 17:57 . 2012-06-02 17:57 38233600 c:\windows\Installer\1278409.msi
+ 2012-06-02 17:54 . 2012-06-02 17:54 26820096 c:\windows\Installer\12783e3.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Facebook Update"="c:\users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-11 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-29 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-11-22 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-12-30 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/22 17:25;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-07-13 150920]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2011-11-22 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-19 1038088]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [2010-10-01 151552]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-12-17 53920]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FIXTDSS
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - FixTDSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:41]
.
2012-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000Core.job
- c:\users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 01:33]
.
2012-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000UA.job
- c:\users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 01:33]
.
2012-05-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2010-12-17 613536]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2010-12-17 379040]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mysanantonio.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\rik40xt4.default\
FF - prefs.js: browser.startup.homepage - mysanantonio.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-03 15:55:40
ComboFix-quarantined-files.txt 2012-06-03 20:55
ComboFix2.txt 2012-05-23 12:33
.
Pre-Run: 463,677,116,416 bytes free
Post-Run: 463,510,233,088 bytes free
.
- - End Of File - - 7C393937727FA12C17B199D449CA62E7
 
Looks good.

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
It's still redirecting anytime I click on a search result.
Sending the OLT and Extras in several separate posts

OLT.txt (part 1 of 2)
OTL logfile created on: 6/3/2012 7:40:26 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Janice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.90 Gb Total Physical Memory | 3.72 Gb Available Physical Memory | 63.17% Memory free
11.79 Gb Paging File | 9.40 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.54 Gb Total Space | 431.75 Gb Free Space | 74.89% Space Free | Partition Type: NTFS

Computer Name: JANICE-LAPTOP | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/03 19:37:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 18:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/18 12:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 12:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 12:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 12:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/04/13 10:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/04/01 17:08:30 | 000,660,480 | ---- | M] (DELL) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
PRC - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/01 15:07:46 | 000,176,128 | ---- | M] (Chicony) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/10/29 16:20:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/10/01 12:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/15 10:52:39 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\9781fa053a605fae45d9ef57126760f6\IAStorUtil.ni.dll
MOD - [2012/05/15 10:52:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MOD - [2012/05/15 10:52:33 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/15 10:50:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/15 10:50:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/15 10:50:33 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/15 10:50:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/15 10:50:18 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/15 10:50:16 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/15 10:50:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/15 10:50:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/15 10:50:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/15 10:50:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 10:49:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2011/05/30 11:25:10 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2011/05/30 11:25:10 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/06 18:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/11/18 23:17:47 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/11/01 14:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/11/01 14:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/11/01 14:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/10/20 19:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011/10/19 15:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/11/20 22:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/11/07 12:04:00 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/11/07 11:56:30 | 000,869,376 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012/06/02 13:41:56 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/22 09:05:37 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/11/18 23:16:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/22 17:05:39 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/18 12:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 12:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 12:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/07/13 12:52:34 | 000,150,920 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/12/17 15:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/12/01 15:07:46 | 000,176,128 | ---- | M] (Chicony) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe -- (OSDSvc)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/29 13:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/10/01 12:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/06 18:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/03/06 18:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 18:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 18:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/03/06 18:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/03/06 18:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 18:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 18:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 18:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 12:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011/11/22 08:56:22 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2011/10/31 16:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/10/22 18:20:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/22 18:20:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/19 15:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/10/19 15:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/10/11 14:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 17:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/29 17:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/07/20 08:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/17 09:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 09:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/13 03:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 15:47:08 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/12/17 15:47:08 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/12/17 15:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/12/17 15:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/12/17 15:47:08 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/17 15:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/12/01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 17:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/25 20:56:14 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel(R) Centrino(R)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/22 08:56:22 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A366B8DD-014D-4E0E-AD29-98C48B657429}
IE:64bit: - HKLM\..\SearchScopes\{A366B8DD-014D-4E0E-AD29-98C48B657429}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A366B8DD-014D-4E0E-AD29-98C48B657429}
IE - HKLM\..\SearchScopes\{A366B8DD-014D-4E0E-AD29-98C48B657429}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2121233622-237679639-1210101675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysanantonio.com/
IE - HKU\S-1-5-21-2121233622-237679639-1210101675-1000\..\SearchScopes,DefaultScope = {E9E3F028-C26B-4874-89B1-ED39DC3F3407}
IE - HKU\S-1-5-21-2121233622-237679639-1210101675-1000\..\SearchScopes\{E9E3F028-C26B-4874-89B1-ED39DC3F3407}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2121233622-237679639-1210101675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2121233622-237679639-1210101675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mysanantonio.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Janice\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/29 17:39:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/02 12:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/31 16:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Extensions
[2012/04/13 17:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janice\AppData\Roaming\Mozilla\Firefox\Profiles\rik40xt4.default\extensions
[2012/01/23 11:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/29 17:39:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/13 17:10:17 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\JANICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RIK40XT4.DEFAULT\EXTENSIONS\QSROHUZRGR@QSROHUZRGR.ORG.XPI
[2012/01/23 11:16:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/15 18:53:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
OLT.txt (part 2 of 2)

O1 HOSTS File: ([2012/06/03 15:53:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Chicony_OSD] C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2121233622-237679639-1210101675-1000..\Run: [Facebook Update] C:\Users\Janice\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2121233622-237679639-1210101675-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2121233622-237679639-1210101675-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2121233622-237679639-1210101675-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2121233622-237679639-1210101675-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2121233622-237679639-1210101675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6DD405A-7ACB-4817-B32E-BB12E2129D3D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 19:37:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/06/03 15:32:34 | 004,535,889 | R--- | C] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
[2012/06/03 14:47:01 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Janice\Desktop\FixTDSS.exe
[2012/06/03 08:32:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/03 08:28:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Janice\Desktop\aswMBR.exe
[2012/06/03 08:22:35 | 000,000,000 | ---D | C] -- C:\Users\Janice\Desktop\boot_cleaner
[2012/06/02 14:35:40 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Roaming\Malwarebytes
[2012/06/02 14:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/02 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/02 14:33:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/02 14:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/02 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/02 12:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/02 12:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/23 07:25:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/23 07:25:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/23 07:25:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/23 07:25:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/23 07:17:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Janice\Desktop\TDSSKiller.exe
[2012/05/21 12:35:57 | 000,000,000 | ---D | C] -- C:\Users\Janice\Desktop\Reagan T&F Banquet Slideshow
[2012/05/14 22:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 22:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 22:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/14 19:42:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros
[2012/05/14 19:40:50 | 000,000,000 | R--D | C] -- C:\Users\Janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/05/14 19:40:50 | 000,000,000 | ---D | C] -- C:\Users\Janice\AppData\Local\BMExplorer
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 19:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 19:38:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000UA.job
[2012/06/03 19:38:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000Core.job
[2012/06/03 19:37:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/06/03 19:34:49 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/06/03 19:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/03 15:53:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/03 15:52:06 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/03 15:32:16 | 004,535,889 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
[2012/06/03 14:59:05 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 14:59:05 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 14:49:33 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/03 14:47:13 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Janice\Desktop\FixTDSS.exe
[2012/06/03 13:45:02 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Janice\Desktop\TDSSKiller.exe
[2012/06/03 08:50:03 | 000,000,512 | ---- | M] () -- C:\Users\Janice\Desktop\MBR.dat
[2012/06/03 08:32:28 | 595,363,351 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/03 08:29:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Janice\Desktop\aswMBR.exe
[2012/06/03 08:21:56 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Janice\Desktop\boot_cleaner.exe
[2012/06/02 16:15:52 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/02 16:15:52 | 000,660,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/02 16:15:52 | 000,121,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/02 14:33:33 | 000,001,135 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/02 12:58:03 | 000,002,515 | ---- | M] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/02 08:26:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/30 14:50:40 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/15 10:45:16 | 003,864,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 08:50:03 | 000,000,512 | ---- | C] () -- C:\Users\Janice\Desktop\MBR.dat
[2012/06/03 08:32:28 | 595,363,351 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/02 14:33:33 | 000,001,135 | ---- | C] () -- C:\Users\Janice\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/23 07:25:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/23 07:25:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/23 07:25:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/23 07:25:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/23 07:25:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/22 18:03:51 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/22 18:03:48 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/22 18:03:47 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/22 18:03:45 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/22 18:03:44 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/22 16:54:33 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011/02/10 11:10:51 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/11/19 00:18:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/31 16:02:54 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\Fingertapps
[2011/11/13 13:02:49 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\PCDr
[2011/11/01 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\SoftGrid Client
[2011/11/01 22:45:05 | 000,000,000 | ---D | M] -- C:\Users\Janice\AppData\Roaming\TP
[2012/06/03 19:38:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000Core.job
[2012/06/03 19:38:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000UA.job
[2012/05/30 14:50:40 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/05 12:44:50 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/03 15:52:06 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/03 15:55:40 | 000,036,746 | ---- | M] () -- C:\ComboFix.txt
[2011/10/22 17:50:22 | 000,003,539 | RH-- | M] () -- C:\dell.sdr
[2012/06/03 14:49:33 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 18:29:24 | 000,000,029 | ---- | M] () -- C:\mini-agent.txt
[2012/06/03 14:49:40 | 2036,510,719 | -HS- | M] () -- C:\pagefile.sys
[2012/06/03 14:47:30 | 000,144,172 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_03.06.2012_13.45.57_log.txt
[2011/12/30 12:10:17 | 000,004,077 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/10/31 16:36:00 | 000,000,221 | -HS- | M] () -- C:\Users\Janice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/03 08:29:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Janice\Desktop\aswMBR.exe
[2012/06/03 08:21:56 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Janice\Desktop\boot_cleaner.exe
[2012/06/03 15:32:16 | 004,535,889 | R--- | M] (Swearware) -- C:\Users\Janice\Desktop\ComboFix.exe
[2012/06/03 14:47:13 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Janice\Desktop\FixTDSS.exe
[2012/06/03 19:37:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janice\Desktop\OTL.exe
[2012/06/03 13:45:02 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Janice\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/03 19:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 19:38:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000Core.job
[2012/06/03 19:38:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2121233622-237679639-1210101675-1000UA.job
[2012/05/30 14:50:40 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/03 14:50:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/02/05 12:44:50 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/06/03 15:52:06 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/17 10:59:22 | 000,000,402 | -HS- | M] () -- C:\Users\Janice\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
 
Extras.txt

OTL Extras logfile created on: 6/3/2012 7:40:26 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Janice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.90 Gb Total Physical Memory | 3.72 Gb Available Physical Memory | 63.17% Memory free
11.79 Gb Paging File | 9.40 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.54 Gb Total Space | 431.75 Gb Free Space | 74.89% Space Free | Partition Type: NTFS

Computer Name: JANICE-LAPTOP | User Name: Janice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2121233622-237679639-1210101675-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BDD3A0F-7AD8-42CC-AFE1-40EC135D7B4D}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{2045A7FA-A643-463D-82A7-6FFC6DA6162E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2529B96E-F31E-4669-A67E-6E435CCEB4DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{27B59359-7B5B-40BD-888D-E8BD38660340}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C1C63CB-2607-47B9-88FC-C860B0BFAD71}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{2EA3ACD0-AAFE-4D2E-A82C-76930FEC0016}" = lport=2869 | protocol=6 | dir=in | app=system |
"{334E7143-C5C4-4F88-B89D-87BAD04D81F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{3970ADE7-158A-4EE7-95A8-C2D60C30A46C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B25B3C9-0EDF-43D6-A3A7-8C46B45F5639}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3D8C4A61-D60B-481A-9974-FA6B276245DB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{44194720-1B5D-4BF4-8E59-B338D5D6EFE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C1E4766-6A87-4376-83B9-8594273D471A}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E39203F-3478-4F59-BF76-BAD940F729CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F6C1EEF-A07B-43EA-B2CD-5805ED4EF174}" = lport=138 | protocol=17 | dir=in | app=system |
"{64DBF979-BC67-4183-A3AF-202DF7236880}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F1E40F3-5FDA-4C6E-AC1C-BBFF114B443E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E6501FE-F74C-4E9B-A068-5D44E7395FE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8481FF8A-EBBA-4503-BF6C-372489F921FD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{849A449F-3D83-4A44-86A5-41936BCFD3CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A60130CE-E83C-46C0-A21A-A4D7DBB10FA4}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{B117514F-B515-480B-AE93-06ED3EC06F56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BA48A268-32B3-43CA-98CB-329A31711A76}" = rport=139 | protocol=6 | dir=out | app=system |
"{C16A8F0D-E526-4A4C-AFF9-729F0E81A242}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC0CB04E-45BB-4068-8C15-96BB929FD5B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6D0BBD6-93CD-4BDC-A909-BBEB2BEB048E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EEBD9A18-3BF8-4426-A7D9-4CE68D2220C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{F40A1E1B-6D5D-4735-AFF7-9CB7B6635B84}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F5C3DFFC-74EA-4C4C-A980-9DBF09DFCD85}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FD20A96F-591F-4DA3-AAFD-53C107E32FE2}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DCEB31B-41E6-467B-899D-B94DCEEC696A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1550C377-5857-4B26-8D92-AF90EA60E058}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D83BD3E-13BF-490D-9BC3-31B8CBA0EA50}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{212E7F49-C197-441A-93E6-F3593BBFB494}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2266DF54-52D1-4FD0-B7D8-628E55C4E7A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{235B9846-C93E-4918-BD07-A46A67DB7660}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2361C393-658B-45F0-9CDF-DB161CC653A7}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{24F0D373-4858-4247-ADDE-922EA4ED1CD4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{258D7C38-29FF-4C8D-8933-2E110F8E34F8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{292F2538-CFF4-450A-B19F-A9357EEDEC62}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2D9B12F5-BED7-4E30-8AD3-85F08D4079E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2DB66579-D74F-40BE-8D13-D8C740F87E54}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{42A7E31F-8097-42CE-AAE5-C2DA85A682F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E683EEE-43A4-47F1-A359-D827D2FFE75D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{543CAC27-7C89-41DE-B978-73F06EA320F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5705CF07-7D9B-47A1-8EFB-85F6AC0F66A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5D09F527-9F62-4B14-BDFF-D597AACA5D95}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{66E8CFBD-CEDF-48BF-A878-9B6ADCA55DD2}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{6CDE0D2B-64DF-486E-9B36-6A8CDE96DAA9}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{7AAF75E3-D046-4C8F-91DE-9E192343E673}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7AEC09A0-016A-4B7B-A1F5-AF9F6D6ED437}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BA86353-3429-491C-BC31-B35037EEDE68}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80702AEC-8E04-49BA-9CAB-81188B3247D6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A3412F2-2981-4803-9032-30D6DDC38993}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{94B3B244-4073-4890-A72D-8424ED6BC619}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{9AFD4266-AD52-4633-8C8E-2032673139FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BA95331-EA79-4DFB-AAA2-A7F5657FC872}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CA03750-AA06-4B2F-9B45-29DF26B186CD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DEF60A9-840E-49E1-89C1-3884DE6E7232}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9FC3AA55-2B3E-42CD-A8C7-3722230CEE44}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A36250CF-D921-45A2-8E9B-111D58A94D4A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A5DEA415-43F4-4D6B-8674-988D4E94782E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A6F61D4C-E154-499C-88F4-2D7C63744982}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AE2F5DFB-DE3C-495E-B3DD-F64C644B3953}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B052E2AF-41EE-47D7-BAFE-7DB8C0B43513}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B569611A-6B94-4E47-9AB7-457F9A32D29F}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{B6B753A7-6EAE-4BD1-A46F-C38A73EE4B08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9F00079-06E4-4D6C-8FC9-74B28A0E7F95}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{BAD049F2-4411-4E22-9C8E-B8DD13D163F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C38AFE65-1E77-4ED2-9CC6-BC8ACA9F9058}" = protocol=6 | dir=out | app=system |
"{D007EFD6-5B80-4520-8778-9078DBD62914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7F6AAAB-6062-4624-8579-EECF846924BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB360927-0658-4336-9531-F9B8922FC7A1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E11444CE-3B58-4F97-977F-09990A8E8C7A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{E2D983CC-6B39-493D-BFB1-4AEE4E888991}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{E8FE0E8E-9CC8-4AA5-8B20-91B4B07C1774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0D3FA16-37F0-4BBD-B760-21C2877EE8FA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F6775667-0BF0-421B-A612-9FDEB3F9EECD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FDB60FD0-1856-4757-AFD7-67731EE8CE8E}" = dir=in | app=c:\users\janice\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FDB9E69B-B205-4F4D-B600-144670911489}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4518D70B-8A8B-4A4D-826F-8E16DCAC674E}" = StoryBook Creator 4.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B25AEE3-D191-4735-870E-28743D727ED8}" = Dell Digital Delivery
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55586382-6704-4237-AAA7-85FF9C055022}" = Dell KM632 Wireless Keyboard Caps Lock Indicator
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95ED1AC3-DF2A-4719-B029-909C0875CD8F}" = Creative Memories StoryBook Creator Plus 3
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Internet Security
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2121233622-237679639-1210101675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2012 11:49:38 AM | Computer Name = Janice-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7212332

Error - 5/19/2012 11:49:44 AM | Computer Name = Janice-Laptop | Source = Google Update | ID = 20
Description =

Error - 5/19/2012 11:49:53 AM | Computer Name = Janice-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/19/2012 11:49:53 AM | Computer Name = Janice-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7227916

Error - 5/19/2012 11:49:53 AM | Computer Name = Janice-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7227916

Error - 5/19/2012 4:30:09 PM | Computer Name = Janice-Laptop | Source = Google Update | ID = 20
Description =

Error - 5/19/2012 4:32:59 PM | Computer Name = Janice-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7b4e7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000774c000a Faulting process id: 0x6e8 Faulting
application start time: 0x01cd35bddca6190c Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: d22860b9-a1f1-11e1-bf47-ac7289f9d9da

Error - 5/19/2012 8:59:55 PM | Computer Name = Janice-Laptop | Source = Google Update | ID = 20
Description =

Error - 5/19/2012 9:00:59 PM | Computer Name = Janice-Laptop | Source = Google Update | ID = 20
Description =

Error - 5/19/2012 11:44:49 PM | Computer Name = Janice-Laptop | Source = Google Update | ID = 20
Description =

[ Dell Events ]
Error - 11/6/2011 8:57:51 AM | Computer Name = Janice-Laptop | Source = DataSafe | ID = 3
Description = The process was interrupted before completion.

[ System Events ]
Error - 3/22/2012 10:38:55 AM | Computer Name = Janice-Laptop | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/22/2012 11:21:20 AM | Computer Name = Janice-Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
Mobile Device service to connect.

Error - 3/22/2012 11:21:20 AM | Computer Name = Janice-Laptop | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 3/22/2012 11:24:25 AM | Computer Name = Janice-Laptop | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/22/2012 5:45:57 PM | Computer Name = Janice-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/25/2012 5:01:31 PM | Computer Name = Janice-Laptop | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/25/2012 5:16:20 PM | Computer Name = Janice-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/27/2012 2:38:40 PM | Computer Name = Janice-Laptop | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/27/2012 2:50:15 PM | Computer Name = Janice-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 3/28/2012 10:21:18 AM | Computer Name = Janice-Laptop | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
 
Firefox. I just opened IE and used google to search and there was no redirection.
Should I uninstall and reinstall Firefox?
 
Before you do that....

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 
GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:17 on 03/06/2012 (Janice)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:46 31/10/2011]

C:\Users\Janice\Application Data\Mozilla\Firefox\Profiles\rik40xt4.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03:48 01/12/2011]

---------- Old Logs ----------
GooredFix[01.16.46_04-06-2012].txt
GooredFix[01.17.42_04-06-2012].txt

-=E.O.F=-
 
Done and Firefox is running fine.
So...did I have some malware or something?
What do you recommend that I run on a regular basis to protect against these? Malwarebytes?
I currently keep Avast on my computer and Spybot, but I also have 3 other computers at home (2 for my kids that I'm trying to teach how to keep computer safe).
Thanks.
 
Good news :)
Most likely we dealt here with something within Firefox but let's finish out cleaning process.

To answer your question Avast/MBAM combination gives you enough protection.
I consider Spybot as a tool of the past.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I went to update JAVA and it said that I already had the most current version.
The JavaRa did not find any old versions.

Security Check:
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java(TM) 6 Update 29
Java(TM) 7 Update 4
Out of date Java installed!
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

Farbar:

Farbar Service Scanner Version: 27-05-2012
Ran by Janice (administrator) on 03-06-2012 at 21:57:18
Running from "C:\Users\Janice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73LBZ0W8"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Still running ESET Online Scanner. So far, it's found JS/Redirector.NBX.trojan. I'm going to keep letting the scan run, but will post results tomorrow.
Thanks.
 
Back