Trojan.sirefef.fy

Solved
By myranalis
Jul 30, 2012
  1. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    OTL logfile created on: 8/3/2012 9:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = J:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.01% Memory free
    15.96 Gb Paging File | 13.30 Gb Available in Paging File | 83.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1849.73 Gb Total Space | 1764.02 Gb Free Space | 95.37% Space Free | Partition Type: NTFS
    Drive D: | 1.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 7.41 Gb Total Space | 1.41 Gb Free Space | 19.03% Space Free | Partition Type: FAT32
    Drive I: | 7.53 Gb Total Space | 5.69 Gb Free Space | 75.59% Space Free | Partition Type: FAT32
    Drive J: | 7.45 Gb Total Space | 7.28 Gb Free Space | 97.81% Space Free | Partition Type: FAT32

    Computer Name: SMARTMOUTH | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/03 20:52:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
    PRC - [2012/07/18 06:10:52 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
    PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    PRC - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    PRC - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/24 13:05:21 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
    PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2010/11/17 10:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/03/10 16:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    PRC - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/18 06:10:52 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/06/14 03:33:07 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
    MOD - [2012/06/14 03:26:54 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 03:26:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 03:26:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 03:26:26 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/10 03:31:08 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/10 03:30:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
    MOD - [2012/05/10 03:28:43 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/10 03:28:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/10 03:28:07 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/10 03:28:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll
    MOD - [2012/05/10 03:28:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/10 03:28:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/10 03:27:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/03/08 20:11:36 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
    MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    MOD - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    MOD - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
    MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
    MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
    MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
    MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
    MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/17 10:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
    MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2010/11/17 10:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/24 13:06:54 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
    SRV:64bit: - [2011/11/24 13:04:02 | 002,660,624 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
    SRV:64bit: - [2011/04/19 20:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/11/30 08:18:06 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/08/03 18:26:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/18 06:10:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/07/18 23:41:49 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/17 17:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/10 14:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/12 12:18:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/04/19 20:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/19 19:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/24 16:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV:64bit: - [2011/03/18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/29 15:14:36 | 001,186,272 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
    DRV:64bit: - [2010/11/29 15:14:30 | 000,591,968 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/17 05:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/21 22:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/09/14 07:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/08/20 19:42:04 | 000,099,408 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV:64bit: - [2010/08/20 16:42:08 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
    DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2010/05/20 18:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/05/13 17:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (bdfm)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/01/19 20:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (Bdvedisk)
    DRV:64bit: - [2009/12/17 17:18:51 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-352342712-4071226624-3640938541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-352342712-4071226624-3640938541-1000\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE - HKU\S-1-5-21-352342712-4071226624-3640938541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-352342712-4071226624-3640938541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT\ [2012/06/07 04:08:03 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDTBEXT\ [2012/06/07 04:08:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012/06/07 04:08:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 06:10:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012/06/07 04:08:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 06:10:54 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/10/20 06:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
    [2012/07/16 06:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\opvl5ujl.default\extensions
    [2012/07/16 06:36:52 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\opvl5ujl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2012/03/13 21:07:54 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\opvl5ujl.default\extensions\delicious@vjkarunapg.com
    [2012/03/16 22:43:56 | 000,000,000 | ---D | M] (Open in Private Browsing Mode) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\opvl5ujl.default\extensions\jid1-0FHdJAAQ7Nb73Q@jetpack
    [2012/06/09 09:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/26 20:39:15 | 000,006,227 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPVL5UJL.DEFAULT\EXTENSIONS\{7EB3F691-25B4-4A85-9038-9E57E2BCD537}.XPI
    [2012/07/06 17:08:16 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPVL5UJL.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
    [2012/02/12 15:38:35 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPVL5UJL.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2012/06/25 18:21:10 | 000,637,327 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPVL5UJL.DEFAULT\EXTENSIONS\FEEDLY@DEVHD.XPI
    [2012/03/16 22:44:18 | 000,055,441 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPVL5UJL.DEFAULT\EXTENSIONS\MANOLO.ESTEVEZ@GMAIL.COM.XPI
    [2012/04/03 06:18:11 | 000,019,486 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPVL5UJL.DEFAULT\EXTENSIONS\PINTEREST-ADDON@FELIXFUNG.CA.XPI
    [2012/03/16 22:35:50 | 000,008,362 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPVL5UJL.DEFAULT\EXTENSIONS\TOGGLEPRIVATEBROWSING@SUPERNOVA00.BIZ.XPI
    [2012/07/18 06:10:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
    [2012/02/02 22:27:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/02 22:27:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/03 21:06:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-352342712-4071226624-3640938541-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-352342712-4071226624-3640938541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.lorman.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C52BCA1B-E43A-4DCF-AB22-C23C8826486A}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  2. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/03 21:55:00 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2012/08/03 21:26:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/03 20:59:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/03 20:48:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/03 20:48:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/03 20:48:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/03 20:45:11 | 004,729,092 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
    [2012/08/03 18:30:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/03 18:27:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/31 22:00:06 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/31 21:46:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ImgBurn
    [2012/07/31 21:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    [2012/07/31 21:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2012/07/31 08:28:55 | 001,438,391 | ---- | C] (Farbar) -- C:\Users\admin\Desktop\FRST64.exe
    [2012/07/30 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
    [2012/07/30 19:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/30 19:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/30 19:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/30 19:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/19 22:14:45 | 000,000,000 | ---D | C] -- C:\Users\admin\.android
    [2012/07/19 22:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
    [2012/07/19 22:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
    [2012/07/19 21:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse
    [2012/07/15 22:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/07/15 22:10:57 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [2012/07/15 22:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/07/15 22:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/07/15 22:10:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\TestApp
    [2012/07/13 06:21:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Totally Rad!
    [2012/07/08 12:29:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Adobe Mini Bridge CS5
    [2012/07/08 12:29:05 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/03 21:57:55 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/03 21:57:55 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/03 21:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/03 21:50:23 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/03 21:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/03 21:06:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/03 20:52:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2012/08/03 20:45:20 | 004,729,092 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
    [2012/08/03 18:28:29 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/08/02 22:06:45 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/02 22:06:45 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/02 22:06:45 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/31 22:09:07 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/07/31 08:28:58 | 001,438,391 | ---- | M] (Farbar) -- C:\Users\admin\Desktop\FRST64.exe
    [2012/07/25 22:38:08 | 000,000,132 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/07/24 22:19:27 | 005,176,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/15 22:11:18 | 001,661,069 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/07/08 13:20:32 | 000,001,456 | ---- | M] () -- C:\Users\admin\AppData\Local\Adobe Save for Web 12.0 Prefs
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/03 20:48:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/03 20:48:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/03 20:48:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/03 20:48:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/03 20:48:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/31 21:39:58 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    [2012/07/15 22:10:59 | 001,661,069 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/05/16 17:37:54 | 000,937,984 | ---- | C] () -- C:\Windows\SysWow64\QtNetworkTR4.dll
    [2012/05/16 17:37:54 | 000,363,520 | ---- | C] () -- C:\Windows\SysWow64\QtSvgTR4.dll
    [2012/05/16 17:37:53 | 008,500,224 | ---- | C] () -- C:\Windows\SysWow64\QtGuiTR4.dll
    [2012/05/16 17:37:53 | 002,522,112 | ---- | C] () -- C:\Windows\SysWow64\QtCoreTR4.dll
    [2012/03/14 17:32:12 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/11/24 12:02:52 | 000,133,202 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/11/11 18:11:46 | 000,000,132 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/10/30 22:12:46 | 000,018,262 | ---- | C] () -- C:\Users\admin\AppData\Roaming\AnnaForrestDesigns.zip
    [2011/10/24 21:05:31 | 000,001,456 | ---- | C] () -- C:\Users\admin\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/10/20 06:22:06 | 000,000,249 | ---- | C] () -- C:\Users\admin\mm.cfg
    [2011/10/19 19:15:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/07/19 01:15:20 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/07/18 23:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/07/18 23:42:11 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2011/07/18 23:42:11 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2011/07/18 23:42:11 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2011/07/18 23:42:10 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/07/18 23:42:10 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/02/10 11:10:51 | 000,773,512 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/08 11:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== LOP Check ==========

    [2012/01/15 10:47:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Ambient Design
    [2012/07/20 18:29:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AnnaForrestDesigns
    [2011/11/24 12:33:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BitDefender
    [2012/07/16 06:33:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BitTorrent
    [2011/11/19 10:54:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/10/25 17:28:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Digilabs
    [2012/08/03 21:51:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
    [2012/03/12 18:38:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Fingertapps
    [2012/07/31 21:48:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ImgBurn
    [2012/02/22 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\KeePass
    [2011/10/18 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
    [2012/01/19 07:16:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MPC
    [2011/10/30 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Notepad++
    [2011/10/22 12:06:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PCDr
    [2012/05/15 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PreviewMaker
    [2012/07/16 06:37:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\QuickScan
    [2012/07/26 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SoftGrid Client
    [2012/07/08 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/10/30 20:08:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Subversion
    [2012/03/20 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
    [2012/07/15 22:10:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TestApp
    [2011/11/04 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TP
    [2012/03/03 18:44:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Windows Live Writer
    [2011/12/12 22:44:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\xtools
    [2012/07/31 22:09:07 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/14 00:08:49 | 000,022,142 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/08/03 18:28:29 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >
  3. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    OTL Extras logfile created on: 8/3/2012 9:57:51 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = J:\
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.98 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.01% Memory free
    15.96 Gb Paging File | 13.30 Gb Available in Paging File | 83.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1849.73 Gb Total Space | 1764.02 Gb Free Space | 95.37% Space Free | Partition Type: NTFS
    Drive D: | 1.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 7.41 Gb Total Space | 1.41 Gb Free Space | 19.03% Space Free | Partition Type: FAT32
    Drive I: | 7.53 Gb Total Space | 5.69 Gb Free Space | 75.59% Space Free | Partition Type: FAT32
    Drive J: | 7.45 Gb Total Space | 7.28 Gb Free Space | 97.81% Space Free | Partition Type: FAT32

    Computer Name: SMARTMOUTH | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-352342712-4071226624-3640938541-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1247E7F4-4F4B-41F7-8BD0-180326EA4BC2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{209D6F7F-6BAC-4FC2-B479-13798DA4C817}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3998FA26-2A2C-4542-9661-0C5D46C4C2C0}" = lport=137 | protocol=17 | dir=in | app=system |
    "{3B7A77D3-3820-4FC1-ABC5-7DA2FDF25F35}" = rport=138 | protocol=17 | dir=out | app=system |
    "{424832EF-C3ED-493A-AA71-3043608C5531}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{48EBF431-528E-48A3-A065-7BE495A1A723}" = rport=137 | protocol=17 | dir=out | app=system |
    "{593196F4-6D71-4E0E-8D17-DEF4468970D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5984D884-9CB6-4D73-A2F7-F908BF7CCC38}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5B7E237F-AACB-456A-BCB2-35D7C79D51A1}" = lport=139 | protocol=6 | dir=in | app=system |
    "{68272595-B87B-4609-A8CC-C333E81CF034}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{9368A891-B7CC-4E71-86CE-E0042276FDD2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{9B3DBC63-25E5-49A6-AF14-ECAADA7FF5D3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A967B582-07F0-4B15-8493-AB45BA61B07A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B08B8744-7D9A-46DA-902E-1A6CB6A9673E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B2C2F44C-2627-4BD3-8F02-143CC2BC2BA9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BCDAC427-C173-4806-B447-73A955C153A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C03E3264-9D6C-4E3A-8136-3C5CD8331874}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{D4A9B2D2-B347-4893-A73F-D74FB21AADC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D6762FE2-D0E2-4B24-A208-AD3B8D6120D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DBF05773-D55C-4603-8E5C-02CE10AAD5CB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E655A7C2-6619-49AB-8D37-54C840AE9595}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{ED07D970-E265-4AD0-AB81-83C9585CD4A0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F32AA4C3-C970-4C60-9DB5-16576B3F6F1F}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{FC36A3C1-8CEB-45DC-8A00-5BB3861C40EB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{FCB2C05B-CE9D-4A6E-9135-83EB1AAE0D7E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{022B3E6E-52DC-4793-8D2B-DE4E02D123F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{043853C9-A4E4-4596-88FB-DE3DEF69844D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0614D40E-AFA7-4543-ABCF-A1BED6E191D9}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
    "{0D8C6474-90CD-49CB-B398-A430B012B772}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1458865B-3E6B-44F9-88D5-576FA5E67502}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\devicesetup.exe |
    "{17806331-067C-4C11-8644-75DFF164C1CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{17D58154-2DA9-462D-9724-37213251A42B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{249BE48F-57FF-4118-B775-97B1DCFF3850}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{2A9D03F0-3CF8-4AD8-822D-0171B237802F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{341C2DBB-1D04-472D-8916-BD24EBBFF5D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{39918223-BC97-4954-B828-BA14CF9AD5D6}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
    "{3C56D239-F17A-4BD9-A74D-48672B46BC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{41122F9F-AFFA-4A1C-A34A-A78548228FB7}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\devicesetup.exe |
    "{47084EDB-C87D-42A1-B132-B210CEC2794C}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
    "{4A36A11C-9E74-4DFF-B237-54C792C00CA9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{65BB51D2-8859-4DE7-8C52-CA1C0DB888F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6F00EA0F-BF69-4D11-89EC-6D32C8CA956F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{73DD0E87-B1D2-4F7F-BE38-A273B5B3EF08}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\hpnetworkcommunicator.exe |
    "{7B61CBEE-1343-4421-B319-34A08CFABF25}" = protocol=6 | dir=out | app=system |
    "{80F48027-F5D9-4500-9CAA-960EF29F4BA2}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 7500 e910\bin\hpnetworkcommunicator.exe |
    "{850F752C-2804-4084-AB47-12B7546DE92F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{876ED7C6-DC8A-4D20-B846-2470912E6E4F}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
    "{8AEE3E2B-CFDF-4F54-BB90-AD4CB340A2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8CD44F8C-1C19-4B00-929F-D9C807F7A0A6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{97138579-AF12-4CAC-BB41-B15ADA3C3DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{99AECF80-BC4C-457B-B0B1-03C247E2D2EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AB818F0A-B646-4873-BAD9-F49DA4540806}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
    "{AEE9BFF0-C339-49FB-8616-A2F809E8E29F}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
    "{B22BA4CA-7EC9-4CDC-9817-902674AE341C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{B3C78B32-B0E5-49F6-8680-7AD9F8CCC6E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B70DAAFF-485A-4673-A9B4-707661DB7AA7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BD885B8E-4D3F-41BA-87D4-B54924189455}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C85287B8-E791-4452-B3C6-47E28EE5A0A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{CC7AD890-0ABC-4828-85A8-9F60FEE0EAA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D36FF678-594C-4984-BEFD-90BA274301FC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D53CEFE1-3553-40F5-BB6C-4D41DC1C2BA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8ED9AD2-02F0-46CA-8CB3-91A413165EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{DC669694-37C4-4934-A81D-0D32B3123EE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EF7E382C-EBA3-49CF-B83B-19AC74A9B5E4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{F1417F84-5E84-4AA8-8EDA-4F168836CC24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F8712446-B830-4ECF-A3A0-CB7B9D504E42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1BBC748D-A0C7-435C-9139-1398A4580F86}" = HP Officejet 7500 E910 Product Improvement Study
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{71EE298A-7B6D-4303-8438-C3E50567DA1F}" = HP Officejet 7500 E910 Basic Device Software
    "{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Total Security 2011
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "BitDefender" = BitDefender Total Security 2011
    "Dell Support Center" = Dell Support Center
    "DW WLAN Card" = DW WLAN Card
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
    "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch
    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D566C50-4D04-4CF5-9237-2AD020A460B6}" = Pazzles Inspiration Studio
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2387BEC1-B780-4CBD-A91F-D47B52511B54}" = MyPicTales
    "{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek
    "{2437DF07-D3CB-4D85-8397-ED8AE9ED26D5}" = LeapFrog Tag Junior Plugin
    "{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}" = HP Officejet 7500 E910 Help
    "{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian
    "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean
    "{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech
    "{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
    "{3B19380A-95C1-47DA-AB9E-02D8C6BC0146}" = ArtRage Studio Pro
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese
    "{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
    "{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
    "{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
    "{BE509B42-4FB0-4031-B231-2214A402C2ED}" = MyPicTales
    "{C07194C6-BEC5-4B4D-BAA1-A928C0FCCEC5}" = Subversion
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DB2E7FC7-631A-4CE4-94A3-FF8198CF3032}" = Pazzles Inspiration Studio
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
    "{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Android SDK Tools" = Android SDK Tools
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "ImgBurn" = ImgBurn
    "InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "KeePass Password Safe_is1" = KeePass Password Safe 1.21
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "RadLab_is1" = RadLab v1.2.8
    "Sims2Pack Clean Installer" = Sims2Pack Clean Installer
    "TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
    "TeamViewer 7" = TeamViewer 7
    "UPCShell" = LeapFrog Connect
    "WinLiveSuite" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-352342712-4071226624-3640938541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "JoinMe" = join.me

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/26/2012 8:34:07 AM | Computer Name = Smartmouth | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Ambient
    Design\ArtRage Studio Pro\ArtRage Studio Pro.exe".Error in manifest or policy file
    "C:\Program Files (x86)\Ambient Design\ArtRage Studio Pro\ArtRage Studio Pro.exe"
    on line 2. Multiple requestedPrivileges elements are not allowed in manifest.

    Error - 6/26/2012 8:34:21 AM | Computer Name = Smartmouth | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 6/26/2012 10:56:47 PM | Computer Name = Smartmouth | Source = Application Error | ID = 1000
    Description = Faulting application name: splwow64.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7b4c8 Faulting module name: midas64.dll, version: 0.5.2042.2836,
    time stamp: 0x4d7e50c5 Exception code: 0xc0000005 Fault offset: 0x000000000000c178
    Faulting
    process id: 0x1e1c Faulting application start time: 0x01cd53eec98df8c7 Faulting application
    path: C:\Windows\splwow64.exe Faulting module path: C:\Program Files\BitDefender\BitDefender
    2011\Active Virus Control\Midas_00085_005\midas64.dll Report Id: bbb0f926-c003-11e1-9da3-782bcba08faa

    Error - 6/29/2012 9:19:01 PM | Computer Name = Smartmouth | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 13.0.1.4548 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2058 Start
    Time: 01cd5405a858eff0 Termination Time: 79 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 8eeeda8a-c251-11e1-9da3-782bcba08faa

    Error - 7/3/2012 7:08:56 AM | Computer Name = Smartmouth | Source = WinMgmt | ID = 10
    Description =

    Error - 7/4/2012 1:30:30 AM | Computer Name = Smartmouth | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Ambient
    Design\ArtRage Studio Pro\ArtRage Studio Pro.exe".Error in manifest or policy file
    "C:\Program Files (x86)\Ambient Design\ArtRage Studio Pro\ArtRage Studio Pro.exe"
    on line 2. Multiple requestedPrivileges elements are not allowed in manifest.

    Error - 7/4/2012 1:30:49 AM | Computer Name = Smartmouth | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 7/6/2012 5:49:56 PM | Computer Name = Smartmouth | Source = WinMgmt | ID = 10
    Description =

    Error - 7/7/2012 1:30:26 AM | Computer Name = Smartmouth | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Ambient
    Design\ArtRage Studio Pro\ArtRage Studio Pro.exe".Error in manifest or policy file
    "C:\Program Files (x86)\Ambient Design\ArtRage Studio Pro\ArtRage Studio Pro.exe"
    on line 2. Multiple requestedPrivileges elements are not allowed in manifest.

    Error - 7/7/2012 1:30:44 AM | Computer Name = Smartmouth | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    [ Cisco AnyConnect VPN Client Events ]
    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
    Line:
    1644 Invoked Function: WSASend Return Code: 10053 (0x00002745) Description: An established
    connection was aborted by the software in your host machine.

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CIpcTransport::writeIpc File: .\IPC\IPCTransport.cpp Line:
    709 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
    (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CIpcDepot::writeIpc File: .\IPC\IPCDepot.cpp Line: 544 Invoked
    Function: CIpcTransport::writeIpc Return Code: -31522805 (0xFE1F000B) Description:
    SOCKETTRANSPORT_ERROR_WRITE

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::OnIpcMessageReceivedAtDepot File: .\MainThread.cpp
    Line:
    2322 Invoked Function: CMainThread::reportTunnelStates Return Code: -31522805 (0xFE1F000B)
    Description:
    SOCKETTRANSPORT_ERROR_WRITE

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CTcpTransport::internalReadSocket File: .\IPC\SocketTransport.cpp
    Line:
    1692 Invoked Function: WSARecv Return Code: 10053 (0x00002745) Description: An established
    connection was aborted by the software in your host machine.

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CSocketTransport::readSocket File: .\IPC\SocketTransport.cpp
    Line:
    887 Invoked Function: CSocketTransport::internalReadSocket Return Code: -31522806
    (0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
    Line:
    1170 Invoked Function: CSocketTransport::readSocket Return Code: -31522806 (0xFE1F000A)
    Description:
    SOCKETTRANSPORT_ERROR_READ

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
    811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522806
    (0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
    Line:
    1644 Invoked Function: WSASend Return Code: 10053 (0x00002745) Description: An established
    connection was aborted by the software in your host machine.

    Error - 5/24/2012 2:42:57 PM | Computer Name = Smartmouth | Source = vpnagent | ID = 67108866
    Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
    Line:
    385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
    (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

    [ System Events ]
    Error - 8/3/2012 10:24:00 PM | Computer Name = Smartmouth | Source = DCOM | ID = 10010
    Description =

    Error - 8/3/2012 10:26:00 PM | Computer Name = Smartmouth | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 8/3/2012 10:26:30 PM | Computer Name = Smartmouth | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 8/3/2012 10:29:02 PM | Computer Name = Smartmouth | Source = DCOM | ID = 10010
    Description =

    Error - 8/3/2012 10:31:00 PM | Computer Name = Smartmouth | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 8/3/2012 10:31:30 PM | Computer Name = Smartmouth | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 8/3/2012 10:32:57 PM | Computer Name = Smartmouth | Source = DCOM | ID = 10010
    Description =

    Error - 8/3/2012 10:49:50 PM | Computer Name = Smartmouth | Source = DCOM | ID = 10010
    Description =

    Error - 8/3/2012 10:51:42 PM | Computer Name = Smartmouth | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 8/3/2012 10:52:12 PM | Computer Name = Smartmouth | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.


    < End of report >
  4. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    DSL. rebooted numerous times - still no connection.
  5. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  6. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    Farbar Service Scanner Version: 04-08-2012 01
    Ran by admin (administrator) on 03-08-2012 at 22:28:20
    Running from "J:\"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  7. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    Can't get to the shared buffalo drive either :(
  8. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Users, Partitions and Memory size
    Click Go and post the result.
  9. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    MiniToolBox by Farbar Version: 23-07-2012
    Ran by admin (administrator) on 03-08-2012 at 22:53:19
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    "network.proxy.type", 0
    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Connected)
    DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Hardware not present)
    Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global
    set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Smartmouth
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : westell.com

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : westell.com
    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
    Physical Address. . . . . . . . . : 78-2B-CB-A0-8F-AA
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::313e:f49:805a:6a0c%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 10.0.0.9(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Friday, August 03, 2012 10:16:26 PM
    Lease Expires . . . . . . . . . . : Saturday, August 04, 2012 10:16:26 PM
    Default Gateway . . . . . . . . . : 10.0.0.1
    DHCP Server . . . . . . . . . . . : 10.0.0.1
    DHCPv6 IAID . . . . . . . . . . . : 242756555
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B6-DC-5F-78-2B-CB-A0-8F-AA
    DNS Servers . . . . . . . . . . . : 10.0.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 11:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft 6to4 Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.westell.com:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : westell.com
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 10.0.0.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    Ping request could not find host google.com. Please check the name and try again.
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 10.0.0.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    Ping request could not find host yahoo.com. Please check the name and try again.
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 10.0.0.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    Ping request could not find host bleepingcomputer.com. Please check the name and try again.

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    11...78 2b cb a0 8f aa ......Broadcom NetLink (TM) Gigabit Ethernet
    1...........................Software Loopback Interface 1
    13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
    16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.9 20
    10.0.0.0 255.255.255.0 On-link 10.0.0.9 276
    10.0.0.9 255.255.255.255 On-link 10.0.0.9 276
    10.0.0.255 255.255.255.255 On-link 10.0.0.9 276
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    169.254.0.0 255.255.0.0 On-link 10.0.0.9 30
    169.254.255.255 255.255.255.255 On-link 10.0.0.9 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 10.0.0.9 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 10.0.0.9 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    11 276 fe80::/64 On-link
    11 276 fe80::313e:f49:805a:6a0c/128
    On-link
    1 306 ff00::/8 On-link
    11 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (08/03/2012 10:01:14 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (08/03/2012 09:52:13 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 09:40:12 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (08/03/2012 09:31:25 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 09:26:23 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 09:11:19 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (08/03/2012 09:01:57 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 08:49:19 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 08:48:40 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

    Error: (08/03/2012 08:48:40 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
    .


    Operation:
    Instantiating VSS server


    System errors:
    =============
    Error: (08/03/2012 09:52:12 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (08/03/2012 09:51:42 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (08/03/2012 09:49:50 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (08/03/2012 09:32:57 PM) (Source: DCOM) (User: )
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (08/03/2012 09:31:30 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (08/03/2012 09:31:00 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (08/03/2012 09:29:02 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (08/03/2012 09:26:30 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (08/03/2012 09:26:00 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (08/03/2012 09:24:00 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


    Microsoft Office Sessions:
    =========================
    Error: (08/03/2012 10:01:14 PM) (Source: CVHSVC)(User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (08/03/2012 09:52:13 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 09:40:12 PM) (Source: CVHSVC)(User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (08/03/2012 09:31:25 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 09:26:23 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 09:11:19 PM) (Source: CVHSVC)(User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

    Error: (08/03/2012 09:01:57 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 08:49:19 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/03/2012 08:48:40 PM) (Source: System Restore)(User: )
    Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

    Error: (08/03/2012 08:48:40 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


    Operation:
    Instantiating VSS server


    ========================= Devices: ================================

    Name: DW1501 Wireless-N WLAN Half-Mini Card
    Description: DW1501 Wireless-N WLAN Half-Mini Card
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Broadcom
    Service: BCM43XX
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ========================= Memory info: ===================================

    Percentage of memory in use: 28%
    Total physical RAM: 8174.45 MB
    Available physical RAM: 5806.96 MB
    Total Pagefile: 16347.08 MB
    Available Pagefile: 13497.16 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3858.59 MB

    ========================= Partitions: =====================================

    1 Drive c: (OS) (Fixed) (Total:1849.73 GB) (Free:1764.01 GB) NTFS
    2 Drive d: (TRADITION_OF_EXCELLENCE_ALTO_SAX) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF
    3 Drive e: () (Removable) (Total:7.41 GB) (Free:1.41 GB) FAT32
    7 Drive I: () (Removable) (Total:7.53 GB) (Free:5.69 GB) FAT32
    8 Drive j: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.3 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\SMARTMOUTH

    admin Administrator Guest


    **** End of log ****
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.
    Restart computer.


    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
  11. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    I got as far as ipconfig /renew. Then I get the error: An error occurred while renewing interface Wireless Network Connection: unable to contact your DHCP server. Request has timed out.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Are we talking here about wireless connection?
    If so can you connect if you plug in an ethernet cable?

    Also, go ahead with other steps.
  13. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    Ethernet cable always plugged in. Finished all steps and if I disable the wireless connection I get access to the shared drive but still no internet.
  14. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    Ugh - for a very short time I had access to the short drive. Now its not working again :(
  15. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    When exactly did you lose internet connection?
    Right after running Combofix?
  16. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    It worked before I ran combofix, but never came back after I ran that.
  17. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Combofix created restore point around this date/time: 08/03/2012 20:51 (9:51PM).
    Try to use it.
  18. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    I only have one marked as an automatic restore point from 6. am
     
  19. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Go ahead with it.
  20. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    Well the little icon says I have internet but I cannot actually get any pages to load. I can see the shared drive again though
  21. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Did you try different browsers?
  22. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    yup. both mozilla and IE didn't work BUT I rebooted again and for the moment anyway I am back online!
  23. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Cool beans.

    Any current issues?

    ===============================

    Create new restore point and re-run Combofix.
  24. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    just trying to deactivate my adobe stuff before I do anything else :) CS5 went fine. CS3 is complaining about no internet :(
  25. myranalis

    myranalis Newcomer, in training Topic Starter Posts: 47

    CS3 deactivated... creating restore point now...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.