Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blinkx and babylon problems slowing down PC


  • This topic is locked This topic is locked
27 replies to this topic

#1 spaceman2155

spaceman2155

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 26 November 2011 - 08:38 PM

Hi
I am running Vista,I have had babylon for a while on my PC and now I have blinkx and the PC has been getting slower over the last few weeks and now windows explorer will crash quite a lot. I also getting a warning from AVG that internet explorer is using a high amount of CPU and if I look in task manager I can be running at 100% CPU, but no individual process seems to be over about 3%. I have tried to unistall Blinkx using programs and features but it wants to run an .exe file. Also babylon cannot be disabled on internet explorer.

Thank you for any help you can provide.

Regards
john

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by spaceman at 0:57:50 on 2011-11-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3066.1560 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\conime.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by MSN and Bing
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: H - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [Google Update] "c:\users\spaceman\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\spaceman\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\spaceman\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: xfire_lsp_9028.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ie.cab
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{A9849FE1-E343-4136-907C-D1EF122ACDC9} : DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl73ea9276;MpKsl73ea9276;c:\programdata\microsoft\microsoft antimalware\definition updates\{9afd02bc-bc98-4a77-b1cb-d1321829c2c7}\MpKsl73ea9276.sys [2011-11-26 28752]
R1 MpKsld6a9a723;MpKsld6a9a723;c:\programdata\microsoft\microsoft antimalware\definition updates\{9afd02bc-bc98-4a77-b1cb-d1321829c2c7}\MpKsld6a9a723.sys [2011-11-27 28752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-3 81920]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-13 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-3-2 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-3-3 203264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-13 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-3-3 3663360]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
.
=============== Created Last 30 ================
.
2011-11-27 00:47:43 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9afd02bc-bc98-4a77-b1cb-d1321829c2c7}\MpKsld6a9a723.sys
2011-11-26 18:57:10 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9afd02bc-bc98-4a77-b1cb-d1321829c2c7}\MpKsl73ea9276.sys
2011-11-26 18:57:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9afd02bc-bc98-4a77-b1cb-d1321829c2c7}\offreg.dll
2011-11-26 13:51:41 -------- d-----w- c:\programdata\Symantec
2011-11-26 13:51:21 -------- d-----w- c:\programdata\Norton
2011-11-26 13:51:17 -------- d-----w- c:\programdata\NortonInstaller
2011-11-26 07:31:41 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9afd02bc-bc98-4a77-b1cb-d1321829c2c7}\mpengine.dll
2011-11-25 00:48:46 -------- d-----w- c:\users\spaceman\appdata\local\MediaMonkey
2011-11-25 00:47:55 -------- d-----w- c:\users\spaceman\appdata\roaming\MediaMonkey
2011-11-25 00:47:48 -------- d-----w- c:\program files\MediaMonkey
2011-11-18 21:43:28 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-17 18:01:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 22:12:44 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-11-15 22:11:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-15 22:11:58 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-11 21:43:24 -------- d-----w- c:\program files\iPod
2011-11-11 21:43:13 -------- d-----w- c:\program files\iTunes
2011-11-11 20:23:48 -------- d-----w- c:\program files\Bonjour
2011-11-11 20:21:12 -------- d-----w- c:\users\spaceman\appdata\local\Apple
2011-11-09 13:48:11 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:48:11 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 13:48:08 707584 ----a-w- c:\program files\common files\system\wab32.dll
.
==================== Find3M ====================
.
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 23:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 0:59:31.37 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 27 November 2011 - 11:55 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 spaceman2155

spaceman2155
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 28 November 2011 - 03:36 PM

Hello Gringo,

Thank you very much for the help
Please see attached log file from Combofix,

Observations, combofix was showing it had deleted all the blinkx files and about 10 seconds later it came up on the screen and the Blinkx shortcut is still on the screen, not sure why

Also I have gone into the task manager and its showing 50% CPU which seems high, when the PC is not running anything else. Babylon shortcut is still showing on the desktop.

Regards,
John

ComboFix 11-11-28.02 - spaceman 28/11/2011 19:37:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3066.1703 [GMT 0:00]
Running from: c:\users\spaceman\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Blinkx
c:\program files\Blinkx\blinkx.ico
c:\program files\Blinkx\blinkxss.exe
c:\program files\Blinkx\blinkxstop.exe
c:\program files\Blinkx\lang.dll
c:\program files\Blinkx\templates\beat.ico
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Blinkx\templates\uninstall.exe
c:\users\Hannah1\Documents\~WRL2700.tmp
c:\users\spaceman\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 19:52 . 2011-11-28 19:52 -------- d-----w- c:\users\John Rogers\AppData\Local\temp
2011-11-28 19:52 . 2011-11-28 19:52 -------- d-----w- c:\users\Hannah1\AppData\Local\temp
2011-11-28 19:51 . 2011-11-28 19:51 -------- d-----w- c:\users\Gillian\AppData\Local\temp
2011-11-28 19:51 . 2011-11-28 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 19:51 . 2011-11-28 19:51 -------- d-----w- c:\users\Niamh\AppData\Local\temp
2011-11-28 19:51 . 2011-11-28 19:51 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2011-11-28 14:12 . 2011-11-28 14:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{107BB7FF-0AA9-43AA-9B05-37104B0DFB47}\MpKsla1eacddc.sys
2011-11-28 14:12 . 2011-11-28 14:12 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{107BB7FF-0AA9-43AA-9B05-37104B0DFB47}\offreg.dll
2011-11-28 14:12 . 2011-10-06 20:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{107BB7FF-0AA9-43AA-9B05-37104B0DFB47}\mpengine.dll
2011-11-27 01:35 . 2011-11-27 01:36 -------- d-----w- C:\attach
2011-11-26 13:51 . 2011-11-26 13:51 -------- d-----w- c:\programdata\Symantec
2011-11-26 13:51 . 2011-11-26 14:23 -------- d-----w- c:\programdata\Norton
2011-11-25 00:50 . 2011-11-25 00:50 -------- d-----w- c:\users\John Rogers\AppData\Local\MediaMonkey
2011-11-25 00:48 . 2011-11-25 00:48 -------- d-----w- c:\users\spaceman\AppData\Local\MediaMonkey
2011-11-25 00:48 . 2011-11-26 13:35 -------- d-----w- c:\users\John Rogers\AppData\Roaming\MediaMonkey
2011-11-25 00:47 . 2011-11-26 14:01 -------- d-----w- c:\users\spaceman\AppData\Roaming\MediaMonkey
2011-11-25 00:47 . 2011-11-26 14:01 -------- d-----w- c:\program files\MediaMonkey
2011-11-24 19:19 . 2011-11-24 19:19 -------- d-----w- c:\users\John Rogers\AppData\Roaming\Bandoo
2011-11-18 21:43 . 2011-11-25 17:48 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-17 18:01 . 2011-11-17 18:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 22:12 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-15 22:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-15 22:11 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-12 15:58 . 2011-11-21 19:51 -------- d-----w- c:\users\Hannah1\AppData\Roaming\U3
2011-11-11 21:43 . 2011-11-15 21:55 -------- d-----w- c:\program files\iPod
2011-11-11 21:43 . 2011-11-15 21:58 -------- d-----w- c:\program files\iTunes
2011-11-11 20:23 . 2011-11-11 20:23 -------- d-----w- c:\program files\Bonjour
2011-11-11 20:21 . 2011-11-11 20:21 -------- d-----w- c:\program files\Apple Software Update
2011-11-11 20:21 . 2011-11-11 20:21 -------- d-----w- c:\users\spaceman\AppData\Local\Apple
2011-11-09 13:48 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:48 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 13:48 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-10 23:07 . 2011-10-10 23:08 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{803A946B-164F-4BB9-999F-615D2AC93293}\gapaengine.dll
2011-10-07 06:23 . 2011-10-07 06:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-06 20:48 . 2010-07-28 19:24 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-04 06:21 . 2011-10-04 06:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30 . 2011-10-11 19:50 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-12 00:13 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 00:13 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 00:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 17:00 . 2011-06-13 22:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 23:05 . 2011-08-30 23:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 23:05 . 2011-08-30 23:05 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 13:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-30 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-03 126976]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\spaceman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-02 17:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\datamngr.dll c:\progra~1\WI371A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl12ee8fb1;MpKsl12ee8fb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB6766AE-A143-4F0C-A93D-8482379FABF3}\MpKsl12ee8fb1.sys [x]
R1 MpKsl1c61270d;MpKsl1c61270d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E283174D-337F-4387-B9B8-0948FEDCAB8C}\MpKsl1c61270d.sys [x]
R1 MpKsl1dbaf0c5;MpKsl1dbaf0c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D4D3EC-DF09-4045-9EAD-C5D15169C3F4}\MpKsl1dbaf0c5.sys [x]
R1 MpKsl220ec31c;MpKsl220ec31c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0406173-8A63-438F-ABDD-0D6CDE81B1EE}\MpKsl220ec31c.sys [x]
R1 MpKsl251f55c9;MpKsl251f55c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40361696-0D20-4B02-AC06-E79D0A43F5B1}\MpKsl251f55c9.sys [x]
R1 MpKsl2780d827;MpKsl2780d827;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEBA0C94-C3F0-4A69-B0F8-3C2012B6DE62}\MpKsl2780d827.sys [x]
R1 MpKsl2a55481f;MpKsl2a55481f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15E8206-EA0E-4A29-9F7F-428B47D90FA7}\MpKsl2a55481f.sys [x]
R1 MpKsl3c22ec5a;MpKsl3c22ec5a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{261EB55E-DDF6-4A59-AD94-8A302AAA0087}\MpKsl3c22ec5a.sys [x]
R1 MpKsl414fdae0;MpKsl414fdae0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{488A1D00-85AE-4957-AC73-32484297BE79}\MpKsl414fdae0.sys [x]
R1 MpKsl41cb12bf;MpKsl41cb12bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DEA0BAFB-AE59-4D9D-BF5E-E9701794FEB1}\MpKsl41cb12bf.sys [x]
R1 MpKsl4abe8f8a;MpKsl4abe8f8a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95EDE56B-A501-4AFD-87C5-DC47F031DCC3}\MpKsl4abe8f8a.sys [x]
R1 MpKsl52eb42dc;MpKsl52eb42dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B756178-A536-482C-9339-DD8275DB18EF}\MpKsl52eb42dc.sys [x]
R1 MpKsl56bed484;MpKsl56bed484;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{555E0BD8-A6A9-4C50-A354-D1BE7A085968}\MpKsl56bed484.sys [x]
R1 MpKsl5966d080;MpKsl5966d080;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9431AA7A-6664-428B-8C5F-3DA132A5A126}\MpKsl5966d080.sys [x]
R1 MpKsl59cf5f6e;MpKsl59cf5f6e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1977907E-5D6E-4A16-B54D-B4202320A642}\MpKsl59cf5f6e.sys [x]
R1 MpKsl5c712fc8;MpKsl5c712fc8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A512E97-8752-43C3-92DD-9AC617F08A3A}\MpKsl5c712fc8.sys [x]
R1 MpKsl5de9f4b5;MpKsl5de9f4b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{124B1701-E1FB-45F7-A7B0-8AD4FE935354}\MpKsl5de9f4b5.sys [x]
R1 MpKsl5e498720;MpKsl5e498720;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62170F44-416C-452F-832F-1AE59899AE58}\MpKsl5e498720.sys [x]
R1 MpKsl6896f97a;MpKsl6896f97a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5565E5A7-AC0F-4210-A402-A9BE97425764}\MpKsl6896f97a.sys [x]
R1 MpKsl808e6a57;MpKsl808e6a57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83A6C476-34F5-4045-8DD7-C20010644E11}\MpKsl808e6a57.sys [x]
R1 MpKsl84e3e378;MpKsl84e3e378;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38212DC1-A2FB-49FE-9BB9-9B37126C0EF1}\MpKsl84e3e378.sys [x]
R1 MpKsl8f66b138;MpKsl8f66b138;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFF742F-1FE2-4758-B643-630F78EEF0F5}\MpKsl8f66b138.sys [x]
R1 MpKsl9aa7d8af;MpKsl9aa7d8af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68BC51EB-8CC0-4D2E-8F66-1A96AFC2C905}\MpKsl9aa7d8af.sys [x]
R1 MpKsl9e7ee0aa;MpKsl9e7ee0aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71F49145-F327-47A4-BB0D-D10D4A3F6829}\MpKsl9e7ee0aa.sys [x]
R1 MpKslb032a79a;MpKslb032a79a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{261EB55E-DDF6-4A59-AD94-8A302AAA0087}\MpKslb032a79a.sys [x]
R1 MpKslb2fc5aea;MpKslb2fc5aea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71F49145-F327-47A4-BB0D-D10D4A3F6829}\MpKslb2fc5aea.sys [x]
R1 MpKslb456081f;MpKslb456081f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FA9050C-9212-4E51-AE69-376D786121D8}\MpKslb456081f.sys [x]
R1 MpKslb89d8182;MpKslb89d8182;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF728E08-95F7-426B-9FB8-7C825FCFBB26}\MpKslb89d8182.sys [x]
R1 MpKslbc2d613f;MpKslbc2d613f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BD5B43B-60A3-4CF9-AD22-32E04466C90E}\MpKslbc2d613f.sys [x]
R1 MpKslc193b93c;MpKslc193b93c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E9DCC5A-524D-4EDB-AA41-642D09DBD7D4}\MpKslc193b93c.sys [x]
R1 MpKslc710acad;MpKslc710acad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF728E08-95F7-426B-9FB8-7C825FCFBB26}\MpKslc710acad.sys [x]
R1 MpKslcd17aace;MpKslcd17aace;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D4D3EC-DF09-4045-9EAD-C5D15169C3F4}\MpKslcd17aace.sys [x]
R1 MpKslcf75d128;MpKslcf75d128;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D1D10E-A3A3-45B3-9BE3-9C18AED6C967}\MpKslcf75d128.sys [x]
R1 MpKsld12671b4;MpKsld12671b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91156833-839F-468D-941A-9A215F9E577B}\MpKsld12671b4.sys [x]
R1 MpKsldd43f656;MpKsldd43f656;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD5C2C28-CC3E-4C41-8271-30CC3A79AA0D}\MpKsldd43f656.sys [x]
R1 MpKsle135eb7e;MpKsle135eb7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17C9D3A-358D-4901-9F29-D724A574B116}\MpKsle135eb7e.sys [x]
R1 MpKsle1835264;MpKsle1835264;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EB9AB96-4C6B-4714-BCD3-3AACEB5BF6CC}\MpKsle1835264.sys [x]
R1 MpKsle690e6e0;MpKsle690e6e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62170F44-416C-452F-832F-1AE59899AE58}\MpKsle690e6e0.sys [x]
R1 MpKsled70dd3e;MpKsled70dd3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D23538-D4F7-4A48-994A-999966F62689}\MpKsled70dd3e.sys [x]
R1 MpKslf3277095;MpKslf3277095;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8D1D10E-A3A3-45B3-9BE3-9C18AED6C967}\MpKslf3277095.sys [x]
R1 MpKslfb9524c3;MpKslfb9524c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18E74481-10B1-4BFB-A23F-85F3823161CA}\MpKslfb9524c3.sys [x]
R1 MpKslfd3e0a16;MpKslfd3e0a16;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38EF76DE-667E-4F82-824B-677CE1D46BF1}\MpKslfd3e0a16.sys [x]
R1 MpKslfd6f81d6;MpKslfd6f81d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A2CE23B-066F-428E-82B0-4B35575B793A}\MpKslfd6f81d6.sys [x]
R1 MpKslffed6766;MpKslffed6766;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC80E6FF-3226-48B1-8B5B-EB27CB141EC9}\MpKslffed6766.sys [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 MpKsla1eacddc;MpKsla1eacddc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{107BB7FF-0AA9-43AA-9B05-37104B0DFB47}\MpKsla1eacddc.sys [2011-11-28 28752]
S1 MpKsld18e51fd;MpKsld18e51fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7A77D70-1CFD-4826-A06E-E28DD74F7B5A}\MpKsld18e51fd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA1EACDDC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:52]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:52]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1001Core.job
- c:\users\John Rogers\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-08 20:27]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1001UA.job
- c:\users\John Rogers\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-08 20:27]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1005Core.job
- c:\users\spaceman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 20:26]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1005UA.job
- c:\users\spaceman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 20:26]
.
2011-11-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-11-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{26AF470F-18D7-46D0-A6FE-532F5C0A3EDE}.job
- c:\windows\system32\msfeedssync.exe [2011-06-20 19:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: xfire_lsp_9028.dll
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 20:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-28 20:16:59
ComboFix-quarantined-files.txt 2011-11-28 20:16
.
Pre-Run: 32,568,688,640 bytes free
Post-Run: 35,183,321,088 bytes free
.
- - End Of File - - 18FD18929D65606332C12DC99B24FC49

Attached Files


Edited by gringo_pr, 28 November 2011 - 04:01 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 28 November 2011 - 04:02 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 spaceman2155

spaceman2155
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 28 November 2011 - 07:09 PM

Hi Gringo

Please see files below.
Also ask.com keeps requesting to be enabled which I refuse, I have gone into the internet options and add-ons and tried to disable it but it keeps reappearing.

Thanks,
John


OTL logfile created on: 28/11/2011 23:46:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\spaceman\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.88% Memory free
6.19 Gb Paging File | 4.29 Gb Available in Paging File | 69.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.75 Gb Total Space | 32.80 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.60 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

Computer Name: HANNAH-PC | User Name: spaceman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\spaceman\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\44dcaaec31f19805b8bc7f4ead9ff649\MenuSkinning.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\11e4a0cadfe8525080e34a27fba108a1\VistaBridgeLibrary.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\41721bb94e430b6d1e79a4ee92c0056c\DellDock.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\3e13f2b80f8403d5447223742186b1cd\MyDock.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3106.38542__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3106.38494__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3106.38558__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3106.38756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3106.38714__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3106.38533__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3106.38664__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3106.38517__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3106.38798__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3106.38510__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3106.38668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3106.38746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3106.38724__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3106.38565__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3106.38805__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3106.38689__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3106.38731__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3106.38723__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3106.38687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3106.38573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3106.38657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3106.38519__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3106.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3106.38666__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3106.38579__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3106.38665__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3106.38578__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3106.38704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3091.17988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3091.17991__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3106.38822__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3106.38837__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3106.38503__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3106.38526__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3106.38486__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3106.38482__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3106.38488__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3106.38484__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\xfire_lsp_9028.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsld18e51fd) -- File not found
DRV - (MpKsla1eacddc) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{107BB7FF-0AA9-43AA-9B05-37104B0DFB47}\MpKsla1eacddc.sys (Microsoft Corporation)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\spaceman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\spaceman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 16:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/18 18:04:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 09:41:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/04 17:51:00 | 000,000,000 | ---D | M]

[2011/08/24 22:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/23 17:43:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/23 00:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 23:34:56 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/07/23 00:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 00:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 00:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\spaceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
CHR - Extension: No name found = C:\Users\spaceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280\
CHR - Extension: No name found = C:\Users\spaceman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/11/28 20:11:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Hannah1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\John Rogers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Niamh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\spaceman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ie.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9849FE1-E343-4136-907C-D1EF122ACDC9}: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 23:42:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\spaceman\Desktop\OTL.exe
[2011/11/28 20:17:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/28 20:17:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/28 19:32:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/28 19:32:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/28 19:32:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/28 19:32:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 19:32:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/28 19:24:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 19:15:24 | 004,310,219 | R--- | C] (Swearware) -- C:\Users\spaceman\Desktop\ComboFix.exe
[2011/11/27 01:35:52 | 000,000,000 | ---D | C] -- C:\attach
[2011/11/27 01:17:09 | 000,000,000 | ---D | C] -- C:\Users\spaceman\AppData\Roaming\WinRAR
[2011/11/27 00:57:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\spaceman\Desktop\dds.scr
[2011/11/26 23:52:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\spaceman\Desktop\TFC.exe
[2011/11/26 13:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/11/26 13:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/26 13:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/25 00:48:46 | 000,000,000 | ---D | C] -- C:\Users\spaceman\AppData\Local\MediaMonkey
[2011/11/25 00:47:55 | 000,000,000 | ---D | C] -- C:\Users\spaceman\AppData\Roaming\MediaMonkey
[2011/11/25 00:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2011/11/22 20:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Quick Search Box
[2011/11/18 21:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/11/17 18:01:22 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/15 22:15:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/11/15 22:13:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/11/15 22:13:39 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/15 22:13:39 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/15 22:13:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/15 22:13:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/11/15 22:13:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/11/15 22:13:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/11/15 22:13:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/15 22:13:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/11/15 22:13:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/11/15 22:13:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/11/15 22:13:25 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/11/15 22:13:25 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/15 22:13:25 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/11/15 22:13:25 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/11/15 22:13:25 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/11/15 22:12:44 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/11/15 22:12:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/11/15 22:12:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/11/15 22:12:25 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/11/15 22:12:12 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/11/15 22:12:11 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/11/15 22:12:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/15 22:12:03 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/15 22:12:03 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/15 22:12:03 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/15 22:12:02 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/11/15 22:12:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/11/15 22:12:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/11/15 22:11:58 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/15 21:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/11 21:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/11 21:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/11 20:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/11 20:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/11 20:21:12 | 000,000,000 | ---D | C] -- C:\Users\spaceman\AppData\Local\Apple
[2011/11/11 20:21:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/07 20:58:01 | 006,210,336 | ---- | C] (Webroot Software, Inc.) -- C:\Users\spaceman\AppData\Roaming\wruninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/28 23:42:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\spaceman\Desktop\OTL.exe
[2011/11/28 23:41:59 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1001UA.job
[2011/11/28 23:36:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1005UA.job
[2011/11/28 23:34:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 23:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/28 23:07:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 23:07:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 21:41:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1001Core.job
[2011/11/28 21:23:21 | 000,602,478 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/28 21:23:21 | 000,106,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/28 20:36:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2775045081-4165944829-3255898935-1005Core.job
[2011/11/28 20:11:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/28 19:15:49 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/28 19:15:29 | 004,310,219 | R--- | M] (Swearware) -- C:\Users\spaceman\Desktop\ComboFix.exe
[2011/11/28 19:11:32 | 110,930,334 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/28 19:07:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 13:58:58 | 3215,835,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 01:47:52 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/27 00:57:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\spaceman\Desktop\dds.scr
[2011/11/26 23:52:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\spaceman\Desktop\TFC.exe
[2011/11/26 13:49:31 | 000,002,059 | ---- | M] () -- C:\Users\spaceman\Desktop\Google Chrome.lnk
[2011/11/26 13:49:31 | 000,002,021 | ---- | M] () -- C:\Users\spaceman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/26 13:47:53 | 000,000,680 | ---- | M] () -- C:\Users\spaceman\AppData\Local\d3d9caps.dat
[2011/11/22 16:24:27 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 18:57:22 | 000,418,281 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/18 18:04:10 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/11/18 18:04:09 | 000,001,399 | ---- | M] () -- C:\Users\spaceman\Desktop\DivX Movies.lnk
[2011/11/18 16:18:51 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/17 18:01:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/16 23:08:39 | 000,000,932 | ---- | M] () -- C:\Users\spaceman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/15 22:30:55 | 000,319,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/15 21:58:49 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/10 11:11:59 | 000,617,316 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 19:32:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/28 19:32:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/28 19:32:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/28 19:32:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/28 19:32:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/15 22:13:27 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/11/15 22:13:27 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/11/15 22:13:27 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/11/15 21:58:49 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/23 17:49:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/07/27 17:58:32 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/07/27 17:26:06 | 000,000,680 | ---- | C] () -- C:\Users\spaceman\AppData\Local\d3d9caps.dat
[2010/07/09 16:35:34 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/07/07 21:39:52 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/07 21:39:52 | 000,138,056 | ---- | C] () -- C:\Users\spaceman\AppData\Roaming\PnkBstrK.sys
[2010/07/07 21:39:29 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/07/07 21:39:18 | 002,506,752 | ---- | C] () -- C:\Windows\System32\pbsvc_new_5-9-08.exe
[2010/07/07 21:39:18 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/01/18 21:40:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 22:24:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 22:24:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/19 01:10:43 | 000,011,776 | ---- | C] () -- C:\Users\spaceman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/08 02:23:34 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/03 01:25:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/03/03 01:25:32 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/03 01:25:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/03 01:25:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/03/03 01:21:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/02 17:33:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/02 17:03:45 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/02 16:52:57 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/04/16 02:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,319,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,602,478 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,106,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/09/02 02:33:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\xfire_lsp_9028.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

















OTL Extras logfile created on: 28/11/2011 23:46:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\spaceman\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.88% Memory free
6.19 Gb Paging File | 4.29 Gb Available in Paging File | 69.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.75 Gb Total Space | 32.80 Gb Free Space | 14.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.60 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

Computer Name: HANNAH-PC | User Name: spaceman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2169E275-D1D4-4D6E-9B7E-F0ECF6AAF8AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9E719A8B-9426-435B-A335-DD9DCC93B186}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6A056-0A3E-4181-A212-AEA1DB49D98D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm |
"{039A3EE7-D55C-4F75-9076-C7D35DF3E4A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05901E7C-C9AA-440A-8F01-FBC87C1942E7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior ten hammers\fsw2.exe |
"{09F504CB-56D9-4482-A7CF-34F4109CA177}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{13A9FC7A-7891-472E-917E-9A598092E304}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{15A4C631-7C62-4336-8CE7-DBADC56972C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B7FC530-21C8-4202-9701-C25793546EAB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{1BAEB4B8-DA7B-4E3C-A750-6D87582FDB07}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40k.exe |
"{1C159D33-FEFD-4D5B-A73F-44398E147256}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior\launcher.exe |
"{1E9341F5-C7E1-40CB-886B-7963A14B8C14}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{1FF1F127-3154-4EC2-9D00-4E59D155C4CE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{22298643-F674-4294-830D-09AC27A74F0B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{272B6273-16E0-4F22-8ACA-054A661074DB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2877372F-8D30-4ABE-BD66-D025A13A7CE8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{2F8E866E-E52D-4F0E-B113-56B7DFC852AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33773D7B-086F-4689-A6D0-7DEC8E583B8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{35DA4480-6FB0-4E54-A99A-B94E285A7B6A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{42B2B348-7420-4B29-993A-C38F43514F2E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hegemony philip of macedon\launcher.exe |
"{4359F7AF-EB22-4CE9-BD22-0366B0F25978}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hegemony philip of macedon\launcher.exe |
"{4787B0AE-AA1A-4EA9-B284-1B3577578ABB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{4A8865A3-06E8-42E4-BE9F-E82B1C3B33D2}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{4C91BCD3-4F47-4A57-B500-EA772FFC2A74}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{4EA0DF85-CC09-418B-B3B3-464C48B8FCAF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{500C24F3-7619-4628-854B-4AF939A7712F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5025BB27-49D4-40F0-8C6C-86E849C75D91}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crysis 2\bin32\crysis2.exe |
"{522A4BE7-7AAB-4EAA-AD9C-6EAABD74B362}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{529FD1BB-EA58-47B7-B8F0-E68A4A0A704F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{5351E2D9-8D16-41D9-9232-9C7670258264}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{585E38AA-2640-44D6-85E5-AA7E6238D850}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58BCC11E-2542-4F01-A326-F0F4EB2E9556}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{5B1E8A4B-40B9-41F7-AAEE-854E4B98128D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\universe at war earth assault\launchuaw.exe |
"{60EF4B44-35BA-4068-87BC-B106F6A0E76C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{64148F7A-9746-42E5-BC19-E1A46CBDDE19}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{73165861-0CDF-4276-95F4-2ADAC3A4784E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\universe at war earth assault\launchuaw.exe |
"{74E833DB-AA28-400E-AC65-A4DD802B0618}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7EFDB132-B31C-47EC-9388-DDD03F3B1ECC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior ten hammers\help.htm |
"{7FDCF7C4-2D0F-4426-83B5-4323EDA20AC8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8FA70C9F-274E-406E-AD44-40CDF570C014}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{90647704-1555-441A-8B6D-AB663F415C5A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{9C0D149F-1B31-4FDA-824E-90969C89C48B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9C554C5C-7B66-4AB2-A9CF-4A6A352E16B9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{A99E94D9-B0D8-4F7C-BEE8-695FCC1CA0D0}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{AA76B836-0DDF-40A9-8ED0-98F0F6AB8939}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{AAFF1591-16EB-4381-B982-8295C9235ABE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{AB64C766-6526-4F4E-B34C-75E0E61D09F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{ACAF39BF-742B-45FD-8704-886694E949D1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm |
"{ADC7711E-7C85-4753-BB61-72B9E6259430}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{AF7DBC51-6627-4776-810E-143CD55D2B9F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"{B3DA12EB-C22E-42BF-9E63-89A9162E2C4B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B97C7166-58A7-48AF-9736-51C854D4BB27}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{BD9A71BF-6E2A-4D7A-8878-CBCA8C1FB5B3}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{C3308ADD-8BC7-4A62-9445-EF9AEFBB5F3C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C578CAB7-DECF-4CA3-A843-AB367BCA8285}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{C78EB07F-965F-497F-BED7-03A8497E4EA6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior ten hammers\help.htm |
"{CE1E3534-5B56-4458-889D-CBE2D2D67709}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{CE43E880-2631-4330-9F8F-EE7AB8D97905}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war gold\w40k.exe |
"{D3CBD296-01EF-4347-8173-2DE860C04D7D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior\help.htm |
"{D7997E38-2CF5-4771-8A6D-0C9DFABD9976}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior\help.htm |
"{D7AEC6FF-7937-4B9C-8707-4CC534B9B3CE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crysis 2\bin32\crysis2.exe |
"{ECEFF161-8A6D-4D2F-88C5-D117CAC5285C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EF534BB3-CCC9-4D8F-A31D-46A5E253F07D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior ten hammers\fsw2.exe |
"{F353629E-4FB2-416C-86DD-CA28FD67060A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{F570B91F-96F6-4E16-91A2-FAA42B343B5A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{FA549147-A56C-416D-93E0-FE97623BD0DE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\full spectrum warrior\launcher.exe |
"{FF0A0E98-3E72-448D-8D15-100A35B371C6}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"TCP Query User{42B0ACB2-8D9F-4869-BE60-F573B3AFFF68}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{448FCB77-5F81-4525-91D1-E464F8616189}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{67C0F534-7AF1-4B79-B081-3E3EEE2E1BBE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6E50C0CA-A606-438D-A0D8-E3464F55EECE}C:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe |
"TCP Query User{C598C69D-C1D5-4EE6-AC1D-342BC017EA51}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E20A0F5D-53A4-4B26-BB86-7EA36A5CD1A7}C:\program files\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe |
"TCP Query User{F6337F03-CFBE-4A32-89E0-0EA2D21F8262}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{F64CB705-6D2F-42D7-873F-C0CBC11CA164}C:\program files\ea games\medal of honor pacific assault™\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault™\mohpa.exe |
"UDP Query User{0AD1260D-9C1E-4614-86D7-135C9708440B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{161F70DF-3573-4F0D-A72A-B673B134303A}C:\program files\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe |
"UDP Query User{57026541-5528-4BF0-9E92-3FCD652D8C5B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{765E1B2B-E4C5-43E8-86C9-0F1B388011B3}C:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\universe at war earth assault\uawea.exe |
"UDP Query User{843F177F-477D-4685-A32D-6F1C3AD70A5F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8FDA4D5E-B2E9-43A0-AA6A-6C7A831A0508}C:\program files\ea games\medal of honor pacific assault™\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault™\mohpa.exe |
"UDP Query User{E4CFB176-3354-44AD-A199-503E853F805E}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{F5F83F49-09FC-40AE-AA6A-037CD6D595B5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7D004944-C4F1-4C44-AAD4-E7F85190ED00}" = AVG 2012
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A85DF75-64F2-4352-9534-8A76F8C1E511}_is1" = The Official Driver Theory Test (4th Edition, Revised May 2009)
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D7F69D7C-C33D-49A6-AFCD-9EED8ED1649E}" = M-M JC P2
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AVG" = AVG 2012
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Support Center" = Dell Support Center
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Finale NotePad 2011" = Finale NotePad 2011
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader_is1" = Foxit Reader 5.0
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Quick Search Box" = Google Quick Search Box
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Steam App 10430" = Universe at War: Earth Assault
"Steam App 13210" = Unreal Tournament 3
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 4520" = Full Spectrum Warrior
"Steam App 4530" = Full Spectrum Warrior: Ten Hammers
"Steam App 4560" = Company of Heroes
"Steam App 4570" = Warhammer 40,000: Dawn of War
"Steam App 4580" = Warhammer 40,000: Dawn of War - Dark Crusade
"Steam App 90100" = Hegemony: Philip of Macedon
"Steam App 9450" = Warhammer 40,000: Dawn of War - Soulstorm
"Steam App 99830" = Crysis 2
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2775045081-4165944829-3255898935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/11/2011 20:48:58 | Computer Name = Hannah-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/11/2011 08:30:50 | Computer Name = Hannah-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/11/2011 13:02:57 | Computer Name = Hannah-PC | Source = EventSystem | ID = 4621
Description =

Error - 27/11/2011 14:48:11 | Computer Name = Hannah-PC | Source = Perflib | ID = 1010
Description =

Error - 27/11/2011 14:48:14 | Computer Name = Hannah-PC | Source = Perflib | ID = 1008
Description =

Error - 27/11/2011 15:13:00 | Computer Name = Hannah-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000374, fault offset 0x000b06fc, process id 0x19f4, application
start time 0x01ccad3889b491e0.

Error - 27/11/2011 20:51:32 | Computer Name = Hannah-PC | Source = EventSystem | ID = 4621
Description =

Error - 28/11/2011 10:00:24 | Computer Name = Hannah-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/11/2011 15:14:10 | Computer Name = Hannah-PC | Source = Perflib | ID = 1010
Description =

Error - 28/11/2011 15:14:12 | Computer Name = Hannah-PC | Source = Perflib | ID = 1008
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 28 November 2011 - 07:26 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files\NOS\bin\np_gp.dll File not found
    O3 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4  
    PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    [2011/10/03 23:34:56 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2010/07/23 00:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2010/07/23 00:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/07/23 00:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2775045081-4165944829-3255898935-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 spaceman2155

spaceman2155
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 29 November 2011 - 05:43 PM

Hi Gringo,

I have included the report below. The PC seems to be responding a bit quicker, although the Blinkx and Babylon shortcuts are still on the Desktop.
Also I have have 50% CPU usage when I go into task Manager, but that could be normal, I am not sure, as there is a lot of processes running in the background in task manager. Windows explorer disappeared at the end of running OTL.exe but is fine on reboot.
If I go into the internet explorer tools and then manage add-on, search providers Ask.com is still showing enabled.

Regards, John

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90\ not found.
Registry value HKEY_USERS\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
No active process named datamngrUI.exe was found!
No active process named Updater.exe was found!
Registry value HKEY_USERS\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files\uTorrentBar\prxtbuTor.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-2775045081-4165944829-3255898935-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: (c:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll deleted successfully.
File pInit_DLLs: (c:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\spaceman\Desktop\cmd.bat deleted successfully.
C:\Users\spaceman\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gillian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 148950995 bytes
->Java cache emptied: 228230 bytes
->FireFox cache emptied: 47849391 bytes
->Flash cache emptied: 5506 bytes

User: Hannah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8925209 bytes
->Flash cache emptied: 1148 bytes

User: Hannah1
->Temp folder emptied: 3639280 bytes
->Temporary Internet Files folder emptied: 4213859317 bytes
->Java cache emptied: 3262746 bytes
->FireFox cache emptied: 21519393 bytes
->Flash cache emptied: 351911 bytes

User: John Rogers
->Temp folder emptied: 269400 bytes
->Temporary Internet Files folder emptied: 3223816146 bytes
->Java cache emptied: 45208765 bytes
->FireFox cache emptied: 28060525 bytes
->Google Chrome cache emptied: 38261529 bytes
->Flash cache emptied: 36399 bytes

User: Niamh
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 783930368 bytes
->Java cache emptied: 1761320 bytes
->Flash cache emptied: 38726 bytes

User: Public
->Temp folder emptied: 0 bytes

User: spaceman
->Temp folder emptied: 48942 bytes
->Temporary Internet Files folder emptied: 24867739 bytes
->Google Chrome cache emptied: 12015753 bytes
->Apple Safari cache emptied: 5435392 bytes
->Flash cache emptied: 6716 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 538680 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,214.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gillian
->Java cache emptied: 0 bytes

User: Hannah

User: Hannah1
->Java cache emptied: 0 bytes

User: John Rogers
->Java cache emptied: 0 bytes

User: Niamh
->Java cache emptied: 0 bytes

User: Public

User: spaceman

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gillian
->Flash cache emptied: 0 bytes

User: Hannah
->Flash cache emptied: 0 bytes

User: Hannah1
->Flash cache emptied: 0 bytes

User: John Rogers
->Flash cache emptied: 0 bytes

User: Niamh
->Flash cache emptied: 0 bytes

User: Public

User: spaceman
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_215734

Files\Folders moved on Reboot...
C:\Users\spaceman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\spaceman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

#8 spaceman2155

spaceman2155
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 29 November 2011 - 06:15 PM

Hi Gringo,

Further to my last post, I left my PC on but not using it and after about 15mins and Blinkx came up on the screen again like a screen saver.
regards,
John

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 29 November 2011 - 07:28 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 spaceman2155

spaceman2155
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 30 November 2011 - 11:56 AM

Hello Gringo,

Please see report below, it did not find any threats etc.

Thanks,
John






16:53:01.0622 4764 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:53:02.0335 4764 ============================================================
16:53:02.0335 4764 Current date / time: 2011/11/30 16:53:02.0335
16:53:02.0335 4764 SystemInfo:
16:53:02.0335 4764
16:53:02.0335 4764 OS Version: 6.0.6002 ServicePack: 2.0
16:53:02.0335 4764 Product type: Workstation
16:53:02.0335 4764 ComputerName: HANNAH-PC
16:53:02.0335 4764 UserName: spaceman
16:53:02.0335 4764 Windows directory: C:\Windows
16:53:02.0335 4764 System windows directory: C:\Windows
16:53:02.0335 4764 Processor architecture: Intel x86
16:53:02.0335 4764 Number of processors: 2
16:53:02.0335 4764 Page size: 0x1000
16:53:02.0335 4764 Boot type: Normal boot
16:53:02.0335 4764 ============================================================
16:53:03.0993 4764 Initialize success
16:53:14.0912 7948 ============================================================
16:53:14.0912 7948 Scan started
16:53:14.0912 7948 Mode: Manual;
16:53:14.0912 7948 ============================================================
16:53:16.0230 7948 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:53:16.0232 7948 ACPI - ok
16:53:16.0294 7948 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:53:16.0327 7948 adp94xx - ok
16:53:16.0362 7948 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:53:16.0384 7948 adpahci - ok
16:53:16.0417 7948 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:53:16.0437 7948 adpu160m - ok
16:53:16.0475 7948 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:53:16.0482 7948 adpu320 - ok
16:53:16.0588 7948 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:53:16.0611 7948 AFD - ok
16:53:16.0661 7948 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:53:16.0686 7948 agp440 - ok
16:53:16.0729 7948 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:53:16.0754 7948 aic78xx - ok
16:53:16.0785 7948 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:53:16.0793 7948 aliide - ok
16:53:16.0885 7948 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:53:16.0907 7948 amdagp - ok
16:53:16.0923 7948 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:53:16.0995 7948 amdide - ok
16:53:17.0016 7948 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:53:17.0056 7948 AmdK7 - ok
16:53:17.0084 7948 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:53:17.0102 7948 AmdK8 - ok
16:53:17.0140 7948 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:53:17.0144 7948 ApfiltrService - ok
16:53:17.0245 7948 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:53:17.0265 7948 arc - ok
16:53:17.0326 7948 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:53:17.0350 7948 arcsas - ok
16:53:17.0392 7948 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:17.0393 7948 AsyncMac - ok
16:53:17.0441 7948 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:53:17.0442 7948 atapi - ok
16:53:17.0589 7948 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:17.0677 7948 atikmdag - ok
16:53:17.0989 7948 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:53:17.0993 7948 AVGIDSDriver - ok
16:53:18.0097 7948 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:53:18.0099 7948 AVGIDSEH - ok
16:53:18.0161 7948 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:53:18.0163 7948 AVGIDSFilter - ok
16:53:18.0252 7948 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:53:18.0254 7948 AVGIDSShim - ok
16:53:18.0364 7948 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
16:53:18.0366 7948 Avgldx86 - ok
16:53:18.0425 7948 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:53:18.0426 7948 Avgmfx86 - ok
16:53:18.0502 7948 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:53:18.0504 7948 Avgrkx86 - ok
16:53:18.0605 7948 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
16:53:18.0607 7948 Avgtdix - ok
16:53:18.0880 7948 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:53:18.0881 7948 Beep - ok
16:53:19.0068 7948 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:53:19.0069 7948 blbdrive - ok
16:53:19.0207 7948 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:53:19.0210 7948 bowser - ok
16:53:19.0313 7948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:53:19.0341 7948 BrFiltLo - ok
16:53:19.0440 7948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:53:19.0464 7948 BrFiltUp - ok
16:53:19.0559 7948 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:53:19.0560 7948 Brserid - ok
16:53:19.0634 7948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:53:19.0635 7948 BrSerWdm - ok
16:53:19.0715 7948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:53:19.0715 7948 BrUsbMdm - ok
16:53:19.0782 7948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:53:19.0811 7948 BrUsbSer - ok
16:53:19.0905 7948 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
16:53:19.0906 7948 BthEnum - ok
16:53:19.0977 7948 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:19.0978 7948 BTHMODEM - ok
16:53:20.0136 7948 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:53:20.0137 7948 BthPan - ok
16:53:20.0322 7948 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
16:53:20.0326 7948 BthPort - ok
16:53:20.0399 7948 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
16:53:20.0399 7948 BTHUSB - ok
16:53:20.0474 7948 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys
16:53:20.0476 7948 btwaudio - ok
16:53:20.0557 7948 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys
16:53:20.0559 7948 btwavdt - ok
16:53:20.0682 7948 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:53:20.0683 7948 btwl2cap - ok
16:53:20.0746 7948 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys
16:53:20.0747 7948 btwrchid - ok
16:53:20.0904 7948 catchme - ok
16:53:21.0019 7948 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:21.0020 7948 cdfs - ok
16:53:21.0284 7948 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:53:21.0286 7948 cdrom - ok
16:53:21.0532 7948 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
16:53:21.0534 7948 circlass - ok
16:53:21.0740 7948 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:53:21.0746 7948 CLFS - ok
16:53:21.0867 7948 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:21.0869 7948 CmBatt - ok
16:53:21.0922 7948 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:53:21.0939 7948 cmdide - ok
16:53:22.0015 7948 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:53:22.0017 7948 Compbatt - ok
16:53:22.0095 7948 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:53:22.0097 7948 crcdisk - ok
16:53:22.0185 7948 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:53:22.0186 7948 Crusoe - ok
16:53:22.0319 7948 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:53:22.0320 7948 DfsC - ok
16:53:22.0551 7948 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:53:22.0553 7948 disk - ok
16:53:22.0771 7948 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:53:22.0775 7948 Dot4 - ok
16:53:22.0857 7948 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:53:22.0859 7948 Dot4Print - ok
16:53:22.0945 7948 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:53:22.0947 7948 dot4usb - ok
16:53:23.0045 7948 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:53:23.0046 7948 drmkaud - ok
16:53:23.0143 7948 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:23.0148 7948 DXGKrnl - ok
16:53:23.0231 7948 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:53:23.0233 7948 e1express - ok
16:53:23.0308 7948 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:53:23.0310 7948 E1G60 - ok
16:53:23.0525 7948 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:53:23.0618 7948 Ecache - ok
16:53:23.0767 7948 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:53:23.0770 7948 elxstor - ok
16:53:23.0904 7948 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:53:23.0904 7948 ErrDev - ok
16:53:24.0002 7948 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:53:24.0047 7948 exfat - ok
16:53:24.0116 7948 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:53:24.0120 7948 fastfat - ok
16:53:24.0182 7948 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:53:24.0183 7948 fdc - ok
16:53:24.0263 7948 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:53:24.0266 7948 FileInfo - ok
16:53:24.0342 7948 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:53:24.0344 7948 Filetrace - ok
16:53:24.0423 7948 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:24.0544 7948 flpydisk - ok
16:53:24.0675 7948 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:53:24.0679 7948 FltMgr - ok
16:53:24.0788 7948 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:24.0806 7948 Fs_Rec - ok
16:53:24.0898 7948 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:53:24.0899 7948 gagp30kx - ok
16:53:24.0961 7948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:53:24.0963 7948 GEARAspiWDM - ok
16:53:25.0205 7948 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
16:53:25.0210 7948 HdAudAddService - ok
16:53:25.0316 7948 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:53:25.0321 7948 HDAudBus - ok
16:53:25.0393 7948 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
16:53:25.0394 7948 HidBth - ok
16:53:25.0540 7948 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
16:53:25.0571 7948 HidIr - ok
16:53:25.0686 7948 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:53:25.0688 7948 HidUsb - ok
16:53:25.0770 7948 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:53:25.0777 7948 HpCISSs - ok
16:53:25.0863 7948 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:53:25.0872 7948 HTTP - ok
16:53:25.0929 7948 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:53:25.0933 7948 i2omp - ok
16:53:26.0009 7948 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:53:26.0011 7948 i8042prt - ok
16:53:26.0092 7948 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:53:26.0094 7948 iaStorV - ok
16:53:26.0179 7948 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:53:26.0191 7948 iirsp - ok
16:53:26.0273 7948 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:53:26.0302 7948 intelide - ok
16:53:26.0431 7948 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:26.0431 7948 intelppm - ok
16:53:26.0563 7948 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:26.0565 7948 IpFilterDriver - ok
16:53:26.0639 7948 IpInIp - ok
16:53:26.0669 7948 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:53:26.0670 7948 IPMIDRV - ok
16:53:26.0712 7948 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:53:26.0715 7948 IPNAT - ok
16:53:26.0787 7948 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:53:26.0789 7948 IRENUM - ok
16:53:26.0812 7948 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:53:26.0813 7948 isapnp - ok
16:53:26.0867 7948 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:53:26.0869 7948 iScsiPrt - ok
16:53:26.0954 7948 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:53:26.0962 7948 iteatapi - ok
16:53:27.0160 7948 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys
16:53:27.0161 7948 itecir - ok
16:53:27.0203 7948 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:53:27.0229 7948 iteraid - ok
16:53:27.0268 7948 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
16:53:27.0272 7948 k57nd60x - ok
16:53:27.0300 7948 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:27.0301 7948 kbdclass - ok
16:53:27.0345 7948 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:53:27.0347 7948 kbdhid - ok
16:53:27.0417 7948 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:53:27.0425 7948 KSecDD - ok
16:53:27.0458 7948 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:27.0460 7948 lltdio - ok
16:53:27.0499 7948 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:53:27.0512 7948 LSI_FC - ok
16:53:27.0555 7948 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:53:27.0557 7948 LSI_SAS - ok
16:53:27.0627 7948 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:53:27.0648 7948 LSI_SCSI - ok
16:53:27.0672 7948 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:53:27.0673 7948 luafv - ok
16:53:27.0716 7948 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
16:53:27.0717 7948 MBAMProtector - ok
16:53:27.0761 7948 MBAMSwissArmy - ok
16:53:27.0794 7948 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:53:27.0823 7948 megasas - ok
16:53:27.0870 7948 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:53:27.0873 7948 MegaSR - ok
16:53:27.0907 7948 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:53:27.0908 7948 Modem - ok
16:53:27.0950 7948 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:53:27.0951 7948 monitor - ok
16:53:27.0972 7948 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:53:27.0974 7948 mouclass - ok
16:53:27.0998 7948 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:53:28.0000 7948 mouhid - ok
16:53:28.0025 7948 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:53:28.0027 7948 MountMgr - ok
16:53:28.0085 7948 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:53:28.0087 7948 MpFilter - ok
16:53:28.0120 7948 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:53:28.0122 7948 mpio - ok
16:53:28.0280 7948 MpKsl093a283f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A64BF05-1401-49DA-A2AB-D7AA86562B68}\MpKsl093a283f.sys
16:53:28.0282 7948 MpKsl093a283f - ok
16:53:28.0302 7948 MpKsl12ee8fb1 - ok
16:53:28.0319 7948 MpKsl1c61270d - ok
16:53:28.0332 7948 MpKsl1dbaf0c5 - ok
16:53:28.0339 7948 MpKsl220ec31c - ok
16:53:28.0350 7948 MpKsl251f55c9 - ok
16:53:28.0358 7948 MpKsl2780d827 - ok
16:53:28.0384 7948 MpKsl2a55481f - ok
16:53:28.0399 7948 MpKsl3c22ec5a - ok
16:53:28.0406 7948 MpKsl414fdae0 - ok
16:53:28.0414 7948 MpKsl41cb12bf - ok
16:53:28.0439 7948 MpKsl4abe8f8a - ok
16:53:28.0449 7948 MpKsl52eb42dc - ok
16:53:28.0459 7948 MpKsl56bed484 - ok
16:53:28.0469 7948 MpKsl5966d080 - ok
16:53:28.0479 7948 MpKsl59cf5f6e - ok
16:53:28.0485 7948 MpKsl5c712fc8 - ok
16:53:28.0493 7948 MpKsl5de9f4b5 - ok
16:53:28.0501 7948 MpKsl5e498720 - ok
16:53:28.0510 7948 MpKsl6896f97a - ok
16:53:28.0530 7948 MpKsl808e6a57 - ok
16:53:28.0539 7948 MpKsl84e3e378 - ok
16:53:28.0549 7948 MpKsl8f66b138 - ok
16:53:28.0592 7948 MpKsl9aa7d8af - ok
16:53:28.0602 7948 MpKsl9e7ee0aa - ok
16:53:28.0612 7948 MpKslb032a79a - ok
16:53:28.0622 7948 MpKslb2fc5aea - ok
16:53:28.0633 7948 MpKslb456081f - ok
16:53:28.0655 7948 MpKslb89d8182 - ok
16:53:28.0675 7948 MpKslbc2d613f - ok
16:53:28.0685 7948 MpKslc193b93c - ok
16:53:28.0706 7948 MpKslc710acad - ok
16:53:28.0716 7948 MpKslcd17aace - ok
16:53:28.0725 7948 MpKslcf75d128 - ok
16:53:28.0735 7948 MpKsld12671b4 - ok
16:53:28.0757 7948 MpKsld18e51fd - ok
16:53:28.0763 7948 MpKsldd43f656 - ok
16:53:28.0778 7948 MpKsle135eb7e - ok
16:53:28.0789 7948 MpKsle1835264 - ok
16:53:28.0799 7948 MpKsle690e6e0 - ok
16:53:28.0818 7948 MpKsled70dd3e - ok
16:53:28.0833 7948 MpKslf3277095 - ok
16:53:28.0850 7948 MpKslfb9524c3 - ok
16:53:28.0872 7948 MpKslfd3e0a16 - ok
16:53:28.0882 7948 MpKslfd6f81d6 - ok
16:53:28.0895 7948 MpKslffed6766 - ok
16:53:29.0006 7948 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:53:29.0007 7948 MpNWMon - ok
16:53:29.0060 7948 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:53:29.0063 7948 mpsdrv - ok
16:53:29.0095 7948 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:53:29.0108 7948 Mraid35x - ok
16:53:29.0172 7948 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:53:29.0175 7948 MRxDAV - ok
16:53:29.0243 7948 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:29.0246 7948 mrxsmb - ok
16:53:29.0302 7948 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:29.0329 7948 mrxsmb10 - ok
16:53:29.0346 7948 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:29.0349 7948 mrxsmb20 - ok
16:53:29.0411 7948 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
16:53:29.0412 7948 msahci - ok
16:53:29.0460 7948 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:53:29.0470 7948 msdsm - ok
16:53:29.0495 7948 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:53:29.0497 7948 Msfs - ok
16:53:29.0559 7948 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:53:29.0561 7948 msisadrv - ok
16:53:29.0610 7948 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:53:29.0612 7948 MSKSSRV - ok
16:53:29.0668 7948 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:29.0669 7948 MSPCLOCK - ok
16:53:29.0709 7948 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:53:29.0710 7948 MSPQM - ok
16:53:29.0767 7948 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:53:29.0769 7948 MsRPC - ok
16:53:29.0792 7948 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:53:29.0793 7948 mssmbios - ok
16:53:29.0820 7948 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:53:29.0821 7948 MSTEE - ok
16:53:29.0854 7948 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:53:29.0856 7948 Mup - ok
16:53:29.0932 7948 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:53:29.0936 7948 NativeWifiP - ok
16:53:30.0006 7948 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:53:30.0011 7948 NDIS - ok
16:53:30.0052 7948 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:30.0054 7948 NdisTapi - ok
16:53:30.0075 7948 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:30.0077 7948 Ndisuio - ok
16:53:30.0149 7948 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:30.0152 7948 NdisWan - ok
16:53:30.0180 7948 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:53:30.0192 7948 NDProxy - ok
16:53:30.0235 7948 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:53:30.0237 7948 NetBIOS - ok
16:53:30.0300 7948 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:53:30.0305 7948 netbt - ok
16:53:30.0447 7948 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:53:30.0471 7948 NETw5v32 - ok
16:53:30.0498 7948 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:53:30.0499 7948 nfrd960 - ok
16:53:30.0542 7948 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:53:30.0544 7948 NisDrv - ok
16:53:30.0615 7948 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:53:30.0617 7948 Npfs - ok
16:53:30.0652 7948 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:53:30.0653 7948 nsiproxy - ok
16:53:30.0736 7948 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:53:30.0744 7948 Ntfs - ok
16:53:30.0804 7948 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:53:30.0836 7948 ntrigdigi - ok
16:53:30.0892 7948 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:53:30.0904 7948 Null - ok
16:53:30.0977 7948 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:53:30.0979 7948 nvraid - ok
16:53:31.0058 7948 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:53:31.0059 7948 nvstor - ok
16:53:31.0130 7948 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:53:31.0131 7948 nv_agp - ok
16:53:31.0219 7948 NwlnkFlt - ok
16:53:31.0261 7948 NwlnkFwd - ok
16:53:31.0359 7948 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
16:53:31.0361 7948 OA001Ufd - ok
16:53:31.0424 7948 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
16:53:31.0431 7948 OA001Vid - ok
16:53:31.0493 7948 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:53:31.0495 7948 ohci1394 - ok
16:53:31.0551 7948 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:53:31.0552 7948 Parport - ok
16:53:31.0604 7948 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:53:31.0607 7948 partmgr - ok
16:53:31.0645 7948 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:53:31.0651 7948 Parvdm - ok
16:53:31.0736 7948 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
16:53:31.0737 7948 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
16:53:31.0786 7948 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:53:31.0787 7948 pci - ok
16:53:31.0810 7948 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:53:31.0824 7948 pciide - ok
16:53:31.0848 7948 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:53:31.0850 7948 pcmcia - ok
16:53:31.0907 7948 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:53:31.0930 7948 PEAUTH - ok
16:53:32.0021 7948 PnkBstrK (10be25c04613b70d8ce1f412e14d9454) C:\Windows\system32\drivers\PnkBstrK.sys
16:53:32.0044 7948 PnkBstrK - ok
16:53:32.0094 7948 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:53:32.0096 7948 PptpMiniport - ok
16:53:32.0326 7948 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:53:32.0336 7948 Processor - ok
16:53:32.0439 7948 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:53:32.0440 7948 PSched - ok
16:53:32.0553 7948 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
16:53:32.0555 7948 PxHelp20 - ok
16:53:32.0699 7948 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:53:32.0707 7948 ql2300 - ok
16:53:32.0830 7948 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:53:32.0832 7948 ql40xx - ok
16:53:32.0904 7948 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:53:32.0905 7948 QWAVEdrv - ok
16:53:33.0061 7948 R300 (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:33.0086 7948 R300 - ok
16:53:33.0183 7948 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:53:33.0185 7948 RasAcd - ok
16:53:33.0267 7948 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:33.0270 7948 Rasl2tp - ok
16:53:33.0344 7948 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:33.0347 7948 RasPppoe - ok
16:53:33.0443 7948 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:53:33.0459 7948 RasSstp - ok
16:53:33.0592 7948 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:53:33.0597 7948 rdbss - ok
16:53:33.0655 7948 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:33.0656 7948 RDPCDD - ok
16:53:33.0744 7948 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:53:33.0745 7948 rdpdr - ok
16:53:33.0809 7948 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:53:33.0811 7948 RDPENCDD - ok
16:53:33.0912 7948 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:53:33.0945 7948 RDPWD - ok
16:53:34.0064 7948 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
16:53:34.0066 7948 RFCOMM - ok
16:53:34.0140 7948 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:53:34.0141 7948 rimmptsk - ok
16:53:34.0204 7948 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:53:34.0205 7948 rimsptsk - ok
16:53:34.0293 7948 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:53:34.0295 7948 rismxdp - ok
16:53:34.0382 7948 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:53:34.0384 7948 rspndr - ok
16:53:34.0459 7948 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:53:34.0478 7948 sbp2port - ok
16:53:34.0559 7948 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:53:34.0562 7948 sdbus - ok
16:53:34.0581 7948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:53:34.0584 7948 secdrv - ok
16:53:34.0615 7948 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:53:34.0620 7948 Serenum - ok
16:53:34.0639 7948 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:53:34.0640 7948 Serial - ok
16:53:34.0673 7948 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:53:34.0687 7948 sermouse - ok
16:53:34.0735 7948 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:53:34.0760 7948 sffdisk - ok
16:53:34.0787 7948 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:53:34.0794 7948 sffp_mmc - ok
16:53:34.0832 7948 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:53:34.0858 7948 sffp_sd - ok
16:53:34.0900 7948 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:53:34.0908 7948 sfloppy - ok
16:53:34.0939 7948 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:53:34.0940 7948 sisagp - ok
16:53:34.0960 7948 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:53:34.0961 7948 SiSRaid2 - ok
16:53:34.0982 7948 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:53:34.0983 7948 SiSRaid4 - ok
16:53:35.0059 7948 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:53:35.0062 7948 Smb - ok
16:53:35.0092 7948 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:53:35.0094 7948 spldr - ok
16:53:35.0175 7948 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:53:35.0182 7948 srv - ok
16:53:35.0284 7948 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:53:35.0287 7948 srv2 - ok
16:53:35.0380 7948 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:53:35.0384 7948 srvnet - ok
16:53:35.0536 7948 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
16:53:35.0539 7948 STHDA - ok
16:53:35.0595 7948 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:53:35.0596 7948 swenum - ok
16:53:35.0685 7948 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:53:35.0704 7948 Symc8xx - ok
16:53:35.0797 7948 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:53:35.0817 7948 Sym_hi - ok
16:53:35.0901 7948 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:53:35.0918 7948 Sym_u3 - ok
16:53:36.0008 7948 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
16:53:36.0031 7948 Tcpip - ok
16:53:36.0060 7948 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
16:53:36.0067 7948 Tcpip6 - ok
16:53:36.0152 7948 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
16:53:36.0154 7948 tcpipreg - ok
16:53:36.0219 7948 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:53:36.0220 7948 TDPIPE - ok
16:53:36.0292 7948 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:53:36.0294 7948 TDTCP - ok
16:53:36.0393 7948 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:53:36.0396 7948 tdx - ok
16:53:36.0457 7948 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:53:36.0459 7948 TermDD - ok
16:53:36.0552 7948 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:36.0554 7948 tssecsrv - ok
16:53:36.0643 7948 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:53:36.0645 7948 tunmp - ok
16:53:36.0711 7948 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:53:36.0712 7948 tunnel - ok
16:53:36.0799 7948 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:53:36.0805 7948 uagp35 - ok
16:53:36.0888 7948 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:53:36.0896 7948 udfs - ok
16:53:36.0979 7948 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:53:37.0010 7948 uliagpkx - ok
16:53:37.0087 7948 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:53:37.0121 7948 uliahci - ok
16:53:37.0210 7948 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:53:37.0213 7948 UlSata - ok
16:53:37.0353 7948 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:53:37.0362 7948 ulsata2 - ok
16:53:37.0428 7948 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:53:37.0430 7948 umbus - ok
16:53:37.0528 7948 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:53:37.0530 7948 USBAAPL - ok
16:53:37.0651 7948 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:37.0654 7948 usbccgp - ok
16:53:37.0728 7948 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:53:37.0749 7948 usbcir - ok
16:53:37.0891 7948 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:53:37.0894 7948 usbehci - ok
16:53:37.0998 7948 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:53:38.0002 7948 usbhub - ok
16:53:38.0060 7948 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:53:38.0082 7948 usbohci - ok
16:53:38.0208 7948 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:53:38.0210 7948 usbprint - ok
16:53:38.0362 7948 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:53:38.0364 7948 usbscan - ok
16:53:38.0550 7948 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:53:38.0552 7948 USBSTOR - ok
16:53:38.0684 7948 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:53:38.0686 7948 usbuhci - ok
16:53:38.0892 7948 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:38.0894 7948 vga - ok
16:53:39.0219 7948 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:53:39.0245 7948 VgaSave - ok
16:53:39.0480 7948 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:53:39.0487 7948 viaagp - ok
16:53:39.0707 7948 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:53:39.0713 7948 ViaC7 - ok
16:53:39.0940 7948 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:53:39.0966 7948 viaide - ok
16:53:40.0073 7948 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:53:40.0075 7948 volmgr - ok
16:53:40.0215 7948 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:53:40.0222 7948 volmgrx - ok
16:53:40.0308 7948 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:53:40.0313 7948 volsnap - ok
16:53:40.0642 7948 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:53:40.0690 7948 vsmraid - ok
16:53:40.0950 7948 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:53:40.0965 7948 WacomPen - ok
16:53:41.0193 7948 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:41.0196 7948 Wanarp - ok
16:53:41.0251 7948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:41.0252 7948 Wanarpv6 - ok
16:53:41.0491 7948 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:53:41.0493 7948 Wd - ok
16:53:41.0822 7948 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:53:41.0833 7948 Wdf01000 - ok
16:53:42.0198 7948 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:53:42.0199 7948 WmiAcpi - ok
16:53:42.0459 7948 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:53:42.0475 7948 WpdUsb - ok
16:53:42.0701 7948 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:53:42.0703 7948 ws2ifsl - ok
16:53:43.0030 7948 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:43.0031 7948 WUDFRd - ok
16:53:43.0172 7948 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:53:43.0215 7948 \Device\Harddisk0\DR0 - ok
16:53:43.0256 7948 Boot (0x1200) (11fb85dbe955a42ac6773fba210fb042) \Device\Harddisk0\DR0\Partition0
16:53:43.0258 7948 \Device\Harddisk0\DR0\Partition0 - ok
16:53:43.0268 7948 Boot (0x1200) (6acf30020da0de0f8bf9dba185aa22a4) \Device\Harddisk0\DR0\Partition1
16:53:43.0270 7948 \Device\Harddisk0\DR0\Partition1 - ok
16:53:43.0309 7948 ============================================================
16:53:43.0309 7948 Scan finished
16:53:43.0309 7948 ============================================================
16:53:43.0356 5700 Detected object count: 0
16:53:43.0356 5700 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 30 November 2011 - 12:21 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 spaceman2155

spaceman2155
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 30 November 2011 - 01:40 PM

Hi Gringo,

Windows exploxer stalled again today and came back AVG scan was running at the time.
Here is the report attached.

Regards,
John

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Advanced Audio FX Engine
AGEIA PhysX v7.11.13
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
µTorrent
AVG 2012
AVG PC Tuneup 2011
Battlefield: Bad Company 2
Bing Bar
blinkx beat
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Choice Guard
Company of Heroes
Company of Heroes: Tales of Valor
Compatibility Pack for the 2007 Office system
Crysis 2
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Video Chat (remove only)
Dell Webcam Central
DivX Setup
EDocs
Finale NotePad 2011
FLV Player 2.0 (build 25)
Foxit Reader 5.0
Full Spectrum Warrior
Full Spectrum Warrior: Ten Hammers
Google Chrome
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hegemony: Philip of Macedon
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.06.03.0309)
ITECIR Driver
iTunes
Java™ 6 Update 11
Junk Mail filter update
Live! Cam Avatar Creator
M-M JC P2
Malwarebytes' Anti-Malware version 1.51.2.1300
Medal of Honor Pacific Assault™
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2000 SR-1 Premium
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
OGA Notifier 2.0.0048.0
OpenAL
PunkBuster Services
QuickSet
QuickTime
Rome - Total War™
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skins
Skype Toolbars
Skype™ 5.3
Steam
The Official Driver Theory Test (4th Edition, Revised May 2009)
Universe at War: Earth Assault
Unreal Tournament 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
Warhammer 40,000: Dawn of War
Warhammer 40,000: Dawn of War - Dark Crusade
Warhammer 40,000: Dawn of War - Soulstorm
Warhammer 40,000: Dawn of War II
WIDCOMM Bluetooth Software 6.1.0.4402
Windows iLivid Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xfire (remove only)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 30 November 2011 - 02:53 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

blinkx beat

and click on remove



Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 spaceman2155

spaceman2155
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 30 November 2011 - 08:16 PM

Hello Gringo,

I went into control panel and programs and features, but Blinkx beat is not on the list of applications

I installed the latest version of Java, it completed it and then went on to the web and then it said it had a problem running a script file, but it looks like it installed ok.

Nothing new to report on the PC

Thanks,
John





Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8280

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01/12/2011 01:07:41
mbam-log-2011-12-01 (01-07-41).txt

Scan type: Quick scan
Objects scanned: 255183
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:51:33, on 01/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ’ž127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ie.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12081 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 30 November 2011 - 09:19 PM

hello

try this and see if you can see blintx

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs click on xxxxx and chose Uninstall
  • When prompted click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, when prompted again click Yes > Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Next > Yes.
  • Once done click Finish.
.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users