Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Delayed Write Failed virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 CapriSun

CapriSun

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 29 December 2011 - 05:20 PM

These are new logs, done after my notes in bold below:

Link to post where instructions were given

Last night my son was on a wiki for a PS3 game, and apparently disabled NoScript while there. He inadvertently let a nasty through, and when the computer restarted everything was hidden - icons, etc. It looked like my computer had been wiped completely clean. Talk about panic!

On restart, multiple dialog boxes opened with a "Windows Delayed Write Failed" warning. Then it opened a fake scan (which I fell for the first time, but stopped halfway through when I came to my senses).

Running a Dell with Windows 7 Home with Avira.

DDS.txt as requested:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by TJ at 4:58:49 on 2011-12-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4726 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\TJ\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110310164923.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Google Update] "C:\Users\TJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{50282C8C-2FAE-4E45-9762-E79B9A2B4688} : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110310164923.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=6R7SjcTEBA&search=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\TJ\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-15 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-10 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-10 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BayerHealthcareService;BayerHealthcareService;C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [2011-6-1 155648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-8 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-8 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-8 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HP1319EWS;HP1319EWS;C:\Windows\system32\Drivers\HP1319EWS.sys --> C:\Windows\system32\Drivers\HP1319EWS.sys [?]
R3 HP1319FAX;HP1319MFP FAX;C:\Windows\system32\Drivers\HP1319FAX.sys --> C:\Windows\system32\Drivers\HP1319FAX.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-16 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-4-28 401920]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys --> C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-16 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-8 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-13 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-30 09:24:20 -------- d-----w- C:\Windows\pss
2011-12-30 04:39:19 -------- d-----w- C:\Users\TJ\AppData\Local\{E3A587D8-3205-4609-BA54-80FA417A0996}
2011-12-30 04:38:51 -------- d-----w- C:\Users\TJ\AppData\Local\{CA22D3C8-FF4F-466A-8C05-E4CAD0431D56}
2011-12-30 03:59:42 -------- d-----w- C:\Users\TJ\AppData\Local\Microsoft Games
2011-12-30 02:17:07 16200 ----a-w- C:\Windows\stinger.sys
2011-12-30 02:10:18 -------- d-----w- C:\Users\TJ\AppData\Local\{99B606FB-C0FA-4D15-80C9-02A2488DDE72}
2011-12-30 01:39:28 -------- d-----w- C:\Users\TJ\AppData\Local\{32FB95DD-B862-4C0B-BD68-D6FBD0C280AC}
2011-12-29 22:52:34 -------- d-----w- C:\Users\TJ\AppData\Roaming\Malwarebytes
2011-12-29 22:16:32 -------- d-----w- C:\Users\TJ\AppData\Local\WinZip
2011-12-29 21:15:38 -------- d-----w- C:\Users\TJ\AppData\Local\{8AB147DE-0C2A-4A4A-9059-6D21D7FA3B37}
2011-12-29 21:15:15 -------- d-----w- C:\Users\TJ\AppData\Local\{AC4B617A-8C74-4266-AFC1-630365E8BD12}
2011-12-29 13:06:15 -------- d-----w- C:\Users\TJ\AppData\Roaming\SUPERAntiSpyware.com
2011-12-29 13:05:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-29 13:05:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-29 09:14:49 -------- d-----w- C:\Users\TJ\AppData\Local\{72B97819-22D9-48CF-955F-FFFB90413278}
2011-12-29 09:14:26 -------- d-----w- C:\Users\TJ\AppData\Local\{EE01A052-2B3F-4774-A718-D74B0F1C71B8}
2011-12-28 21:14:13 -------- d-----w- C:\Users\TJ\AppData\Local\{73E1267D-4DEC-47ED-A3F5-832CF3CB58C1}
2011-12-28 21:13:50 -------- d-----w- C:\Users\TJ\AppData\Local\{A36B8DB8-7054-4BBD-913D-78B125668602}
2011-12-28 09:13:37 -------- d-----w- C:\Users\TJ\AppData\Local\{3D301EC2-1D0F-498C-8A4A-40663DE23AFA}
2011-12-28 09:13:14 -------- d-----w- C:\Users\TJ\AppData\Local\{421871FA-6A05-469E-A3B3-3B80C614A5F3}
2011-12-27 21:12:59 -------- d-----w- C:\Users\TJ\AppData\Local\{90CA442D-3AB2-4DDA-8CD1-A7E6BC27A59B}
2011-12-27 21:12:36 -------- d-----w- C:\Users\TJ\AppData\Local\{0C4B35D6-31F7-425A-9AF3-6ED9DC6803DD}
2011-12-27 09:12:22 -------- d-----w- C:\Users\TJ\AppData\Local\{0DF17DF9-F672-41A5-A317-3D161A44EF73}
2011-12-27 09:11:59 -------- d-----w- C:\Users\TJ\AppData\Local\{02A7852F-64AC-4607-AF8C-FE1B89774E9A}
2011-12-26 21:11:46 -------- d-----w- C:\Users\TJ\AppData\Local\{C53BFCEB-A9BF-4BB8-B04E-F18D878E42D3}
2011-12-26 21:11:33 -------- d-----w- C:\Users\TJ\AppData\Local\{A4DFFBAB-BD23-4C1E-82BE-0B5629906ED3}
2011-12-26 09:25:18 275648 ----a-w- C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys
2011-12-26 09:25:17 -------- d-----w- C:\Users\TJ\AppData\Roaming\BDlot
2011-12-26 09:25:06 -------- d-----w- C:\Program Files\LotSoft
2011-12-26 08:31:22 -------- d-----w- C:\Users\TJ\AppData\Local\{692AE56F-E3B7-4BA9-B1BF-C25A79E63FDD}
2011-12-26 08:31:00 -------- d-----w- C:\Users\TJ\AppData\Local\{216648EC-94BA-487D-A36B-6EFBBF85D2B6}
2011-12-25 20:30:47 -------- d-----w- C:\Users\TJ\AppData\Local\{27461891-4CF3-47CA-A178-5978EA189F6D}
2011-12-25 20:30:24 -------- d-----w- C:\Users\TJ\AppData\Local\{621EE08A-0965-49DE-B9A5-A62837D42C67}
2011-12-25 08:30:11 -------- d-----w- C:\Users\TJ\AppData\Local\{99CE92A5-E941-4137-A726-3E396A4C00F8}
2011-12-25 08:29:48 -------- d-----w- C:\Users\TJ\AppData\Local\{1D12579D-5BF8-4B02-A1D8-7DC894E41823}
2011-12-24 20:29:35 -------- d-----w- C:\Users\TJ\AppData\Local\{1D9A91F2-4F68-4A87-A8CD-C4507B6E8132}
2011-12-24 20:29:12 -------- d-----w- C:\Users\TJ\AppData\Local\{EE9EBD25-81C8-4A43-83BA-DDFF43933B00}
2011-12-24 08:28:58 -------- d-----w- C:\Users\TJ\AppData\Local\{6B0AEE40-E92A-422D-A28E-088816B0195D}
2011-12-24 08:28:47 -------- d-----w- C:\Users\TJ\AppData\Local\{F47E466E-02D1-4655-A1AC-F9642019624F}
2011-12-23 20:28:34 -------- d-----w- C:\Users\TJ\AppData\Local\{BDAF53BA-1770-4A1F-9EAF-7B16C9FC0960}
2011-12-23 20:28:23 -------- d-----w- C:\Users\TJ\AppData\Local\{A0ED4CA4-7579-45EA-9C96-324F64A9CB36}
2011-12-23 08:27:11 -------- d-----w- C:\Users\TJ\AppData\Local\{94D422F5-D7EB-40AB-BCB8-81806A6FB2B8}
2011-12-23 08:26:57 -------- d-----w- C:\Users\TJ\AppData\Local\{36E255B1-3113-4E6E-A26F-DB5F19504455}
2011-12-22 20:08:53 -------- d-----w- C:\Users\TJ\AppData\Local\{9B840165-C3FC-4D31-B4EC-306A9815AA12}
2011-12-22 20:08:30 -------- d-----w- C:\Users\TJ\AppData\Local\{315A1018-215B-461F-9056-67AD0E191604}
2011-12-22 08:08:17 -------- d-----w- C:\Users\TJ\AppData\Local\{02AA1D4B-205E-43A8-AD81-E6731E892BE3}
2011-12-22 08:07:55 -------- d-----w- C:\Users\TJ\AppData\Local\{25DF3B0E-7963-40D5-89CD-61E2BDE4CB13}
2011-12-21 20:07:42 -------- d-----w- C:\Users\TJ\AppData\Local\{0B37985D-2B59-4052-9237-A4E29CD72718}
2011-12-21 20:07:20 -------- d-----w- C:\Users\TJ\AppData\Local\{3AB7F5B8-0B42-433E-AC26-D869F6C22C30}
2011-12-21 08:07:07 -------- d-----w- C:\Users\TJ\AppData\Local\{644A1A04-A2F9-4DAE-9828-91B57AB0606E}
2011-12-21 08:06:44 -------- d-----w- C:\Users\TJ\AppData\Local\{89A50D4F-1F90-4018-9192-BEAACE6468DB}
2011-12-20 20:06:31 -------- d-----w- C:\Users\TJ\AppData\Local\{FE89E7DF-663B-4A3F-B273-C04AD3E7B4FC}
2011-12-20 20:06:20 -------- d-----w- C:\Users\TJ\AppData\Local\{998DFA5B-6338-4AB5-B5BD-A45855D2623A}
2011-12-20 08:06:03 -------- d-----w- C:\Users\TJ\AppData\Local\{73B08221-4CDE-47A9-9FEC-91CA1D8251B0}
2011-12-20 08:05:41 -------- d-----w- C:\Users\TJ\AppData\Local\{B8480168-F842-45A5-ADD1-8B68348544B4}
2011-12-19 20:05:28 -------- d-----w- C:\Users\TJ\AppData\Local\{1AA32316-893F-4EE9-945D-D9A7BA140708}
2011-12-19 20:05:05 -------- d-----w- C:\Users\TJ\AppData\Local\{3B89EFCF-EF1D-495D-A4ED-31E6EC4B65CA}
2011-12-19 08:04:52 -------- d-----w- C:\Users\TJ\AppData\Local\{85E5FF79-C21A-4253-A403-F3159CA9D351}
2011-12-18 20:04:14 -------- d-----w- C:\Users\TJ\AppData\Local\{D8A93D2E-3F78-4F53-A82C-44486649E8F7}
2011-12-18 05:42:07 -------- d-----w- C:\Users\TJ\AppData\Local\{4A854221-211A-4870-B044-BEFEE4A7979D}
2011-12-17 17:41:30 -------- d-----w- C:\Users\TJ\AppData\Local\{0740E1E0-5EF3-4A48-9C39-4ECDEBBFC4A2}
2011-12-17 17:41:17 -------- d-----w- C:\Users\TJ\AppData\Local\{663B5A66-6132-4FEA-B679-6F913F64FBA9}
2011-12-17 03:23:50 -------- d-----w- C:\Users\TJ\AppData\Local\{100D6182-2D1E-4BBE-8C82-A62A8302B7FB}
2011-12-17 03:23:28 -------- d-----w- C:\Users\TJ\AppData\Local\{2C25846E-E5E6-420B-980E-FC1E9908EE46}
2011-12-16 15:23:14 -------- d-----w- C:\Users\TJ\AppData\Local\{21F1EB0C-A6AA-4EEA-BB4D-C33FEC8CEE39}
2011-12-16 15:22:51 -------- d-----w- C:\Users\TJ\AppData\Local\{F5C45895-E948-42F9-B1B8-BA89F349BD62}
2011-12-16 03:22:38 -------- d-----w- C:\Users\TJ\AppData\Local\{72E1ECEE-6810-4DE0-87B8-FDD82C78C5BE}
2011-12-16 03:22:16 -------- d-----w- C:\Users\TJ\AppData\Local\{DB266D5C-9DE5-43A9-808B-9ED8D0EEE4F3}
2011-12-15 15:21:51 -------- d-----w- C:\Users\TJ\AppData\Local\{6C96DD9C-22DF-4E1C-A728-4E405BD043AA}
2011-12-15 15:21:24 -------- d-----w- C:\Users\TJ\AppData\Local\{F9BB2927-12A5-4BC8-B085-21E09EFFCC2B}
2011-12-15 04:25:36 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 04:24:58 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 04:24:53 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 04:24:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 04:24:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 04:24:35 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 23:29:41 -------- d-----w- C:\Users\TJ\AppData\Local\{016534B9-33BF-4F91-8AEF-A5839C772F99}
2011-12-14 11:29:03 -------- d-----w- C:\Users\TJ\AppData\Local\{A3D35763-7F24-47B8-B4CD-1329FF721E9E}
2011-12-13 23:28:27 -------- d-----w- C:\Users\TJ\AppData\Local\{7253DC94-C0E6-4C79-A863-220DA61753AD}
2011-12-13 11:27:52 -------- d-----w- C:\Users\TJ\AppData\Local\{410301D3-CDA8-4903-823A-D5653081C152}
2011-12-12 23:27:16 -------- d-----w- C:\Users\TJ\AppData\Local\{702654ED-3FDC-4832-B14B-C315BC54F146}
2011-12-12 11:26:38 -------- d-----w- C:\Users\TJ\AppData\Local\{757ADF74-181E-4D2B-978B-22E21E47D6BD}
2011-12-11 23:26:02 -------- d-----w- C:\Users\TJ\AppData\Local\{17575787-EB5E-4243-83DB-E810060039A0}
2011-12-11 11:25:37 -------- d-----w- C:\Users\TJ\AppData\Local\{538B63E0-7CEF-433F-849E-A58CBD81BFC2}
2011-12-10 23:25:13 -------- d-----w- C:\Users\TJ\AppData\Local\{541FB1E2-A581-4411-AA9E-EBE5B8132CB2}
2011-12-10 11:24:35 -------- d-----w- C:\Users\TJ\AppData\Local\{0ACC20F7-E63A-4DDB-8A8C-19B7E72EE6B9}
2011-12-10 11:24:13 -------- d-----w- C:\Users\TJ\AppData\Local\{242ED1BD-1D8E-4D94-88B3-26887CA44332}
2011-12-09 23:23:48 -------- d-----w- C:\Users\TJ\AppData\Local\{7178079D-6DB3-494E-9C76-FC9476F402E1}
2011-12-09 23:23:36 -------- d-----w- C:\Users\TJ\AppData\Local\{F6F9495B-6A5F-4833-B297-673134D97FB5}
2011-12-09 11:23:24 -------- d-----w- C:\Users\TJ\AppData\Local\{B6CD662B-CBE5-493A-B533-E4E80750E45F}
2011-12-09 11:22:22 -------- d-----w- C:\Users\TJ\AppData\Local\{6A4ED254-4F83-47CC-B733-446FD3DE21F5}
2011-12-08 23:22:10 -------- d-----w- C:\Users\TJ\AppData\Local\{7A6FC50F-7887-4AD2-9005-3641C42BC1E7}
2011-12-08 23:22:00 -------- d-----w- C:\Users\TJ\AppData\Local\{5C1C7B15-5C7B-4841-A421-148A8C7ECF78}
2011-12-08 11:21:48 -------- d-----w- C:\Users\TJ\AppData\Local\{7D440239-2261-4E4C-A47D-3ED687D73968}
2011-12-08 11:21:36 -------- d-----w- C:\Users\TJ\AppData\Local\{5B35A228-E695-4BA1-AA71-D23C19964E93}
2011-12-07 23:21:24 -------- d-----w- C:\Users\TJ\AppData\Local\{05BDC01E-402D-4DB7-90C4-80B243A5B1D3}
2011-12-07 23:21:12 -------- d-----w- C:\Users\TJ\AppData\Local\{31B75677-D84D-496D-BF6B-B3F376486B2B}
2011-12-07 11:21:01 -------- d-----w- C:\Users\TJ\AppData\Local\{E9F27FD6-4EE7-4AA0-8987-01EE60FE9F4D}
2011-12-07 11:20:49 -------- d-----w- C:\Users\TJ\AppData\Local\{07F3C1EB-A001-4E33-AA94-D6588D9B4C76}
2011-12-06 23:20:35 -------- d-----w- C:\Users\TJ\AppData\Local\{093C0E18-CC29-4D1B-893F-03F662D90689}
2011-12-06 23:20:24 -------- d-----w- C:\Users\TJ\AppData\Local\{83A37CC4-C40F-4E26-8AAA-C386DBD6DAF1}
2011-12-06 11:20:13 -------- d-----w- C:\Users\TJ\AppData\Local\{0CA36BFB-2D0D-4FAE-8B11-9AA649A37C37}
2011-12-06 11:20:02 -------- d-----w- C:\Users\TJ\AppData\Local\{88148990-386E-45DF-921F-FF33C57DD855}
2011-12-05 23:19:50 -------- d-----w- C:\Users\TJ\AppData\Local\{9D6793F7-A204-44CB-A28A-E4EDFE37786D}
2011-12-05 23:19:39 -------- d-----w- C:\Users\TJ\AppData\Local\{4612C1F0-DBE3-4D4D-9802-57884FD12930}
2011-12-05 11:19:25 -------- d-----w- C:\Users\TJ\AppData\Local\{4735C49F-A65E-43B6-BE40-ADEBD92F76B9}
2011-12-05 11:19:14 -------- d-----w- C:\Users\TJ\AppData\Local\{C1FAE820-338B-4BCC-8A9A-916813F8E542}
2011-12-04 23:19:51 -------- d-----w- C:\Users\TJ\AppData\Local\{839F693E-CF08-48B3-90D2-EEC98F348161}
2011-12-04 11:19:29 -------- d-----w- C:\Users\TJ\AppData\Local\{AED0D76F-063E-4C24-ADDC-438E3674B206}
2011-12-04 11:19:21 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-04 11:19:17 -------- d-----w- C:\Users\TJ\AppData\Local\{E17EE0F6-B2D0-4992-AC6E-5DFD2BB8F0F3}
2011-12-03 22:56:54 -------- d-----w- C:\Users\TJ\AppData\Local\{F533A164-45D8-42AA-921F-138C98136B27}
2011-12-03 22:56:42 -------- d-----w- C:\Users\TJ\AppData\Local\{7BAF0180-DA95-47CB-9B31-41D472938D53}
2011-12-03 10:56:16 -------- d-----w- C:\Users\TJ\AppData\Local\{C4501150-8AB1-435D-9DA6-8F2736666A82}
2011-12-03 10:56:05 -------- d-----w- C:\Users\TJ\AppData\Local\{29C956FA-0BE7-4840-8191-261CE5D1BB39}
2011-12-02 22:55:54 -------- d-----w- C:\Users\TJ\AppData\Local\{5818D0EB-C114-48A1-AD4A-3D9C839F9211}
2011-12-02 22:55:43 -------- d-----w- C:\Users\TJ\AppData\Local\{3E10A8D6-0260-4C05-8BA8-44E9DF7B461F}
2011-12-02 10:55:31 -------- d-----w- C:\Users\TJ\AppData\Local\{6BBEC21F-D121-42A4-B290-6C6389B223EA}
2011-12-02 10:55:21 -------- d-----w- C:\Users\TJ\AppData\Local\{54429319-4287-4EA3-9B23-385AAFE96ED5}
2011-12-01 22:55:09 -------- d-----w- C:\Users\TJ\AppData\Local\{174B175F-BB8C-4B88-9BEF-16A5D9C2FDDB}
2011-12-01 22:54:59 -------- d-----w- C:\Users\TJ\AppData\Local\{2CB35AFA-1967-4EA8-995A-23AC47C3ED7C}
2011-12-01 10:54:35 -------- d-----w- C:\Users\TJ\AppData\Local\{0E3504AD-00BC-4C5C-ACEA-AB62268DB009}
2011-12-01 10:54:24 -------- d-----w- C:\Users\TJ\AppData\Local\{5F965888-537C-4EBE-97C9-25DCE79E66DF}
2011-11-30 22:54:11 -------- d-----w- C:\Users\TJ\AppData\Local\{4DEF03CA-D021-4FFE-BC3D-71BE39408E82}
2011-11-30 22:53:59 -------- d-----w- C:\Users\TJ\AppData\Local\{C52BE603-AD60-4E38-B849-232C5608CD66}
.
==================== Find3M ====================
.
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 5:01:01.58 ===============

Attached File  Attach.txt   16.98KB   1 downloads



12/29/11 9:28 PM PST -- Crud! I am good and screwed right now! I can't even get online on my computer. I got MalwareBytes reinstalled and updated, and it took 4 things off -- when I rebooted my computer would not connect to the internet.

Right now I am following the instructions here but I don't know what that's going to get me. I know there's a rootkit that TDSS didn't remove on reboot. I ran RKill and it didn't name anything when it said the following malicious items (or whatever it says) were stopped/removed/whatever. I am in safe mode currently, running MalwareBytes. Thus far it says 4 objects have been detected; I am doing a full system scan.

So I don't know how valid the following logs are now, but I will leave them in case there is anything useful.

12/30/11 2:01 AM PST -- Okay. By all appearances the virus is removed. MalwareBytes found and removed 7 items:

rogue.fakehdd -- 1 in the registry, 2 were files
trojan.fakealert -- file
trojan.agent -- file
pum.hijackstartmenu -- 2 in the registry

My problem now is that start up is still slow, once I get to the password log in; takes a couple of minutes for the desktop to load. Also, I cannot go online for more than a couple of minutes. Once I open a browser, it's completely off-line. I can chat for a bit through MSN Messenger. It tells me that the default gateway isn't there/working, something like that.

Additionally, there is an icon on my desktop called System Check. I don't recall putting that there. Properties indicate it's in the C: drive program data, and it is "GtEQ8MmKUWLvLq.exe". That looks suspicious to me, but I could be wrong.

One last thing, even though my desktop items are restored, all of the program shortcuts say they are no longer valid and do I want to delete the shortcut.


Edited by CapriSun, 30 December 2011 - 08:09 AM.

I got nothin'

BC AdBot (Login to Remove)

 


#2 CapriSun

CapriSun
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 01 January 2012 - 06:16 AM

This is not a bump; I can't edit my original post--

1/1/12 -- Searching around for a way to get online (I'm tenacious!) I came across others having trouble with McAfee. I haven't been using it, but it was still on the machine (pre-loaded). So I uninstalled, and right away, as in immediately, my MSN Messenger came online :clapping: . Opened Firefox and bam, here I am!

I'd still like my logs looked at, to see if there is anything I need to attend to?

Thank you :)

Edited by CapriSun, 01 January 2012 - 06:17 AM.

I got nothin'

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 04 January 2012 - 05:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435231 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 09 January 2012 - 05:30 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 PM

Posted 11 January 2012 - 05:27 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:36 AM

Posted 11 January 2012 - 08:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run aswMBR, we're looking at a rootkit here

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 CapriSun

CapriSun
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 12 January 2012 - 11:49 AM

I'm here!
I got nothin'

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:36 AM

Posted 12 January 2012 - 05:37 PM

Great! Now run aswMBR as I showed two posts up :)
Posted Image
m0le is a proud member of UNITE

#9 CapriSun

CapriSun
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 12 January 2012 - 08:46 PM

My apologies, I did not see your request for that. Here's the log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 17:43:04
-----------------------------
17:43:04.536 OS Version: Windows x64 6.1.7601 Service Pack 1
17:43:04.536 Number of processors: 6 586 0xA00
17:43:04.537 ComputerName: TJ-PC UserName: TJ
17:43:08.186 Initialize success
17:43:20.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
17:43:20.616 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 11
17:43:20.628 Disk 0 MBR read successfully
17:43:20.633 Disk 0 MBR scan
17:43:20.638 Disk 0 Windows VISTA default MBR code
17:43:20.645 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:43:20.661 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
17:43:20.669 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941286 MB offset 25767936
17:43:20.672 Service scanning
17:43:24.687 Modules scanning
17:43:24.697 Disk 0 trace - called modules:
17:43:24.716 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
17:43:24.725 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062a7060]
17:43:24.733 3 CLASSPNP.SYS[fffff8800195243f] -> nt!IofCallDriver -> [0xfffffa80052e9b80]
17:43:24.738 5 amdxata.sys[fffff8800107a7a8] -> nt!IofCallDriver -> \Device\00000062[0xfffffa800601d8f0]
17:43:24.742 Scan finished successfully
17:43:41.265 Disk 0 MBR has been saved successfully to "C:\Users\TJ\Desktop\MBR.dat"
17:43:41.270 The log file has been saved successfully to "C:\Users\TJ\Desktop\aswMBR.txt"
I got nothin'

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:36 AM

Posted 12 January 2012 - 08:59 PM

Let's take a look at an OTL scan now. aswMBR was clean.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#11 CapriSun

CapriSun
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 13 January 2012 - 07:27 PM

OTL logfile created on: 1/13/2012 3:23:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TJ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 69.27% Memory free
12.00 Gb Paging File | 9.64 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 812.17 Gb Free Space | 88.35% Space Free | Partition Type: NTFS
Drive D: | 173.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TJ-PC | User Name: TJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\TJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\TJ\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe (Intel Corporation)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Users\TJ\AppData\Local\Temp\761a6463dc85da45c90f2056d7ee0dc7\StageUpdater.exe (Caphyon LTD)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\37f2a07f5c1341f788c5a56baa7cde59\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\PMC.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\plugin\libbizlplugin.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BayerHealthcareService) -- C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe (Bayer Healthcare LLC)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (AMDFusionSVC) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)


========== Driver Services (SafeList) ==========

DRV:64bit: - (DigiartyVirtualCDBus) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys (LotSoft, Inc.)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (HP1319FAX) -- C:\Windows\SysNative\drivers\HP1319FAX.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HP1319EWS) -- C:\Windows\SysNative\drivers\HP1319EWS.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.4.15711
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.8.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&a=6R7SjcTEBA&search="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TJ\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TJ\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/04 18:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/04 18:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.14\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/12/31 01:11:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.14\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2011/12/31 01:11:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{845D571F-4D6A-43EC-9A41-4C764DAAB009}: C:\Users\TJ\AppData\Local\{845D571F-4D6A-43EC-9A41-4C764DAAB009} [2011/12/31 01:10:32 | 000,000,000 | ---D | M]

[2011/03/12 17:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TJ\AppData\Roaming\Mozilla\Extensions
[2011/03/12 17:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TJ\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/03/10 15:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TJ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/01/11 04:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\extensions
[2011/12/31 01:10:29 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/12/31 01:10:29 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/12/31 01:10:29 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/12/31 01:10:30 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\extensions\DeviceDetection@logitech.com
[2011/12/31 01:10:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\extensions\engine@conduit.com
[2011/12/31 22:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TJ\AppData\Roaming\Mozilla\SeaMonkey\Profiles\viz1ua03.default\extensions
[2011/12/31 01:10:29 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\TJ\AppData\Roaming\Mozilla\SeaMonkey\Profiles\viz1ua03.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/06/11 21:57:11 | 000,002,183 | ---- | M] () -- C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\4prk1qzq.default\searchplugins\MyStart Search.xml
[2011/11/10 11:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/10 11:32:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
() (No name found) -- C:\USERS\TJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4PRK1QZQ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\TJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4PRK1QZQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4PRK1QZQ.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
() (No name found) -- C:\USERS\TJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4PRK1QZQ.DEFAULT\EXTENSIONS\CHECK4CHANGE-OWNER@MOZDEV.ORG.XPI
[2011/11/10 11:32:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/07 11:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/10/05 22:58:04 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2011/10/05 22:58:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 22:58:04 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2011/10/05 22:58:04 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/11/10 11:32:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/10/05 22:58:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/05 22:58:04 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TJ\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TJ\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TJ\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\SysWOW64\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\TJ\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50282C8C-2FAE-4E45-9762-E79B9A2B4688}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873BFBE6-894D-4B9F-8A6C-FFAFB8E0B771}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/13 13:48:02 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{2E68D470-84AC-43F1-BF92-E2DF9A4867BC}
[2012/01/13 03:23:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\TJ\Desktop\OTL.exe
[2012/01/13 01:47:28 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{DE25EBF3-6F67-4CAE-9FBF-65AE71041859}
[2012/01/12 17:42:07 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\TJ\Desktop\aswMBR.exe
[2012/01/12 13:46:52 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{E118E302-7595-4DA3-AB52-4FAB29071FFB}
[2012/01/12 01:46:16 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{3831F554-6D5C-49E7-8019-C6B6AE31E3ED}
[2012/01/11 13:45:39 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{6D09CF50-3D5E-46DA-B4FA-74DAF9437F58}
[2012/01/11 13:45:17 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{0267608D-9958-4B7A-9DE4-85F9D6211489}
[2012/01/11 01:44:51 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{4412BC2C-187D-417A-8896-92C4E761D307}
[2012/01/11 01:44:29 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{F70E29A9-3433-4287-91DF-CB61FAFE3931}
[2012/01/11 00:18:56 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 00:18:56 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 00:18:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 00:18:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 00:18:54 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/11 00:18:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/11 00:18:54 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/11 00:18:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/11 00:18:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/11 00:18:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 00:18:53 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 00:18:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 00:18:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 13:44:16 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{D582445E-F130-42D3-928E-1FEC4CCFD5D8}
[2012/01/10 13:43:54 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{CE9DAF36-313B-4F5B-A0EE-D41FFCEFFE12}
[2012/01/10 01:43:39 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{FA20C7BD-359E-432D-B493-2CD385371F0C}
[2012/01/10 01:43:17 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{1F7C4BA4-53B0-420A-99FE-9FBA2B2134FC}
[2012/01/09 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{1244EC3F-C75D-40F0-B8D1-B7B0DAE9FD81}
[2012/01/09 13:42:42 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{3FFFC79E-A472-4BCB-9D5D-527893E89433}
[2012/01/09 01:42:27 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{A35A0E5F-F91B-4DD2-BAC9-E78358B70FFD}
[2012/01/09 01:42:04 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{ED60D63C-BA4B-4835-B5A3-1F951C5E0FFC}
[2012/01/08 13:41:38 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{A417B2BD-33E6-4EF4-8134-3FE2DC4B1DB4}
[2012/01/08 01:41:03 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{7E80F505-25AB-4178-8A46-B3A6BA0C8912}
[2012/01/07 13:40:27 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{D95D1C41-9BFC-4B4E-9CF3-5926E6053D7F}
[2012/01/07 01:39:50 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{247D3CE9-305F-4943-8DD1-AAB758FF23F2}
[2012/01/06 13:39:13 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{D7BCE201-8504-4B2E-907D-02DA04FB6A87}
[2012/01/06 01:38:36 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{166EE92C-0FCA-4E99-8C64-41B0DAEAA110}
[2012/01/05 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{2CE62CFE-33E7-4D72-9BFD-630E0466078A}
[2012/01/05 01:37:26 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{6E439982-8B00-48F3-BC71-EF8BCB050287}
[2012/01/04 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/01/04 18:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/01/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{53BB945A-1E9B-469F-A7EB-EA87D69FF27F}
[2012/01/04 01:36:15 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{A5B9DCBC-2508-450D-B240-BFC1DA2608CB}
[2012/01/03 13:35:40 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{9C82F7EC-A4E3-435B-8F49-587F78104339}
[2012/01/03 01:35:04 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{97FCBAC6-E61D-4017-A21C-9629E15A5113}
[2012/01/02 13:34:29 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{4492021A-05A4-403F-91E2-0E4482FCEC09}
[2012/01/02 02:25:05 | 000,000,000 | ---D | C] -- C:\Users\TJ\Desktop\New folder
[2012/01/02 02:24:43 | 000,000,000 | ---D | C] -- C:\Users\TJ\quicken_backup
[2012/01/02 01:33:54 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{E3BC2A50-9CB6-4C74-A810-E2112D5DAF6E}
[2012/01/01 13:33:19 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{2A2D4707-7803-4321-A457-6CAE95FADB98}
[2012/01/01 01:32:41 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{5CC5F501-7634-4B30-8C06-06F7AF078F0D}
[2012/01/01 01:32:19 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{4DF562BA-85F3-4403-A4AD-82DB2A9AC450}
[2012/01/01 01:04:34 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{4FBCA577-99E0-41BA-B356-7B820349E734}
[2011/12/31 23:35:24 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{6613D64E-D3A9-44EF-9E14-DCE6AE66DF4D}
[2011/12/31 23:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
[2011/12/31 23:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/12/31 23:27:43 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2011/12/31 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{DF535990-CEE1-41E3-9C63-B04DD5E85653}
[2011/12/31 14:55:43 | 000,987,648 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2011/12/31 14:55:43 | 000,305,152 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/12/31 14:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2011/12/31 14:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011/12/31 01:34:28 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{624C0187-F019-4409-B9C8-796D63678873}
[2011/12/31 01:24:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/31 01:15:24 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{5624F17D-3D2A-49BC-942E-DBC64FDC7209}
[2011/12/31 00:27:09 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{D6A0B1B7-75C8-495E-A448-2586980C8060}
[2011/12/30 22:38:47 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{B26A34E2-46EA-427A-B046-F4E36E662ABC}
[2011/12/30 22:13:42 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{BA24EF3E-6D3D-4769-993F-C83F01772101}
[2011/12/30 21:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2011/12/30 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2011/12/30 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{D544E6A1-2647-432C-AE8C-8CAE0B5A3259}
[2011/12/30 18:47:21 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{38487E8B-509B-49A4-B3B1-07A07C7F97DB}
[2011/12/30 08:40:58 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{92AAB097-F4DB-49D7-A55B-D07872A9D7EE}
[2011/12/30 01:24:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/29 20:39:19 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{E3A587D8-3205-4609-BA54-80FA417A0996}
[2011/12/29 20:38:51 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{CA22D3C8-FF4F-466A-8C05-E4CAD0431D56}
[2011/12/29 19:59:42 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\Microsoft Games
[2011/12/29 18:17:07 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/29 18:10:18 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{99B606FB-C0FA-4D15-80C9-02A2488DDE72}
[2011/12/29 18:09:57 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/29 17:39:28 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{32FB95DD-B862-4C0B-BD68-D6FBD0C280AC}
[2011/12/29 14:52:34 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\Malwarebytes
[2011/12/29 14:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/29 14:16:32 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\WinZip
[2011/12/29 13:15:38 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{8AB147DE-0C2A-4A4A-9059-6D21D7FA3B37}
[2011/12/29 13:15:15 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{AC4B617A-8C74-4266-AFC1-630365E8BD12}
[2011/12/29 05:06:15 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/29 05:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/29 05:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/29 01:14:49 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{72B97819-22D9-48CF-955F-FFFB90413278}
[2011/12/29 01:14:26 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{EE01A052-2B3F-4774-A718-D74B0F1C71B8}
[2011/12/28 13:14:13 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{73E1267D-4DEC-47ED-A3F5-832CF3CB58C1}
[2011/12/28 13:13:50 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{A36B8DB8-7054-4BBD-913D-78B125668602}
[2011/12/28 01:13:37 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{3D301EC2-1D0F-498C-8A4A-40663DE23AFA}
[2011/12/28 01:13:14 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{421871FA-6A05-469E-A3B3-3B80C614A5F3}
[2011/12/27 13:12:59 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{90CA442D-3AB2-4DDA-8CD1-A7E6BC27A59B}
[2011/12/27 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{0C4B35D6-31F7-425A-9AF3-6ED9DC6803DD}
[2011/12/27 01:12:22 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{0DF17DF9-F672-41A5-A317-3D161A44EF73}
[2011/12/27 01:11:59 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{02A7852F-64AC-4607-AF8C-FE1B89774E9A}
[2011/12/26 13:11:46 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{C53BFCEB-A9BF-4BB8-B04E-F18D878E42D3}
[2011/12/26 13:11:33 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{A4DFFBAB-BD23-4C1E-82BE-0B5629906ED3}
[2011/12/26 01:25:18 | 000,275,648 | ---- | C] (LotSoft, Inc.) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys
[2011/12/26 01:25:17 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\BDlot
[2011/12/26 01:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LotSoft
[2011/12/26 01:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\LotSoft
[2011/12/26 00:31:22 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{692AE56F-E3B7-4BA9-B1BF-C25A79E63FDD}
[2011/12/26 00:31:00 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{216648EC-94BA-487D-A36B-6EFBBF85D2B6}
[2011/12/25 12:30:47 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{27461891-4CF3-47CA-A178-5978EA189F6D}
[2011/12/25 12:30:24 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{621EE08A-0965-49DE-B9A5-A62837D42C67}
[2011/12/25 00:30:11 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{99CE92A5-E941-4137-A726-3E396A4C00F8}
[2011/12/25 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{1D12579D-5BF8-4B02-A1D8-7DC894E41823}
[2011/12/24 12:29:35 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{1D9A91F2-4F68-4A87-A8CD-C4507B6E8132}
[2011/12/24 12:29:12 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{EE9EBD25-81C8-4A43-83BA-DDFF43933B00}
[2011/12/24 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{6B0AEE40-E92A-422D-A28E-088816B0195D}
[2011/12/24 00:28:47 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{F47E466E-02D1-4655-A1AC-F9642019624F}
[2011/12/23 12:28:34 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{BDAF53BA-1770-4A1F-9EAF-7B16C9FC0960}
[2011/12/23 12:28:23 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{A0ED4CA4-7579-45EA-9C96-324F64A9CB36}
[2011/12/23 00:27:11 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{94D422F5-D7EB-40AB-BCB8-81806A6FB2B8}
[2011/12/23 00:26:57 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{36E255B1-3113-4E6E-A26F-DB5F19504455}
[2011/12/22 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{9B840165-C3FC-4D31-B4EC-306A9815AA12}
[2011/12/22 12:08:30 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{315A1018-215B-461F-9056-67AD0E191604}
[2011/12/22 00:08:17 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{02AA1D4B-205E-43A8-AD81-E6731E892BE3}
[2011/12/22 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{25DF3B0E-7963-40D5-89CD-61E2BDE4CB13}
[2011/12/21 12:07:42 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{0B37985D-2B59-4052-9237-A4E29CD72718}
[2011/12/21 12:07:20 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{3AB7F5B8-0B42-433E-AC26-D869F6C22C30}
[2011/12/21 00:07:07 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{644A1A04-A2F9-4DAE-9828-91B57AB0606E}
[2011/12/21 00:06:44 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{89A50D4F-1F90-4018-9192-BEAACE6468DB}
[2011/12/20 12:06:31 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{FE89E7DF-663B-4A3F-B273-C04AD3E7B4FC}
[2011/12/20 12:06:20 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{998DFA5B-6338-4AB5-B5BD-A45855D2623A}
[2011/12/20 00:06:03 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{73B08221-4CDE-47A9-9FEC-91CA1D8251B0}
[2011/12/20 00:05:41 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{B8480168-F842-45A5-ADD1-8B68348544B4}
[2011/12/19 12:05:28 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{1AA32316-893F-4EE9-945D-D9A7BA140708}
[2011/12/19 12:05:05 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{3B89EFCF-EF1D-495D-A4ED-31E6EC4B65CA}
[2011/12/19 00:04:52 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{85E5FF79-C21A-4253-A403-F3159CA9D351}
[2011/12/18 12:04:14 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{D8A93D2E-3F78-4F53-A82C-44486649E8F7}
[2011/12/17 21:42:07 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{4A854221-211A-4870-B044-BEFEE4A7979D}
[2011/12/17 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{0740E1E0-5EF3-4A48-9C39-4ECDEBBFC4A2}
[2011/12/17 09:41:17 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{663B5A66-6132-4FEA-B679-6F913F64FBA9}
[2011/12/17 03:33:57 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/12/17 03:33:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/17 03:33:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/17 03:33:57 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/12/17 03:33:57 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/17 03:33:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/17 03:33:57 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/12/17 03:33:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/17 03:33:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/12/17 03:33:57 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/12/17 03:33:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/12/17 03:33:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/12/17 03:33:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/12/17 03:33:57 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/12/17 03:33:57 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/12/17 03:33:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/17 03:33:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/12/17 03:33:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/12/17 03:33:57 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/12/17 03:33:57 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/12/17 03:33:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/12/17 03:33:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/12/17 03:33:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/12/17 03:33:57 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/12/17 03:33:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/17 03:33:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/12/17 03:33:57 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/12/17 03:33:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/12/17 03:33:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/12/17 03:33:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/12/17 03:33:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/17 03:33:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/17 03:33:56 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/12/17 03:33:56 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/17 03:33:56 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/17 03:33:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/17 03:33:56 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/17 03:33:56 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/17 03:33:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/12/17 03:33:56 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/12/17 03:33:56 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/17 03:33:56 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/12/17 03:33:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/12/17 03:33:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/17 03:33:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/17 03:33:56 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/12/17 03:33:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/12/17 03:33:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/12/17 03:33:56 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/12/17 03:33:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/12/17 03:33:56 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/12/17 03:33:56 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/12/17 03:33:56 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/12/17 03:33:56 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/17 03:33:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/12/17 03:33:56 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/12/17 03:33:56 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/12/17 03:33:56 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/12/17 03:33:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/17 03:33:56 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/12/17 03:33:56 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/12/17 03:33:56 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/12/17 03:33:56 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/12/17 03:33:56 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/12/17 03:33:56 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/12/17 03:33:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/12/17 03:33:56 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/12/17 03:33:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/12/17 03:33:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/12/17 03:33:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/17 03:33:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/12/17 03:33:56 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{100D6182-2D1E-4BBE-8C82-A62A8302B7FB}
[2011/12/16 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{2C25846E-E5E6-420B-980E-FC1E9908EE46}
[2011/12/16 13:07:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/16 07:23:14 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{21F1EB0C-A6AA-4EEA-BB4D-C33FEC8CEE39}
[2011/12/16 07:22:51 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{F5C45895-E948-42F9-B1B8-BA89F349BD62}
[2011/12/15 19:22:38 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{72E1ECEE-6810-4DE0-87B8-FDD82C78C5BE}
[2011/12/15 19:22:16 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{DB266D5C-9DE5-43A9-808B-9ED8D0EEE4F3}
[2011/12/15 07:21:51 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{6C96DD9C-22DF-4E1C-A728-4E405BD043AA}
[2011/12/15 07:21:24 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{F9BB2927-12A5-4BC8-B085-21E09EFFCC2B}
[2011/12/14 20:25:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 20:24:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 20:24:52 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/14 15:29:41 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{016534B9-33BF-4F91-8AEF-A5839C772F99}
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/13 15:25:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/13 15:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4192308063-1336186542-82914930-1001UA.job
[2012/01/13 05:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/13 03:24:14 | 000,008,604 | ---- | M] () -- C:\Users\TJ\Documents\passwords.kdb
[2012/01/13 03:23:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\TJ\Desktop\OTL.exe
[2012/01/13 00:03:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4192308063-1336186542-82914930-1001Core.job
[2012/01/12 23:45:11 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/12 23:45:11 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 23:45:11 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 17:43:41 | 000,000,512 | ---- | M] () -- C:\Users\TJ\Desktop\MBR.dat
[2012/01/12 17:42:19 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\TJ\Desktop\aswMBR.exe
[2012/01/12 16:00:07 | 000,000,506 | -H-- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/11 03:28:35 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 03:28:35 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 03:21:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 03:21:00 | 536,317,951 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 22:49:30 | 001,026,100 | ---- | M] () -- C:\Users\TJ\Desktop\IMG-20120105-00149.jpg
[2012/01/04 21:59:41 | 002,869,739 | ---- | M] () -- C:\Users\TJ\Desktop\Fleetwood Mac- Over My Head The Dance.mp3
[2012/01/04 21:45:17 | 005,537,991 | ---- | M] () -- C:\Users\TJ\Desktop\Fleetwood Mac - Gold Dust Woman.mp3
[2012/01/04 16:28:12 | 000,001,568 | ---- | M] () -- C:\Users\TJ\Desktop\KeePass - Shortcut.lnk
[2012/01/02 21:57:08 | 000,659,456 | ---- | M] () -- C:\Users\TJ\Documents\fertility.tcf
[2012/01/01 23:23:09 | 000,001,363 | ---- | M] () -- C:\Users\TJ\Desktop\qw - Shortcut.lnk
[2012/01/01 03:33:30 | 000,013,424 | ---- | M] () -- C:\Users\TJ\Desktop\TAGCalculator - Shortcut.lnk
[2012/01/01 01:54:29 | 000,055,506 | ---- | M] () -- C:\Users\TJ\Documents\jan_1_2012_tcoyf.zip
[2012/01/01 01:47:16 | 000,001,368 | ---- | M] () -- C:\Users\TJ\Desktop\tcoyf - Shortcut.lnk
[2012/01/01 01:46:39 | 000,001,643 | ---- | M] () -- C:\Users\TJ\Desktop\msnmsgr - Shortcut.lnk
[2012/01/01 01:31:34 | 000,001,564 | ---- | M] () -- C:\Users\TJ\Desktop\IncMail - Shortcut.lnk
[2012/01/01 01:22:59 | 000,001,148 | ---- | M] () -- C:\Users\TJ\Desktop\Mozilla Firefox.lnk
[2011/12/31 22:07:09 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/12/31 01:28:58 | 448,569,940 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/30 21:15:42 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2011/12/29 21:12:13 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 21:03:41 | 000,000,040 | ---- | M] () -- C:\ProgramData\~GtEQ8MmKUWLvLq
[2011/12/29 18:17:07 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/29 18:09:58 | 000,000,679 | ---- | M] () -- C:\Users\TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/29 14:01:07 | 000,000,000 | ---- | M] () -- C:\Users\TJ\defogger_reenable
[2011/12/29 09:17:37 | 000,175,025 | ---- | M] () -- C:\Users\TJ\AppData\Local\census.cache
[2011/12/29 09:17:33 | 000,103,503 | ---- | M] () -- C:\Users\TJ\AppData\Local\ars.cache
[2011/12/29 09:10:23 | 000,000,036 | ---- | M] () -- C:\Users\TJ\AppData\Local\housecall.guid.cache
[2011/12/28 05:08:21 | 001,366,045 | ---- | M] () -- C:\Users\TJ\Documents\Decluttercalendar2012.pdf
[2011/12/26 02:08:15 | 001,004,551 | ---- | M] () -- C:\Users\TJ\Documents\2011.pdf
[2011/12/26 01:25:18 | 000,275,648 | ---- | M] (LotSoft, Inc.) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys
[2011/12/17 09:38:51 | 000,001,439 | ---- | M] () -- C:\Users\TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/17 09:34:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/17 03:33:57 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/12/17 03:33:57 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/17 03:33:57 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/17 03:33:57 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/12/17 03:33:57 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/17 03:33:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/17 03:33:57 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/12/17 03:33:57 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/17 03:33:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/12/17 03:33:57 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/12/17 03:33:57 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/12/17 03:33:57 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/12/17 03:33:57 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/12/17 03:33:57 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/12/17 03:33:57 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/12/17 03:33:57 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/17 03:33:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/12/17 03:33:57 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/12/17 03:33:57 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/12/17 03:33:57 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/12/17 03:33:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/12/17 03:33:57 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/12/17 03:33:57 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/12/17 03:33:57 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/12/17 03:33:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 03:33:57 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/17 03:33:57 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/12/17 03:33:57 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/12/17 03:33:57 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/12/17 03:33:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/12/17 03:33:57 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/12/17 03:33:57 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/17 03:33:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/17 03:33:56 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/12/17 03:33:56 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/17 03:33:56 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/17 03:33:56 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/17 03:33:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/17 03:33:56 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/17 03:33:56 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/12/17 03:33:56 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/12/17 03:33:56 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/17 03:33:56 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/12/17 03:33:56 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/12/17 03:33:56 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/17 03:33:56 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/17 03:33:56 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/12/17 03:33:56 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/12/17 03:33:56 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/12/17 03:33:56 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/12/17 03:33:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/12/17 03:33:56 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/12/17 03:33:56 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/12/17 03:33:56 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/12/17 03:33:56 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/17 03:33:56 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/12/17 03:33:56 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/12/17 03:33:56 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/12/17 03:33:56 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/12/17 03:33:56 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/17 03:33:56 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/12/17 03:33:56 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/12/17 03:33:56 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/12/17 03:33:56 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/12/17 03:33:56 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/12/17 03:33:56 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/12/17 03:33:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/17 03:33:56 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/12/17 03:33:56 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/12/17 03:33:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/12/17 03:33:56 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/12/17 03:33:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/17 03:33:56 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/12/17 03:33:56 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/16 19:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/15 15:49:37 | 004,345,835 | R--- | M] () -- C:\Users\TJ\Desktop\Skrillex - My Name Is Skrillex (1080p).mp3
[2011/12/15 03:23:23 | 000,362,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 17:43:41 | 000,000,512 | ---- | C] () -- C:\Users\TJ\Desktop\MBR.dat
[2012/01/05 22:51:25 | 001,026,100 | ---- | C] () -- C:\Users\TJ\Desktop\IMG-20120105-00149.jpg
[2012/01/04 21:59:34 | 002,869,739 | ---- | C] () -- C:\Users\TJ\Desktop\Fleetwood Mac- Over My Head The Dance.mp3
[2012/01/04 21:45:00 | 005,537,991 | ---- | C] () -- C:\Users\TJ\Desktop\Fleetwood Mac - Gold Dust Woman.mp3
[2012/01/04 16:28:12 | 000,001,568 | ---- | C] () -- C:\Users\TJ\Desktop\KeePass - Shortcut.lnk
[2012/01/01 23:23:09 | 000,001,363 | ---- | C] () -- C:\Users\TJ\Desktop\qw - Shortcut.lnk
[2012/01/01 03:33:30 | 000,013,424 | ---- | C] () -- C:\Users\TJ\Desktop\TAGCalculator - Shortcut.lnk
[2012/01/01 01:54:28 | 000,055,506 | ---- | C] () -- C:\Users\TJ\Documents\jan_1_2012_tcoyf.zip
[2012/01/01 01:47:24 | 000,659,456 | ---- | C] () -- C:\Users\TJ\Documents\fertility.tcf
[2012/01/01 01:47:16 | 000,001,368 | ---- | C] () -- C:\Users\TJ\Desktop\tcoyf - Shortcut.lnk
[2012/01/01 01:46:39 | 000,001,643 | ---- | C] () -- C:\Users\TJ\Desktop\msnmsgr - Shortcut.lnk
[2012/01/01 01:31:34 | 000,001,564 | ---- | C] () -- C:\Users\TJ\Desktop\IncMail - Shortcut.lnk
[2012/01/01 01:22:59 | 000,001,148 | ---- | C] () -- C:\Users\TJ\Desktop\Mozilla Firefox.lnk
[2011/12/31 14:55:43 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/31 14:55:43 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/12/31 01:24:08 | 448,569,940 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/30 21:15:42 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2011/12/29 21:12:13 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/29 20:38:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\~GtEQ8MmKUWLvLq
[2011/12/29 18:09:58 | 000,000,679 | ---- | C] () -- C:\Users\TJ\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/29 14:01:07 | 000,000,000 | ---- | C] () -- C:\Users\TJ\defogger_reenable
[2011/12/29 09:17:37 | 000,175,025 | ---- | C] () -- C:\Users\TJ\AppData\Local\census.cache
[2011/12/29 09:17:33 | 000,103,503 | ---- | C] () -- C:\Users\TJ\AppData\Local\ars.cache
[2011/12/29 09:10:23 | 000,000,036 | ---- | C] () -- C:\Users\TJ\AppData\Local\housecall.guid.cache
[2011/12/28 05:08:21 | 001,366,045 | ---- | C] () -- C:\Users\TJ\Documents\Decluttercalendar2012.pdf
[2011/12/26 02:08:15 | 001,004,551 | ---- | C] () -- C:\Users\TJ\Documents\2011.pdf
[2011/12/17 03:33:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/17 03:33:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/16 18:00:07 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/16 13:07:25 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/16 13:07:24 | 000,000,506 | -H-- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/15 15:49:24 | 004,345,835 | R--- | C] () -- C:\Users\TJ\Desktop\Skrillex - My Name Is Skrillex (1080p).mp3
[2011/06/20 12:28:08 | 000,003,584 | ---- | C] () -- C:\Users\TJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 13:07:11 | 000,010,010 | -HS- | C] () -- C:\Users\TJ\AppData\Local\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 13:07:11 | 000,010,010 | -HS- | C] () -- C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/13 17:54:58 | 000,008,698 | -HS- | C] () -- C:\Users\TJ\AppData\Local\aq06lfw1y077fsv3ebwjd5
[2011/05/13 17:54:58 | 000,008,698 | -HS- | C] () -- C:\ProgramData\aq06lfw1y077fsv3ebwjd5
[2011/05/09 17:27:33 | 000,000,120 | ---- | C] () -- C:\Users\TJ\AppData\Local\Sxinecotezivano.dat
[2011/05/09 17:27:33 | 000,000,000 | ---- | C] () -- C:\Users\TJ\AppData\Local\Mvida.bin
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/01 12:39:00 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/18 17:41:20 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/10 23:25:43 | 000,417,792 | ---- | C] () -- C:\Windows\ZSM1319.EXE
[2011/03/10 16:41:34 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/03/08 13:12:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/08 11:27:03 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/03/08 11:27:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/03/08 11:27:03 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/03/08 11:27:03 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/03/08 11:27:03 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/02/09 20:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/15 22:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/15 22:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2002/01/30 09:03:00 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[1999/12/06 14:37:12 | 000,068,096 | R--- | C] () -- C:\Windows\SysWow64\lfplt11n.dll

========== LOP Check ==========

[2011/12/29 17:29:40 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\.minecraft
[2011/12/31 01:10:31 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\BDlot
[2011/12/31 01:10:31 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\KeePass
[2011/12/29 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\OpenOffice.org
[2011/03/10 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Ovusoft
[2011/12/29 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\PCDr
[2011/08/04 09:15:34 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\PrimoPDF
[2011/03/21 16:49:00 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Rovio
[2011/12/29 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Sling Media
[2012/01/11 16:56:07 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\SoftGrid Client
[2011/12/31 01:10:28 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\SystemRequirementsLab
[2011/03/18 17:41:56 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\TP
[2011/10/12 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Windows Live Writer
[2011/12/16 19:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/17 09:34:39 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/13 21:08:49 | 000,021,938 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/12 16:00:07 | 000,000,506 | -H-- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 1/13/2012 3:23:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TJ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 69.27% Memory free
12.00 Gb Paging File | 9.64 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 812.17 Gb Free Space | 88.35% Space Free | Partition Type: NTFS
Drive D: | 173.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TJ-PC | User Name: TJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FC24644-F69F-E8B0-C5F0-BC2264548D2E}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java™ 6 Update 23 (64-bit)
"{3EA71966-4551-1758-775B-91769B69720A}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{914AE40F-FFFF-ED7C-A8A2-5A7DEBECC521}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}" = WinZip 16.0
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF2FB02F-3BC2-A799-31F1-25A34AD4BDA5}" = ATI Catalyst Install Manager
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"686C8894C4A74C54EDA40E74ED1AFDB17CF9C474" = Windows Driver Package - Hewlett-Packard Image (05/15/2008 11.5.0.116)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"BDlot DVD Clone Ultimate_is1" = BDlot DVD Clone Ultimate 3.1.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Support Center" = Dell Support Center
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E428946-8332-B93E-9C26-8ADFCEB8DDD8}" = CCC Help Spanish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{114EA307-D8C8-C17C-4908-4A6F01EFFE1A}" = CCC Help Thai
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B37E535-AEFD-A318-5424-BDCD373D7F1C}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AE5481-1D87-5BAA-A18E-176953166A1D}" = Skins
"{250F2B64-1729-4A6F-A3A4-17B478C03431}" = TurboTax 2010 woriper
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java™ 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD129C1-F00C-4F99-74DC-864008611F81}" = Catalyst Control Center InstallProxy
"{2D943F95-2C76-4951-9AEF-0977AF5DE11A}" = AMD Fusion Media Explorer
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3AEB8580-42C8-E795-F770-5149255C4632}" = CCC Help Greek
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E89148E-8827-DB7C-57E7-7C3555DDB752}" = CCC Help Dutch
"{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}" = Dell MusicStage
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8F48C5-6FAC-9744-55C9-38BF1F0C9425}" = CCC Help Russian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F77DCBA-7370-CBAF-EF25-6FEB29541C84}" = CCC Help Czech
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{514D3391-F031-78C7-8939-94023AC8AB74}" = CCC Help French
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A05DF12-909D-03A6-5983-C111BE26F2BF}" = CCC Help Portuguese
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695D218A-DEF0-503B-3183-EB992A395159}" = CCC Help Norwegian
"{6B99166F-4365-433C-ABD9-286B8C11458F}" = ACI Delivery Client
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E03F7-14EF-8144-B66F-FD4805C25079}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739D8AD6-6625-BD92-D58C-00C965058425}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78D56726-B120-D93F-A426-279C95001F08}" = CCC Help Finnish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7F1D5CE6-5E57-4C05-AF5A-EE96A44B3C46}" = Glucofacts
"{818FA1BB-A0A9-F553-D9C7-125C541F3A3A}" = CCC Help Italian
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888C03E4-58E6-046B-E380-F6CB1972C398}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9060F116-D570-7033-4B42-DB0E5119DDA0}" = CCC Help Swedish
"{924AED21-D45C-3486-FE09-7DD182B35AA0}" = Catalyst Control Center Graphics Previews Common
"{929B1DC7-1201-2305-0182-6CC7655AF596}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98307711-18AC-CBAB-5DD8-E5AA1BB63DC9}" = CCC Help English
"{99F8C520-B782-6C15-DBB7-91061BA752C5}" = CCC Help Polish
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F702F8-B4AD-3EF4-5B4D-C1BB0DF9DBB6}" = CCC Help Hungarian
"{A8443959-7C6F-3ED4-7BB5-DA0E0F85B9BA}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC30CF7C-2D62-4910-9147-3EC8EA5EB6D1}" = Angry Birds
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AD54E087-C6D2-3439-0993-3061CE6C10F1}" = Catalyst Control Center Graphics Previews Vista
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B3C9A765-F917-6C92-A32B-607751AF4C2B}" = CCC Help Turkish
"{B5BE51B3-137C-585A-0652-9DB124CF8366}" = Catalyst Control Center
"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9815885-6775-46D8-8B67-30214ECF83C3}" = Dell Stage
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D616F4D0-6668-5E48-B8DB-5C7382410E75}" = CCC Help German
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E747B6FB-0EED-4D06-26B0-E9D44678DFC2}" = CCC Help Chinese Standard
"{EB657075-33A1-4849-8DE5-A9103F1E7067}" = HotSPOT Client 2009
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF95137B-5D22-4DA5-ADB8-12038DD355B3}" = GLUCOFACTS® Deluxe
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FB6467CC-73B3-9ABE-7D9D-EA41EC4AEB92}" = CCC Help Danish
"{FC4464DB-66BB-44A7-6AF4-39857EBC393B}" = CCC Help Korean
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE951E3B-2001-C965-4D43-42CBBF914515}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Any Password_is1" = Any Password 1.44
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burger Shop_is1" = Burger Shop
"Cake Mania 3" = Cake Mania 3
"Cake Mania_is1" = Cake Mania
"conduitEngine" = Conduit Engine
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"Gadwin PrintScreen" = Gadwin PrintScreen
"GoToAssist" = GoToAssist 8.0.0.514
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Intel AppUp(SM) center 19079" = Intel AppUp(SM) center
"KeePass Password Safe_is1" = KeePass Password Safe 1.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"mIRC" = mIRC
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"pepakura_viewer3en" = Pepakura Viewer 3
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SeaMonkey (2.0.14)" = SeaMonkey (2.0.14)
"Steam App 12900" = Audiosurf
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 218" = Source SDK Base 2007
"Steam App 3483" = Peggle Extreme
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 63200" = Monday Night Combat
"Steam App 8190" = Just Cause 2
"Taking Charge of Your Fertility Software" = Taking Charge of Your Fertility Software
"TurboTax 2010" = TurboTax 2010
"UPCShell" = LeapFrog Connect
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Inquisit 3 Web Edition" = Inquisit 3 Web Edition
"Miners4k" = Miners4k

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 3:59:14 AM | Computer Name = TJ-PC | Source = RasClient | ID = 20227
Description =

Error - 12/30/2011 4:45:43 AM | Computer Name = TJ-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/30/2011 5:37:51 AM | Computer Name = TJ-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/30/2011 6:32:13 AM | Computer Name = TJ-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/30/2011 7:52:24 AM | Computer Name = TJ-PC | Source = RasClient | ID = 20227
Description =

Error - 12/30/2011 7:55:59 AM | Computer Name = TJ-PC | Source = RasClient | ID = 20227
Description =

Error - 12/30/2011 8:19:31 AM | Computer Name = TJ-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/30/2011 8:56:31 AM | Computer Name = TJ-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 12/30/2011 9:37:03 AM | Computer Name = TJ-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/30/2011 9:39:15 AM | Computer Name = TJ-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Dell Events ]
Error - 9/2/2011 8:03:32 AM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/2/2011 8:04:43 AM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/2/2011 8:04:43 AM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/2/2011 8:05:14 AM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/2/2011 8:05:14 AM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/13/2011 7:02:33 PM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/13/2011 7:02:33 PM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/20/2011 7:09:32 PM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/20/2011 7:09:32 PM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/4/2011 7:32:54 PM | Computer Name = TJ-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 1/9/2012 1:26:01 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 1/9/2012 1:28:06 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 1/10/2012 1:17:16 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 1/10/2012 1:17:16 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 1/11/2012 7:21:11 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147014847

Error - 1/11/2012 7:21:23 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%3

Error - 1/11/2012 7:21:29 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7031
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/11/2012 7:23:27 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 1/11/2012 8:34:33 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/11/2012 8:35:03 AM | Computer Name = TJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >
I got nothin'

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:36 AM

Posted 13 January 2012 - 09:02 PM

There are a number of files that need to be removed, there are also a couple of entries which I need to check to see if you were aware of their presence and if you want to keep them.

Let me know about the following:

Conduit
Ask

Posted Image
m0le is a proud member of UNITE

#13 CapriSun

CapriSun
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 13 January 2012 - 11:52 PM

I don't know what Conduit is; do I have anything that would use that? My kids occasionally game on this computer (as you can see). Is it related to Steam or anything of that nature?

I took Ask out, I thought. Guess not?

Edited by CapriSun, 13 January 2012 - 11:54 PM.

I got nothin'

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:36 AM

Posted 14 January 2012 - 05:45 PM

I think you may know Conduit's product, Incredimail, so I'm leaving that one in.

Please open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.4.15711
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2011/05/14 13:07:11 | 000,010,010 | -HS- | C] () -- C:\Users\TJ\AppData\Local\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 13:07:11 | 000,010,010 | -HS- | C] () -- C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/13 17:54:58 | 000,008,698 | -HS- | C] () -- C:\Users\TJ\AppData\Local\aq06lfw1y077fsv3ebwjd5
[2011/05/13 17:54:58 | 000,008,698 | -HS- | C] () -- C:\ProgramData\aq06lfw1y077fsv3ebwjd5
[2011/05/09 17:27:33 | 000,000,120 | ---- | C] () -- C:\Users\TJ\AppData\Local\Sxinecotezivano.dat
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next please run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#15 CapriSun

CapriSun
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 16 January 2012 - 01:01 AM

Just so you know, it may be a couple of days before I can get to this step, but I will be back. Just a lot of things happening next 2 days. Thank you :-)
I got nothin'




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users