Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.Pihar.B virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 GraysonF

GraysonF

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 12 January 2012 - 09:24 PM

I am running windows 7 on a Dell Inspiron Laptop. I received a notice from my McAfee Antivirus that they found a trojan and removed it. Next thing you know my comp restarts on its own. When it tried to restart, I get a message that says computer cannot start properly, running startup repair. The startup repair doesnt work nor does the system restore. When I restart the computer, it goes straight to startup repair and wont start in any of the safe modes.

After looking around the net a bit, i download a few rescue disks. I ran AVG, Avira and Kaspersky rescue disks. Kaspersky is the only one that found anything during the scan. It found rootkit.boot.pihar.b. It says that it quarantined it but I still cant boot up windows. It seems like my harddrive is fine from what I can see using the rescue disks file manager but I cant do anything with my files in that mode.

I have my windows 7 home premium installation disk from the manufacturer but I dont want to lose my work documents on this laptop. I also dont want to pay someone to get these documents off of here for me. Is there any way I can pull the files off of this computer when I cant get even get into safe mode?

Any help will be much appreciated.

Thanks, Grayson

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:04 AM

Posted 13 January 2012 - 10:02 AM

Hello Grayson,

Welcome to Bleeping Computer. I'm going to assist you to boot the computer and clean any remaining vulnerability.

Please refrain to so anything on your own unless we are done or you feel you don't need assistance any more.

I'll move this topic to the appropriate forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 13 January 2012 - 04:14 PM

Thanks for the help Farbar. Here is the log

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by SYSTEM at 2012-01-11 15:06:57
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1674896 2011-09-16] (McAfee, Inc.)
HKLM-x32\...\Run: [nTelos_CDU680] C:\Program Files (x86)\nTelos\nTelos_CDU680\BIN\RDVCHG.EXE [316664 2008-05-05] (C-motech Co.,Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\Grayson\...\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe [x]
HKU\Grayson\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-08-17] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

==================== Services (Whitelisted) ======

2 lxcc_device; C:\Windows\system32\lxcccoms.exe -service [566704 2007-03-26] ( )
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-03] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-03-17] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
2 pgsql-8.3; "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [112768 2007-06-08] (C-motech Co.,Ltd)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 mfeavfk01; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\System32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30
C:\Windows\System32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\BCM42RLY.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\cfwids.sys ED0263B2EB24F0F4E3898036FA1D28A1
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmusbser.sys D1DA6C343E31186065EFEB780D7201EE
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 76E02DB615A03801D698199A2BC4A06A
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\System32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys EF3ACFB7E3F82D5F7CDE9EF5F0A4E2E2
C:\Windows\System32\drivers\mfeavfk.sys E7A60BDB4365B561D896019B82FB7DD0
C:\Windows\System32\drivers\mfefirek.sys 670DFFE55E2F9AB99D9169C428BCECE9
C:\Windows\System32\drivers\mfehidk.sys 1892616B7F9291FD77C3FA0A5811FE9F
C:\Windows\System32\DRIVERS\mfenlfk.sys 1721261C77F6E7A9E0CB51B7D9F31B60
C:\Windows\System32\drivers\mferkdet.sys 65776BD8029E409935B90DE30BF99526
C:\Windows\System32\drivers\mfewfpk.sys 4F17D8B85B903D96EF7033BB6EF50516
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\DRIVERS\NuidFltr.sys 4C08A14D04E62963E96E0BB57BBC953B
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys B8D8EC78B0F9ED8E220506181274F3D3
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 5790BCA445CC40DF8B38C2C48608AAC2
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys ==> MD5 is legit
C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\System32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-11 15:06 - 2012-01-11 15:07 - 0000000 ____D C:\FRST
2012-01-11 02:14 - 2012-01-11 02:14 - 0010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2012-01-08 06:12 - 2012-01-08 05:50 - 0000000 ____D C:\Emergency

============ 3 Months Modified Files and Folders =============

2012-01-11 15:07 - 2012-01-11 15:06 - 0000000 ____D C:\FRST
2012-01-11 15:07 - 2010-05-25 20:47 - 0000000 ____D C:\users\postgres
2012-01-11 15:06 - 2009-12-18 15:01 - 0000000 ____D C:\users\Grayson
2012-01-11 02:14 - 2012-01-11 02:14 - 0010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2012-01-10 02:13 - 2010-01-17 12:52 - 0000000 ____D C:\Program Files (x86)\PokerStars
2012-01-10 02:11 - 2009-07-14 01:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\Offline Web Pages
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\addins
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-01-10 02:11 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 __RSD C:\Windows\Media
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ___RD C:\users\Public
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\TAPI
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\ras
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sppui
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\Setup
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ras
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\oobe
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ias
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\Dism
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\com
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\servicing
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Cursors
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-10 02:11 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\Services
2012-01-10 02:10 - 2009-07-14 01:45 - 0000000 ____D C:\Windows\ShellNew
2012-01-10 02:10 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-01-10 02:10 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-01-10 02:10 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-01-10 02:10 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\L2Schemas
2012-01-10 02:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\IME
2012-01-10 02:04 - 2009-10-31 01:53 - 0000000 ____D C:\Windows\SysWOW64\x64
2012-01-10 02:04 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-01-10 02:04 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-01-10 02:04 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-01-10 02:04 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-01-10 02:04 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-01-10 02:04 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-01-10 02:04 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-01-10 02:04 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-01-10 02:03 - 2011-11-16 07:01 - 0000000 ____D C:\Windows\System32\Macromed
2012-01-10 02:03 - 2011-07-24 13:45 - 0000000 ____D C:\Windows\System32\SPReview
2012-01-10 02:03 - 2011-07-24 13:44 - 0000000 ____D C:\Windows\System32\EventProviders
2012-01-10 02:03 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\System32\winrm
2012-01-10 02:03 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-01-10 02:03 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\System32\restore
2012-01-10 02:03 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-01-10 02:03 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-10 02:03 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\MUI
2012-01-10 02:03 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\IME
2012-01-10 02:02 - 2011-11-13 14:18 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\StreamTorrent
2012-01-10 02:02 - 2011-09-19 20:07 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\TomTom
2012-01-10 02:02 - 2011-04-30 10:36 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Skype
2012-01-10 02:02 - 2011-04-17 14:43 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Mikogo
2012-01-10 02:02 - 2011-03-07 07:31 - 0000000 ____D C:\Users\Grayson\Desktop\Jes Docs
2012-01-10 02:02 - 2010-12-09 17:08 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\PCDr
2012-01-10 02:02 - 2010-10-24 09:39 - 0000000 ____D C:\Windows\en
2012-01-10 02:02 - 2010-09-24 07:56 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Sun
2012-01-10 02:02 - 2010-06-17 19:11 - 0000000 ____D C:\Windows\Minidump
2012-01-10 02:02 - 2010-05-25 20:47 - 0000000 ____D C:\Users\postgres\AppData\Roaming\Macromedia
2012-01-10 02:02 - 2010-03-17 18:53 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\UB
2012-01-10 02:02 - 2010-02-01 10:08 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Xerox
2012-01-10 02:02 - 2010-01-29 09:31 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Research In Motion
2012-01-10 02:02 - 2010-01-28 09:27 - 0000000 ____D C:\Users\Grayson\Documents\BS_Vision_Apr08_Patch[1]
2012-01-10 02:02 - 2009-12-28 09:15 - 0000000 ____D C:\Users\Grayson\Desktop\Office
2012-01-10 02:02 - 2009-12-23 07:49 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Mozilla
2012-01-10 02:02 - 2009-12-22 19:11 - 0000000 ____D C:\Users\Grayson\Downloads\Update
2012-01-10 02:02 - 2009-12-22 19:10 - 0000000 ____D C:\Users\Grayson\Downloads\Libraries
2012-01-10 02:02 - 2009-12-22 07:04 - 0000000 ____D C:\Windows\CrawlSpaceVision
2012-01-10 02:02 - 2009-12-22 06:40 - 0000000 ____D C:\Windows\BasementVision2008
2012-01-10 02:02 - 2009-12-19 10:10 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Yahoo!
2012-01-10 02:02 - 2009-12-18 15:05 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Roxio
2012-01-10 02:02 - 2009-07-13 22:45 - 0000000 ____D C:\Windows\Setup
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Speech
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\security
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\schemas
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Resources
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\PLA
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Help
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Globalization
2012-01-10 02:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Branding
2012-01-10 02:01 - 2011-09-19 20:07 - 0000000 ____D C:\Users\Grayson\AppData\Local\TomTom
2012-01-10 02:01 - 2011-09-19 20:07 - 0000000 ____D C:\Program Files (x86)\TomTom International B.V
2012-01-10 02:01 - 2011-09-19 20:06 - 0000000 ____D C:\Program Files (x86)\TomTom HOME 2
2012-01-10 02:01 - 2011-07-25 07:09 - 0000000 ____D C:\Program Files (x86)\BasementVision Plus
2012-01-10 02:01 - 2011-06-01 13:00 - 0000000 ____D C:\Users\Grayson\AppData\Local\nTelos_CDU680
2012-01-10 02:01 - 2011-06-01 12:56 - 0000000 ____D C:\Program Files (x86)\nTelos
2012-01-10 02:01 - 2011-04-30 10:32 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-01-10 02:01 - 2011-04-30 10:32 - 0000000 ____D C:\Users\All Users\Skype
2012-01-10 02:01 - 2011-04-30 10:32 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2012-01-10 02:01 - 2011-04-30 10:32 - 0000000 ____D C:\ProgramData\Skype
2012-01-10 02:01 - 2011-04-24 14:23 - 0000000 ___AD C:\Program Files (x86)\PokerPlayerCafe
2012-01-10 02:01 - 2011-04-24 14:23 - 0000000 ____D C:\Program Files (x86)\Intertops Casino
2012-01-10 02:01 - 2011-03-23 11:59 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-01-10 02:01 - 2011-03-23 11:59 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2012-01-10 02:01 - 2011-03-23 11:59 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-01-10 02:01 - 2011-03-23 11:59 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-01-10 02:01 - 2011-03-20 18:28 - 0000000 ____D C:\Program Files (x86)\Bodog Casino
2012-01-10 02:01 - 2011-03-16 11:13 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-01-10 02:01 - 2011-03-16 11:12 - 0000000 ____D C:\Program Files\McAfee.com
2012-01-10 02:01 - 2011-03-16 11:12 - 0000000 ____D C:\Program Files\McAfee
2012-01-10 02:01 - 2011-03-16 11:12 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-01-10 02:01 - 2011-01-27 21:53 - 0000000 ____D C:\Program Files (x86)\HP
2012-01-10 02:01 - 2011-01-27 21:51 - 0000000 ____D C:\Users\Grayson\AppData\Local\HP
2012-01-10 02:01 - 2011-01-27 21:51 - 0000000 ____D C:\Program Files\HP
2012-01-10 02:01 - 2010-12-07 20:18 - 0000000 ___AD C:\Program Files (x86)\Jetbull Poker
2012-01-10 02:01 - 2010-12-07 14:57 - 0000000 ____D C:\Program Files (x86)\OddsMaker
2012-01-10 02:01 - 2010-12-06 12:48 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-01-10 02:01 - 2010-12-06 12:48 - 0000000 ___HD C:\Users\All Users\Application Data\CanonBJ
2012-01-10 02:01 - 2010-12-06 12:48 - 0000000 ___HD C:\ProgramData\CanonBJ
2012-01-10 02:01 - 2010-11-14 13:44 - 0000000 ___AD C:\Program Files (x86)\Intertops Poker
2012-01-10 02:01 - 2010-11-12 08:36 - 0000000 ____D C:\Users\All Users\HP
2012-01-10 02:01 - 2010-11-12 08:36 - 0000000 ____D C:\Users\All Users\Application Data\HP
2012-01-10 02:01 - 2010-11-12 08:36 - 0000000 ____D C:\ProgramData\HP
2012-01-10 02:01 - 2010-11-10 10:37 - 0000000 ____D C:\Program Files (x86)\FeltStars
2012-01-10 02:01 - 2010-11-07 20:49 - 0000000 ___AD C:\Program Files (x86)\Cake Poker 2.0
2012-01-10 02:01 - 2010-11-07 17:17 - 0000000 ____D C:\Program Files (x86)\Veetle
2012-01-10 02:01 - 2010-11-07 10:40 - 0000000 ____D C:\Users\Grayson\AppData\Local\CPN
2012-01-10 02:01 - 2010-11-07 08:30 - 0000000 ____D C:\Program Files (x86)\Bodog Poker
2012-01-10 02:01 - 2010-10-24 09:37 - 0000000 ____D C:\Program Files\Windows Live
2012-01-10 02:01 - 2010-10-21 14:18 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-01-10 02:01 - 2010-06-11 12:33 - 0000000 ____D C:\Program Files (x86)\GPLGS
2012-01-10 02:01 - 2010-06-11 12:32 - 0000000 ____D C:\Program Files (x86)\Acro Software
2012-01-10 02:01 - 2010-05-31 16:22 - 0000000 ____D C:\Program Files (x86)\Odds Maker
2012-01-10 02:01 - 2010-05-25 20:47 - 0000000 ____D C:\Program Files (x86)\PostgreSQL
2012-01-10 02:01 - 2010-05-25 20:42 - 0000000 ____D C:\Program Files (x86)\PokerTracker 3
2012-01-10 02:01 - 2010-05-07 08:09 - 0000000 ____D C:\Users\Default\Application Data\Macromedia
2012-01-10 02:01 - 2010-05-07 08:09 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-01-10 02:01 - 2010-05-07 08:09 - 0000000 ____D C:\Users\Default User\Application Data\Macromedia
2012-01-10 02:01 - 2010-05-07 08:09 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-01-10 02:01 - 2010-03-18 15:37 - 0000000 ___AD C:\Program Files (x86)\DoylesRoom
2012-01-10 02:01 - 2010-03-15 17:21 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-01-10 02:01 - 2010-03-15 17:16 - 0000000 ____D C:\Users\All Users\McAfee
2012-01-10 02:01 - 2010-03-15 17:16 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-01-10 02:01 - 2010-03-15 17:16 - 0000000 ____D C:\ProgramData\McAfee
2012-01-10 02:01 - 2010-03-12 08:31 - 0000000 ____D C:\Program Files (x86)\CrawlSpaceVision
2012-01-10 02:01 - 2010-02-22 15:36 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-01-10 02:01 - 2010-02-22 15:36 - 0000000 ____D C:\Users\All Users\Application Data\Hewlett-Packard
2012-01-10 02:01 - 2010-02-22 15:36 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-01-10 02:01 - 2010-02-18 20:14 - 0000000 ____D C:\Users\Grayson\AppData\Local\PowerDVD DX
2012-01-10 02:01 - 2010-02-18 20:14 - 0000000 ____D C:\Users\All Users\CyberLink
2012-01-10 02:01 - 2010-02-18 20:14 - 0000000 ____D C:\Users\All Users\Application Data\CyberLink
2012-01-10 02:01 - 2010-02-18 20:14 - 0000000 ____D C:\ProgramData\CyberLink
2012-01-10 02:01 - 2010-02-01 10:30 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-10 02:01 - 2010-01-30 20:58 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Absolute Poker
2012-01-10 02:01 - 2010-01-30 20:58 - 0000000 ____D C:\Poker Application
2012-01-10 02:01 - 2010-01-29 09:28 - 0000000 ____D C:\Program Files (x86)\Research In Motion
2012-01-10 02:01 - 2010-01-18 19:49 - 0000000 ____D C:\Program Files (x86)\CarbonPoker
2012-01-10 02:01 - 2010-01-18 17:19 - 0000000 ____D C:\Program Files (x86)\Full Tilt Poker
2012-01-10 02:01 - 2010-01-17 12:52 - 0000000 ____D C:\Users\Grayson\AppData\Local\PokerStars
2012-01-10 02:01 - 2010-01-02 18:07 - 0000000 ____D C:\Users\Grayson\AppData\Local\AOL
2012-01-10 02:01 - 2010-01-02 18:07 - 0000000 ____D C:\Program Files (x86)\AIM
2012-01-10 02:01 - 2010-01-02 17:36 - 0000000 ____D C:\Program Files\Lx_cats
2012-01-10 02:01 - 2010-01-02 15:53 - 0000000 ____D C:\Users\Grayson\AppData\Local\Dell Edoc Viewer
2012-01-10 02:01 - 2009-12-23 07:49 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-10 02:01 - 2009-12-22 23:32 - 0000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2012-01-10 02:01 - 2009-12-22 23:12 - 0000000 ____D C:\Users\All Users\GlobalSCAPE
2012-01-10 02:01 - 2009-12-22 23:12 - 0000000 ____D C:\Users\All Users\Application Data\GlobalSCAPE
2012-01-10 02:01 - 2009-12-22 23:12 - 0000000 ____D C:\ProgramData\GlobalSCAPE
2012-01-10 02:01 - 2009-12-22 06:40 - 0000000 ____D C:\Program Files (x86)\BasementVision2008
2012-01-10 02:01 - 2009-12-20 17:08 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Creative
2012-01-10 02:01 - 2009-12-20 13:38 - 0000000 ___AD C:\Program Files (x86)\PowerPoker
2012-01-10 02:01 - 2009-12-19 10:10 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-01-10 02:01 - 2009-12-19 10:10 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo!
2012-01-10 02:01 - 2009-12-19 10:10 - 0000000 ____D C:\ProgramData\Yahoo!
2012-01-10 02:01 - 2009-12-19 10:09 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-01-10 02:01 - 2009-12-18 15:14 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Macromedia
2012-01-10 02:01 - 2009-12-18 15:14 - 0000000 ____D C:\Users\Grayson\AppData\Roaming\Adobe
2012-01-10 02:01 - 2009-12-18 15:05 - 0000000 ____D C:\Users\Grayson\AppData\Local\Stardock_Corporation
2012-01-10 02:01 - 2009-12-18 15:04 - 0000000 ____D C:\Users\Grayson\AppData\Local\VirtualStore
2012-01-10 02:01 - 2009-12-18 15:01 - 0000000 ____D C:\Users\Grayson\AppData\LocalLow
2012-01-10 02:01 - 2009-10-31 02:42 - 0000000 ____D C:\Program Files\DellTPad
2012-01-10 02:01 - 2009-10-31 00:10 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-01-10 02:01 - 2009-10-31 00:08 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-10 02:01 - 2009-10-31 00:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-01-10 02:01 - 2009-10-31 00:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-10 02:01 - 2009-10-31 00:03 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-01-10 02:01 - 2009-10-31 00:02 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-01-10 02:01 - 2009-10-31 00:02 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-10 02:01 - 2009-10-31 00:02 - 0000000 ____D C:\ProgramData\Adobe
2012-01-10 02:01 - 2009-10-31 00:01 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-10 02:01 - 2009-10-30 23:59 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-10 02:01 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-10 02:01 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-01-10 02:00 - 2011-10-13 18:11 - 0000000 ____D C:\FoundationView
2012-01-10 02:00 - 2011-03-09 16:25 - 0000000 ____D C:\0d79656fd38fac48db30e05ad81d
2012-01-10 02:00 - 2011-02-10 16:40 - 0000000 ____D C:\fb2fb3d44cf79170b1fbb076
2012-01-10 02:00 - 2009-12-22 23:30 - 0000000 __RHD C:\MSOCache
2012-01-10 02:00 - 2009-12-22 07:33 - 0000000 ____D C:\____CSVision Data_OLD
2012-01-10 02:00 - 2009-12-20 12:41 - 0000000 ____D C:\Motorola_HomeNet
2012-01-10 02:00 - 2009-10-31 02:25 - 0000000 ____D C:\dell
2012-01-10 02:00 - 2009-10-31 00:05 - 0000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-01-10 02:00 - 2009-07-14 01:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-01-10 02:00 - 2009-07-13 23:08 - 0000000 ____D C:\users\Administrator
2012-01-10 02:00 - 2009-07-13 21:18 - 0000000 __SHD C:\$Recycle.Bin
2012-01-10 01:57 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\registration
2012-01-10 01:26 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Web
2012-01-10 01:26 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Vss
2012-01-10 01:25 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-01-10 01:25 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-01-10 01:24 - 2009-10-31 01:53 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-01-10 01:24 - 2009-10-30 23:59 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-01-10 01:24 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-01-10 01:21 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-01-10 01:20 - 2009-10-31 01:53 - 0000000 ____D C:\Windows\System32\SRSLabs
2012-01-10 01:20 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\System32\WCN
2012-01-10 01:19 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\spp
2012-01-10 01:19 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\spool
2012-01-10 01:18 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-01-10 01:18 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\Speech
2012-01-10 01:18 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\SMI
2012-01-10 01:04 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\Performance
2012-01-10 01:04 - 2009-07-13 22:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-01-10 00:52 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\AppCompat
2012-01-10 00:49 - 2009-10-31 00:15 - 0000000 ____D C:\Users\All Users\Uninstall
2012-01-10 00:49 - 2009-10-31 00:15 - 0000000 ____D C:\Users\All Users\Application Data\Uninstall
2012-01-10 00:49 - 2009-10-31 00:15 - 0000000 ____D C:\ProgramData\Uninstall
2012-01-10 00:49 - 2009-07-13 21:20 - 0000000 __RHD C:\users\Default
2012-01-10 00:47 - 2009-10-31 00:15 - 0000000 ____D C:\Users\All Users\Macrovision
2012-01-10 00:47 - 2009-10-31 00:15 - 0000000 ____D C:\Users\All Users\Application Data\Macrovision
2012-01-10 00:47 - 2009-10-31 00:15 - 0000000 ____D C:\ProgramData\Macrovision
2012-01-10 00:47 - 2009-10-31 00:01 - 0000000 ____D C:\Users\All Users\Dell
2012-01-10 00:47 - 2009-10-31 00:01 - 0000000 ____D C:\Users\All Users\Application Data\Dell
2012-01-10 00:47 - 2009-10-31 00:01 - 0000000 ____D C:\ProgramData\Dell
2012-01-10 00:47 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-01-10 00:47 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\MSBuild
2012-01-10 00:47 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-01-10 00:47 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Windows NT
2012-01-10 00:46 - 2009-10-31 01:53 - 0000000 ____D C:\Program Files\IDT
2012-01-10 00:46 - 2009-10-31 00:00 - 0000000 ____D C:\Program Files\Java
2012-01-10 00:45 - 2009-10-31 00:00 - 0000000 ____D C:\Program Files\Dell
2012-01-10 00:45 - 2009-10-30 23:59 - 0000000 ____D C:\Program Files\Dell Inc
2012-01-10 00:45 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-01-10 00:44 - 2009-10-31 00:15 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-01-10 00:44 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-01-10 00:43 - 2009-10-31 00:09 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-01-10 00:43 - 2009-07-13 23:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-01-10 00:42 - 2009-10-31 00:11 - 0000000 ____D C:\Program Files (x86)\Dell Webcam
2012-01-10 00:42 - 2009-10-31 00:03 - 0000000 ____D C:\Program Files (x86)\Dell
2012-01-10 00:42 - 2009-10-31 00:01 - 0000000 ____D C:\Program Files (x86)\Intel
2012-01-10 00:41 - 2009-10-31 00:11 - 0000000 ____D C:\Program Files (x86)\Creative
2012-01-10 00:41 - 2009-10-31 00:10 - 0000000 ____D C:\Program Files (x86)\Creative Live! Cam
2012-01-10 00:41 - 2009-10-31 00:06 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-01-10 00:40 - 2009-10-31 00:03 - 0000000 ____D C:\Program Files (x86)\Citrix
2012-01-10 00:40 - 2009-10-31 00:01 - 0000000 ____D C:\Program Files (x86)\Cisco
2012-01-08 05:50 - 2012-01-08 06:12 - 0000000 ____D C:\Emergency
2011-11-20 19:21 - 2009-07-13 23:10 - 1348730 ____A C:\Windows\WindowsUpdate.log
2011-11-20 19:02 - 2011-03-16 11:14 - 0001830 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2011-11-20 19:02 - 2011-03-16 11:14 - 0001830 ____A C:\Users\All Users\Desktop\McAfee Total Protection.lnk
2011-11-19 20:00 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-19 20:00 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-19 19:57 - 2009-07-13 23:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-19 19:53 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-19 19:53 - 2009-07-13 22:51 - 0139569 ____A C:\Windows\setupact.log
2011-11-16 07:01 - 2011-05-14 17:10 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-14 13:32 - 2009-10-31 01:51 - 0302504 ____A C:\Windows\PFRO.log
2011-11-09 07:01 - 2009-07-13 22:45 - 0383296 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-08 20:41 - 2009-07-13 20:34 - 0000499 ____A C:\Windows\win.ini
2011-11-08 20:38 - 2009-12-22 21:39 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-25 14:06 - 2009-07-13 23:08 - 0032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-18 13:32 - 2011-03-16 11:13 - 0161168 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2011-10-15 12:16 - 2011-03-16 11:13 - 0647080 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0481768 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0284648 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0160280 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0075808 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2011-10-15 12:16 - 2011-03-16 11:13 - 0010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4056.36 MB
Available physical RAM: 3463.63 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3466.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:206.87 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.44 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT32 Removable 3741 MB Healthy

==========================================================

Last Boot: 2009-10-31 01:51

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:04 AM

Posted 13 January 2012 - 04:47 PM

We need another log.

Please download and save it to your flash drive.
Boot to System Recovery Options and run FRST.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#5 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 13 January 2012 - 05:25 PM

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.2)
Ran by SYSTEM at 2012-01-11 16:23:06 R:1
Running from G:\

==============================================


========= bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=D:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {547f6f77-c5f8-11de-84fa-9f0de5f4faa5}
resumeobject {547f6f76-c5f8-11de-84fa-9f0de5f4faa5}
displayorder {547f6f77-c5f8-11de-84fa-9f0de5f4faa5}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {547f6f77-c5f8-11de-84fa-9f0de5f4faa5}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {547f6f78-c5f8-11de-84fa-9f0de5f4faa5}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {547f6f76-c5f8-11de-84fa-9f0de5f4faa5}
nx OptIn
bootstatuspolicy IgnoreShutdownFailures

Windows Boot Loader
-------------------
identifier {547f6f78-c5f8-11de-84fa-9f0de5f4faa5}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{547f6f79-c5f8-11de-84fa-9f0de5f4faa5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{547f6f79-c5f8-11de-84fa-9f0de5f4faa5}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {547f6f76-c5f8-11de-84fa-9f0de5f4faa5}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=D:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
custom:26000022 Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {547f6f79-c5f8-11de-84fa-9f0de5f4faa5}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:04 AM

Posted 13 January 2012 - 06:35 PM

Good. :thumbup2:

Please download
Save it to your flash drive.
Boot to System Recovery Options and run FRST.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart and let it boot normally and tell me how it went.

#7 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 13 January 2012 - 07:06 PM

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.2)
Ran by SYSTEM at 2012-01-11 17:47:32 R:2
Running from G:\

==============================================


========= bcdedit /deletevalue {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} custom:26000022 =========

The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog ====

I rebooted normally and it went to my actual log-on page. I clicked the button to log on and it went to my desktop as usual. It looks like none of My Documents (pictures,docs,music,etc) are gone. I have a system restore note that comes up and says that my system restore was not properly finished and is asking me to choose a new restore point

#8 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 13 January 2012 - 07:42 PM

It takes about 5 minutes for the boot to happen. It sits at a black screen for a while.

#9 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 13 January 2012 - 07:50 PM

I tried to restore to 12/27/11, my last good restore and i get an error that says Access is denied. (0x80070005) then an error that says unexpected error: catastrophic failure (0x8000FFFF)

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:04 AM

Posted 14 January 2012 - 05:11 AM

My instruction was:

Also restart and let it boot normally and tell me how it went.

From my first post:

Please refrain to do anything on your own unless we are done or you feel you don't need assistance any more.


You look that you have decided to do the rest by yourself. Do you have any question before I close the topic?

#11 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 14 January 2012 - 12:06 PM

My instruction was:

Also restart and let it boot normally and tell me how it went.

From my first post:

Please refrain to do anything on your own unless we are done or you feel you don't need assistance any more.


You look that you have decided to do the rest by yourself. Do you have any question before I close the topic?


Youre the man, I still want your help. It is much appreciated!

What step would you like me to do next?

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:04 AM

Posted 14 January 2012 - 06:18 PM

Why would you want to restore the system that is now booting? Please leave the system as it is. We can fix anything as long as the system is booting.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#13 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 14 January 2012 - 07:09 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Grayson :: GRAYSON-PC [administrator]

Protection: Enabled

1/14/2012 5:50:55 PM
mbam-log-2012-01-14 (17-50-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209774
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Grayson\AppData\Local\Temp\gEcjP.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Users\Grayson\Downloads\Intertops_EN_install.exe (PUP.Casino) -> Quarantined and deleted successfully.

(end)

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:04 AM

Posted 14 January 2012 - 07:18 PM

Let's take a look at the vulnerabilities.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.
.

#15 GraysonF

GraysonF
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 14 January 2012 - 07:56 PM

OTL logfile created on: 1/14/2012 6:47:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Grayson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.24% Memory free
7.92 Gb Paging File | 6.35 Gb Available in Paging File | 80.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 203.22 Gb Free Space | 71.71% Space Free | Partition Type: NTFS

Computer Name: GRAYSON-PC | User Name: Grayson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 18:43:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Grayson\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/08/19 18:20:48 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/08/17 09:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/05 21:53:48 | 000,316,664 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files (x86)\nTelos\nTelos_CDU680\Bin\RDVCHG.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/16 08:01:05 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/08/19 18:20:48 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2009/08/17 09:30:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2009/08/17 09:30:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2009/08/17 09:30:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2009/08/17 09:29:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/08/17 09:29:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2009/08/17 09:29:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2009/08/17 09:29:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2009/08/17 09:29:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
MOD - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/03/26 07:49:58 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\SysWOW64\mfevtps.exe -- (mfevtp)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 08:25:04 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SysWOW64\sppsvc.exe -- (sppsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 00:32:51 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS\SysWOW64\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/10/31 01:03:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/17 09:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/26 07:49:58 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 15:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 16:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 06:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/06/08 13:32:26 | 000,112,768 | ---- | M] (C-motech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cmusbser.sys -- (cmusbser)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SysWOW64\wbem\ntfs.mof -- (Ntfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823902079-2860734171-2499278660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-823902079-2860734171-2499278660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jesvab.com/JES_Desk.html
IE - HKU\S-1-5-21-823902079-2860734171-2499278660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://jes.teambizwiz.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/01/10 03:01:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/13 22:15:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/13 22:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/10 03:01:22 | 000,000,000 | ---D | M]

[2012/01/13 22:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grayson\AppData\Roaming\Mozilla\Extensions
[2012/01/13 22:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/13 22:15:14 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111114132638.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114132638.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-823902079-2860734171-2499278660-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nTelos_CDU680] C:\Program Files (x86)\nTelos\nTelos_CDU680\Bin\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-823902079-2860734171-2499278660-1000..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKU\S-1-5-21-823902079-2860734171-2499278660-1000..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\WINDOWS\SysWOW64\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\WINDOWS\SysWOW64\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AC16A6F-D8FF-460F-82EC-774CDB4525B9}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2341A9DC-8158-4606-9589-18E24942B9A3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEFE3182-EFF0-4B3E-93B5-F1ECFD7C23BF}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{33b9838d-d4f3-11e0-aa86-0025646b7c21}\Shell - "" = AutoRun
O33 - MountPoints2\{33b9838d-d4f3-11e0-aa86-0025646b7c21}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{41aed18f-fed3-11de-8bfb-0025646b7c21}\Shell - "" = AutoRun
O33 - MountPoints2\{41aed18f-fed3-11de-8bfb-0025646b7c21}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b130e68e-fb05-11df-9079-0025646b7c21}\Shell - "" = AutoRun
O33 - MountPoints2\{b130e68e-fb05-11df-9079-0025646b7c21}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{c19841a8-e9ee-11e0-8827-0025646b7c21}\Shell - "" = AutoRun
O33 - MountPoints2\{c19841a8-e9ee-11e0-8827-0025646b7c21}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 18:43:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Grayson\Desktop\OTL.exe
[2012/01/14 17:49:37 | 000,000,000 | ---D | C] -- C:\Users\Grayson\AppData\Roaming\Malwarebytes
[2012/01/14 17:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/14 17:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/01/14 17:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/14 17:49:26 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/14 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/13 22:22:13 | 000,000,000 | ---D | C] -- C:\Users\Grayson\AppData\Roaming\AVG2012
[2012/01/13 22:15:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/01/13 22:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/13 22:15:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/01/13 22:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/01/13 22:15:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/01/13 22:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/01/13 22:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/13 21:02:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\winevt
[2012/01/13 21:02:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\wfp
[2012/01/13 21:02:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\oem
[2012/01/13 21:02:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ias
[2012/01/13 21:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SPReview
[2012/01/13 21:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SMI
[2012/01/13 21:02:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Microsoft
[2012/01/13 21:02:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\CodeIntegrity
[2012/01/13 21:02:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Boot
[2012/01/13 19:54:20 | 000,000,000 | ---D | C] -- C:\Users\Grayson\My Backup Files
[2012/01/11 18:52:46 | 000,000,000 | ---D | C] -- C:\Users\Grayson\AppData\Local\Mozilla
[2012/01/11 18:52:06 | 000,000,000 | ---D | C] -- C:\Users\Grayson\AppData\Local\Adobe
[2012/01/11 18:36:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Microsoft IntelliPoint
[2012/01/11 18:10:28 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 18:10:27 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 18:10:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 18:10:27 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 18:10:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/01/11 18:10:25 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/11 18:10:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/11 18:10:08 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/11 18:10:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/11 18:10:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/11 18:10:07 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/11 18:10:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/11 18:10:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/11 18:10:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/11 18:10:02 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/01/11 18:10:02 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/01/11 18:09:48 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 18:09:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 18:09:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/11 18:02:37 | 000,000,000 | ---D | C] -- C:\Users\Grayson\AppData\Roaming\GlobalSCAPE
[2012/01/11 18:00:36 | 000,000,000 | ---D | C] -- C:\Users\Grayson\AppData\Local\SoftThinks
[2012/01/11 16:06:19 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/08 07:12:10 | 000,000,000 | ---D | C] -- C:\Emergency
[2007/03/26 02:50:00 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccih.exe
[2007/03/26 02:49:58 | 000,566,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccoms.exe
[2007/03/26 02:49:54 | 000,236,464 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccfg.exe

========== Files - Modified Within 30 Days ==========

[2012/01/14 18:43:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Grayson\Desktop\OTL.exe
[2012/01/14 18:18:29 | 086,752,687 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/01/14 18:08:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 18:08:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 18:03:45 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/14 18:03:45 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/14 18:03:45 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/14 17:58:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/14 17:58:10 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 17:49:28 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 22:25:06 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 22:15:15 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/13 22:15:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/01/13 22:15:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/13 21:02:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_point64_01009.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/01/13 19:59:58 | 000,624,254 | ---- | M] () -- C:\Windows\SysWow64\perfh009.dat
[2012/01/13 19:59:58 | 000,106,598 | ---- | M] () -- C:\Windows\SysWow64\perfc009.dat
[2012/01/13 19:58:57 | 000,371,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/11 18:50:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysWow64\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 18:50:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysWow64\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 18:23:21 | 000,371,520 | ---- | M] () -- C:\Windows\SysWow64\FNTCACHE.DAT
[2012/01/11 18:01:32 | 000,000,478 | ---- | M] () -- C:\Users\Public\Desktop\Emergency Backup.lnk

========== Files Created - No Company Name ==========

[2012/01/14 18:18:29 | 086,752,687 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/01/14 17:49:28 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 22:25:06 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 22:15:15 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/13 22:15:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/01/13 22:15:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/13 21:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_point64_01009.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/01/13 21:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/01/11 18:01:32 | 000,000,478 | ---- | C] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2012/01/11 17:55:30 | 3190,050,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/10 20:45:04 | 000,003,584 | ---- | C] () -- C:\Users\Grayson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 10:31:44 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/12/23 00:33:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/31 03:36:47 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/10/31 03:36:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/10/31 03:36:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/10/31 03:36:45 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/10/31 01:12:33 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/09/03 09:19:00 | 000,136,432 | ---- | C] () -- C:\Windows\Druni.exe
[2009/09/03 09:19:00 | 000,051,952 | ---- | C] () -- C:\Windows\devcon.exe
[2009/09/03 09:19:00 | 000,025,840 | ---- | C] () -- C:\Windows\SFA.exe
[2009/09/03 09:12:00 | 000,002,418 | ---- | C] () -- C:\Windows\DRUnins.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:45:34 | 000,371,520 | ---- | C] () -- C:\Windows\SysWow64\FNTCACHE.DAT
[2009/07/13 21:36:59 | 000,624,254 | ---- | C] () -- C:\Windows\SysWow64\perfh009.dat
[2009/07/13 21:36:59 | 000,291,294 | ---- | C] () -- C:\Windows\SysWow64\perfi009.dat
[2009/07/13 21:36:59 | 000,106,598 | ---- | C] () -- C:\Windows\SysWow64\perfc009.dat
[2009/07/13 21:36:59 | 000,031,548 | ---- | C] () -- C:\Windows\SysWow64\perfd009.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PowerPoker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PokerPlayerCafe:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Jetbull Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Intertops Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\DoylesRoom:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >

OTL Extras logfile created on: 1/14/2012 6:47:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Grayson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 67.24% Memory free
7.92 Gb Paging File | 6.35 Gb Available in Paging File | 80.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 203.22 Gb Free Space | 71.71% Space Free | Partition Type: NTFS

Computer Name: GRAYSON-PC | User Name: Grayson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-823902079-2860734171-2499278660-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}" = HP Officejet 6500 E710n-z Basic Device Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E6FDBFA-7BF9-4C6D-9FAA-5ACF27710361}" = CDU680DORA USB Modem
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java™ 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"BasementVision20084.0" = BasementVision2008
"BasementVision20085.0" = BasementVision2008
"BasementVision20088.1" = BasementVision2008
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Bodog Poker_is1" = Bodog Poker
"Cake Poker 2.0" = Cake Poker 2.0
"CrawlSpaceVision2006" = CrawlSpaceVision
"CrawlSpaceVision6.5" = CrawlSpaceVision
"CuteFTP" = CuteFTP
"Dell Webcam Central" = Dell Webcam Central
"DellMFP1125" = Dell MFP 1125
"FoundationView_is1" = FoundationView
"GoToAssist" = GoToAssist 8.0.0.514
"Intertops Poker(uninstall)" = Intertops Poker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mikogo" = Mikogo
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PokerPlayerCafe(uninstall)" = Poker Player Cafe
"PokerTracker3" = PokerTracker 3 (remove only)
"PowerPoker(uninstall)" = PowerPoker
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Veetle TV" = Veetle TV 0.9.18
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823902079-2860734171-2499278660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CarbonPoker" = CarbonPoker
"FeltStars" = FeltStars
"Odds Maker" = Odds Maker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2012 7:00:30 PM | Computer Name = Grayson-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7

Error - 1/11/2012 7:00:48 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 1/11/2012 7:00:48 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1/11/2012 7:00:49 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1/11/2012 7:00:49 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/11/2012 7:00:49 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 1/11/2012 7:00:49 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 1/11/2012 7:00:50 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 1/11/2012 7:00:50 PM | Computer Name = Grayson-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 1/11/2012 7:01:37 PM | Computer Name = Grayson-PC | Source = System Restore | ID = 8204
Description =

[ System Events ]
Error - 1/11/2012 7:23:43 PM | Computer Name = Grayson-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{1AC16A6F-D8FF-460F-82EC-774CDB4525B9}
because another computer on the network has the same name. The server could not
start.

Error - 1/11/2012 7:23:43 PM | Computer Name = Grayson-PC | Source = NetBT | ID = 4321
Description = The name "GRAYSON-PC :20" could not be registered on the interface
with IP address 192.168.2.13. The computer with the IP address 192.168.2.5 did not
allow the name to be claimed by this computer.

Error - 1/11/2012 7:24:36 PM | Computer Name = Grayson-PC | Source = DCOM | ID = 10016
Description =

Error - 1/11/2012 7:24:41 PM | Computer Name = Grayson-PC | Source = Service Control Manager | ID = 7024
Description = The McAfee McShield service terminated with service-specific error
%%5046.

Error - 1/11/2012 7:40:24 PM | Computer Name = Grayson-PC | Source = NetBT | ID = 4321
Description = The name "GRAYSON-PC :0" could not be registered on the interface
with IP address 192.168.2.13. The computer with the IP address 192.168.2.5 did not
allow the name to be claimed by this computer.

Error - 1/11/2012 7:40:52 PM | Computer Name = Grayson-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{1AC16A6F-D8FF-460F-82EC-774CDB4525B9}
because another computer on the network has the same name. The server could not
start.

Error - 1/11/2012 7:40:52 PM | Computer Name = Grayson-PC | Source = NetBT | ID = 4321
Description = The name "GRAYSON-PC :20" could not be registered on the interface
with IP address 192.168.2.13. The computer with the IP address 192.168.2.5 did not
allow the name to be claimed by this computer.

Error - 1/11/2012 7:41:40 PM | Computer Name = Grayson-PC | Source = DCOM | ID = 10016
Description =

Error - 1/11/2012 7:41:52 PM | Computer Name = Grayson-PC | Source = Service Control Manager | ID = 7024
Description = The McAfee McShield service terminated with service-specific error
%%5046.

Error - 1/13/2012 8:53:34 PM | Computer Name = Grayson-PC | Source = NetBT | ID = 4321
Description = The name "GRAYSON-PC :0" could not be registered on the interface
with IP address 192.168.2.13. The computer with the IP address 192.168.2.5 did not
allow the name to be claimed by this computer.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users